تشغيل أي مهارة في Manus بنقرة واحدة

codeql

النجوم٦

التفرعات١

آخر تحديث١٢ فبراير ٢٠٢٦ في ٠٧:٠٥

Run CodeQL static analysis for security vulnerability detection, taint tracking, and data flow analysis. Use when asked to scan code with CodeQL, write QL queries, perform deep interprocedural analysis, or integrate with GitHub Advanced Security.

التثبيت

التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.

تشغيل في Manus

المصدر

igbuend

igbuend/grimbard

فتح مستودع GitHub عرض مستودعات المنشئ

تنزيل

تشغيل في Manus

المهن ذات الصلةSOC

استنادا إلى تصنيف SOC المهني

محللو أمن المعلوماتمهن الحاسوب والرياضيات·SOC 15-1212

SKILL.md

readonly

المزيد من هذا المستودع

نفس المستودع

data-visualization

igbuend/grimbard

Data visualization and information design best practices. Use when creating charts, dashboards, graphs, or any visual representation of data.

2026-02-146

typography

igbuend/grimbard

Typography principles for print and screen. Use when selecting fonts, setting type, designing text layouts, or creating web typography.

2026-02-146

skill-reviewer

igbuend/grimbard

Reviews skills against Claude Code best practices. Use when auditing skill files for adherence to recommendations.

2026-02-146

amsmath

igbuend/grimbard

LaTeX amsmath/amssymb/mathtools packages for mathematical typesetting. Use when helping users write equations, align math, use mathematical symbols, matrices, theorems, or any advanced math formatting.

2026-02-126

biblatex

igbuend/grimbard

LaTeX biblatex/biber packages for modern bibliography management. Use when helping users cite references, manage .bib files, choose citation styles, or troubleshoot bibliography compilation.

2026-02-126

booktabs

igbuend/grimbard

LaTeX booktabs/tabularx/multirow/longtable packages for professional tables. Use when helping users create well-formatted tables, multi-page tables, or improve table appearance.

2026-02-126

name	codeql
description	Run CodeQL static analysis for security vulnerability detection, taint tracking, and data flow analysis. Use when asked to scan code with CodeQL, write QL queries, perform deep interprocedural analysis, or integrate with GitHub Advanced Security.
aliases	["code-ql","github-codeql"]
allowed-tools	["Bash","Read","Glob","Grep"]

Language	Database	Maturity
C/C++	`cpp`	Stable
C#	`csharp`	Stable
Go	`go`	Stable
Java/Kotlin	`java`	Stable
JavaScript/TypeScript	`javascript`	Stable
Python	`python`	Stable
Ruby	`ruby`	Stable
Swift	`swift`	Beta

Suite	Description
`<lang>-security-extended.qls`	Comprehensive security queries
`<lang>-security-and-quality.qls`	Security + code quality
`<lang>-code-scanning.qls`	GitHub code scanning default
`<lang>-lgtm-full.qls`	All available queries

Metadata	Description
`@name`	Human-readable query name
`@description`	Detailed description
`@kind`	Query type: `problem`, `path-problem`, `metric`
`@problem.severity`	`error`, `warning`, `recommendation`
`@security-severity`	CVSS score (0.0-10.0)
`@precision`	`very-high`, `high`, `medium`, `low`
`@id`	Unique identifier (e.g., `py/sql-injection`)
`@tags`	Categories: `security`, `correctness`, `maintainability`

Feature	DataFlow	TaintTracking
Tracks	Exact values	Derived values
Use case	Value equality	Security flows
Example	"Is this exact password used?"	"Does user input reach SQL?"
Sanitizers	Not applicable	Supported

Command	Purpose
`codeql database create`	Create analysis database
`codeql database analyze`	Run queries against database
`codeql database upgrade`	Upgrade database schema
`codeql database bundle`	Package database for sharing
`codeql query compile`	Compile QL query
`codeql query run`	Run query directly
`codeql pack download`	Install query packs
`codeql pack ls`	List installed packs
`codeql pack init`	Create custom pack

Shortcut	Why It's Wrong
"CodeQL found nothing, code is secure"	CodeQL queries cover known patterns; novel vulnerabilities need custom queries
"Too slow for CI"	Use caching, incremental analysis, or run on schedule instead of every PR
"QL is too hard"	Start with built-in queries; custom queries can wait
"GitHub-only tool"	CLI works anywhere; GitHub integration is optional
"Semgrep covers the same"	CodeQL excels at deep interprocedural analysis Semgrep can't do

codeql

المزيد من هذا المستودع

المزيد من هذا المستودع

CodeQL Static Analysis

When to Use CodeQL

When NOT to Use

Supported Languages

Installation

GitHub CLI (Recommended)

Direct Download

Clone Standard Queries

VS Code Extension

Core Workflow

1. Create Database

2. Run Analysis

3. Query Suites

Output Formats

Writing Custom Queries

Basic Query Structure

Query Metadata

Data Flow vs Taint Tracking

GitHub Actions Integration

Basic Workflow

Custom Queries in CI

CodeQL Config File

CLI Quick Reference

Common Use Cases

1. Full Security Audit

2. Variant Analysis

3. Multi-Language Analysis

Performance Optimization

Troubleshooting

Common Issues

Validation

Limitations

Rationalizations to Reject

References

CodeQL Static Analysis

When to Use CodeQL

When NOT to Use

Supported Languages

Installation

GitHub CLI (Recommended)

Direct Download

Clone Standard Queries

VS Code Extension

Core Workflow

1. Create Database

2. Run Analysis

3. Query Suites

Output Formats

Writing Custom Queries

Basic Query Structure

Query Metadata

Data Flow vs Taint Tracking

GitHub Actions Integration

Basic Workflow

Custom Queries in CI

CodeQL Config File

CLI Quick Reference

Common Use Cases

1. Full Security Audit

2. Variant Analysis

3. Multi-Language Analysis

Performance Optimization

Troubleshooting

Common Issues

Validation

Limitations

Rationalizations to Reject

References