static-analysis-tools-skill

Solid

Integration with security-focused static analysis tools

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 94/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
65
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Static Analysis Tools Skill ## Overview This skill provides integration with security-focused static analysis tools for comprehensive code security analysis. ## Capabilities - Execute Semgrep rules and custom patterns - Run CodeQL queries for vulnerability detection - Execute Bandit (Python), Brakeman (Ruby), etc. - Parse and interpret static analysis results - Generate custom detection rules - Aggregate findings across tools - Map findings to CWE/CVE identifiers - Support SAST pipeline integration ## Target Processes - static-code-analysis.js - variant-analysis.js - web-app-vuln-research.js - api-security-research.js ## Dependencies - Semgrep CLI - CodeQL CLI and databases - Language-specific analyzers: - Bandit (Python) - Brakeman (Ruby) - gosec (Go) - SpotBugs (Java) - Python for result aggregation ## Usage Context This skill is essential for: - Security code review automation - Vulnerability pattern detection - Custom security rule development - CI/CD security gate integration - Variant analysis across codebases ## Integration Notes - Supports multiple output formats (SARIF, JSON, custom) - Can run incrementally on changed files - Integrates with IDE and CI/CD workflows - Custom rules can be version controlled - Results can be deduplicated and triaged

Details

Author
a5c-ai
Repository
a5c-ai/babysitter
Created
4 months ago
Last Updated
today
Language
JavaScript
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

sast-analyzer

Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools. Parse, prioritize, and deduplicate findings across multiple tools with remediation guidance.

1,160 Updated today
a5c-ai
AI & Automation Featured

security-scanning-security-sast

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

39,350 Updated today
sickn33
AI & Automation Solid

sast-configuration

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.

36,222 Updated today
wshobson
Testing & QA Listed

security-scanning-security-sast

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

335 Updated today
aiskillstore
AI & Automation Featured

sast-configuration

Static Application Security Testing (SAST) tool setup, configuration, and custom rule creation for comprehensive security scanning across multiple programming languages.

39,350 Updated today
sickn33