by trailofbits
coverage-analysis helps you measure code exercised during fuzzing, spot blockers like magic value checks, and compare harness changes. Use this coverage-analysis skill for Security Audit workflows when you need clear coverage-analysis usage, install guidance, and repeatable coverage-analysis guide decisions.
by trailofbits
Semgrep skill for static analysis on codebases with automatic language detection, parallel workers, merged SARIF output, and plan-first approval. Built for semgrep for Security Audit workflows, it supports run all and important only modes, uses --metrics=off, and can leverage Semgrep Pro when available.
by trailofbits
The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.
by trailofbits
variant-analysis helps you find similar vulnerabilities and bugs across a codebase after one issue is confirmed. Use it to build CodeQL or Semgrep queries, follow a root-cause-first workflow, and run a focused variant-analysis guide for Security Audit work. It is best for post-discovery searches, not broad initial review.
