Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

codeql

Estrellas6

Forks1

Actualizado12 de febrero de 2026, 07:05

Run CodeQL static analysis for security vulnerability detection, taint tracking, and data flow analysis. Use when asked to scan code with CodeQL, write QL queries, perform deep interprocedural analysis, or integrate with GitHub Advanced Security.

Instalación

Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.

Ejecutar en Manus

Fuente

igbuend

igbuend/grimbard

Abrir repositorio de GitHub Ver repositorios del creador

Descarga

Ejecutar en Manus

Ocupaciones relacionadasSOC

Basado en la clasificación ocupacional SOC

Analistas de seguridad de la informaciónOcupaciones informáticas y matemáticas·SOC 15-1212

SKILL.md

readonly

Más de este repositorio

mismo repositorio

data-visualization

igbuend/grimbard

Data visualization and information design best practices. Use when creating charts, dashboards, graphs, or any visual representation of data.

2026-02-146

typography

igbuend/grimbard

Typography principles for print and screen. Use when selecting fonts, setting type, designing text layouts, or creating web typography.

2026-02-146

skill-reviewer

igbuend/grimbard

Reviews skills against Claude Code best practices. Use when auditing skill files for adherence to recommendations.

2026-02-146

amsmath

igbuend/grimbard

LaTeX amsmath/amssymb/mathtools packages for mathematical typesetting. Use when helping users write equations, align math, use mathematical symbols, matrices, theorems, or any advanced math formatting.

2026-02-126

biblatex

igbuend/grimbard

LaTeX biblatex/biber packages for modern bibliography management. Use when helping users cite references, manage .bib files, choose citation styles, or troubleshoot bibliography compilation.

2026-02-126

booktabs

igbuend/grimbard

LaTeX booktabs/tabularx/multirow/longtable packages for professional tables. Use when helping users create well-formatted tables, multi-page tables, or improve table appearance.

2026-02-126

name	codeql
description	Run CodeQL static analysis for security vulnerability detection, taint tracking, and data flow analysis. Use when asked to scan code with CodeQL, write QL queries, perform deep interprocedural analysis, or integrate with GitHub Advanced Security.
aliases	["code-ql","github-codeql"]
allowed-tools	["Bash","Read","Glob","Grep"]

Language	Database	Maturity
C/C++	`cpp`	Stable
C#	`csharp`	Stable
Go	`go`	Stable
Java/Kotlin	`java`	Stable
JavaScript/TypeScript	`javascript`	Stable
Python	`python`	Stable
Ruby	`ruby`	Stable
Swift	`swift`	Beta

Suite	Description
`<lang>-security-extended.qls`	Comprehensive security queries
`<lang>-security-and-quality.qls`	Security + code quality
`<lang>-code-scanning.qls`	GitHub code scanning default
`<lang>-lgtm-full.qls`	All available queries

Metadata	Description
`@name`	Human-readable query name
`@description`	Detailed description
`@kind`	Query type: `problem`, `path-problem`, `metric`
`@problem.severity`	`error`, `warning`, `recommendation`
`@security-severity`	CVSS score (0.0-10.0)
`@precision`	`very-high`, `high`, `medium`, `low`
`@id`	Unique identifier (e.g., `py/sql-injection`)
`@tags`	Categories: `security`, `correctness`, `maintainability`

Feature	DataFlow	TaintTracking
Tracks	Exact values	Derived values
Use case	Value equality	Security flows
Example	"Is this exact password used?"	"Does user input reach SQL?"
Sanitizers	Not applicable	Supported

Command	Purpose
`codeql database create`	Create analysis database
`codeql database analyze`	Run queries against database
`codeql database upgrade`	Upgrade database schema
`codeql database bundle`	Package database for sharing
`codeql query compile`	Compile QL query
`codeql query run`	Run query directly
`codeql pack download`	Install query packs
`codeql pack ls`	List installed packs
`codeql pack init`	Create custom pack

Shortcut	Why It's Wrong
"CodeQL found nothing, code is secure"	CodeQL queries cover known patterns; novel vulnerabilities need custom queries
"Too slow for CI"	Use caching, incremental analysis, or run on schedule instead of every PR
"QL is too hard"	Start with built-in queries; custom queries can wait
"GitHub-only tool"	CLI works anywhere; GitHub integration is optional
"Semgrep covers the same"	CodeQL excels at deep interprocedural analysis Semgrep can't do

codeql

Más de este repositorio

Más de este repositorio

CodeQL Static Analysis

When to Use CodeQL

When NOT to Use

Supported Languages

Installation

GitHub CLI (Recommended)

Direct Download

Clone Standard Queries

VS Code Extension

Core Workflow

1. Create Database

2. Run Analysis

3. Query Suites

Output Formats

Writing Custom Queries

Basic Query Structure

Query Metadata

Data Flow vs Taint Tracking

GitHub Actions Integration

Basic Workflow

Custom Queries in CI

CodeQL Config File

CLI Quick Reference

Common Use Cases

1. Full Security Audit

2. Variant Analysis

3. Multi-Language Analysis

Performance Optimization

Troubleshooting

Common Issues

Validation

Limitations

Rationalizations to Reject

References

CodeQL Static Analysis

When to Use CodeQL

When NOT to Use

Supported Languages

Installation

GitHub CLI (Recommended)

Direct Download

Clone Standard Queries

VS Code Extension

Core Workflow

1. Create Database

2. Run Analysis

3. Query Suites

Output Formats

Writing Custom Queries

Basic Query Structure

Query Metadata

Data Flow vs Taint Tracking

GitHub Actions Integration

Basic Workflow

Custom Queries in CI

CodeQL Config File

CLI Quick Reference

Common Use Cases

1. Full Security Audit

2. Variant Analysis

3. Multi-Language Analysis

Performance Optimization

Troubleshooting

Common Issues

Validation

Limitations

Rationalizations to Reject

References