Codeql

This skill guides the setup and configuration of Static Application Security Testing (SAST) tools including Semgrep, SonarQube, and CodeQL. It helps developers integrate security scanning into CI/CD pipelines, create custom security rules, and establish quality gates for vulnerability detection across multiple programming languages.

CodeQL is a powerful static analysis framework that queries code as a database for security vulnerabilities and code patterns. This skill provides comprehensive documentation on creating CodeQL databases, writing custom queries, integrating with CI/CD pipelines, and using the framework for interprocedural control flow and data flow analysis across C/C++, Go, Java, JavaScript, Python, and other supported languages.

A variant analysis skill that helps security researchers find similar vulnerabilities across a codebase after discovering an initial bug. It provides a structured methodology for pattern-based searching, ready-to-use Semgrep rule templates for multiple languages (Python, JavaScript, Java, Go, C++), and documentation templates for tracking findings.