semgrep
trailofbits · Development
该技能封装了用于查找漏洞和执行代码规范的静态分析工具Semgrep。文档涵盖了安装、规则编写、数据流污点分析以及CI/CD集成。它明确说明了何时使用Semgrep而非CodeQL等替代工具,并提供了常见安全扫描任务的实用示例。
Run Semgrep static analysis for fast security scanning and pattern matching. Use when asked to scan code with Semgrep, write custom YAML rules, find vulnerabilities quickly, use taint mode, or set up Semgrep in CI/CD pipelines.
npx skills add https://github.com/trailofbits/skills --skill semgrep
星标 5680 · 安装量 4908