static-analysis - Static Analysis

Skills / Security / static-analysis

static-analysis

Static Analysis

Community Security

GitHub Copy Install Command

Description

Code static analysis skill to identify security vulnerabilities, code smells, and quality issues

Use Cases

• Security vulnerability detection
• Code quality review
• Dependency security checks
• CI/CD integration checks
• Compliance verification

Core Capabilities

• Vulnerability Detection: SQL injection, XSS, etc.
• Code Standards: Best practice checks
• Dependency Analysis: Third-party library security
• Report Generation: Clear issue reports

Example

Please perform static security analysis on this code:

```javascript
const user = req.query.user;
const query = `SELECT * FROM users WHERE name = '${user}'`;
db.query(query);

Identify:

1. Security vulnerabilities
2. Severity level
3. Fix recommendations
4. Secure alternative implementation

## Notes

- Static analysis has limitations
- Combine with dynamic testing
- Focus on high-risk vulnerabilities first
- Update rule library regularly

Applicable Roles

Developer DevOps/IT

Tags

analysissecuritycode-qualityvulnerabilities

Install

git clone https://github.com/trailofbits/skills cp -r skills/static-analysis ~/.qoder/skills/

Information

Source

Community

Author

trailofbits

Category

Security

Date Added

January 15, 2026

Links

• GitHub Repository

Related Skills

building-secure-contracts Building Secure Smart Contracts

security-bluebook-builder Security Bluebook Builder

varlock Secure Environment Variables

Back to Skills