| name | code-analyze |
| version | 0.1.0 |
| kind | cli |
| description | Run static analysis, security scans, and dependency checks on .NET code. Use when task involves code quality, security audits, or vulnerability detection. |
| inputs | {"analysis_type":["static","security","dependencies","all"],"project_path":"string","severity_filter":["error","warning","suggestion","all"]} |
| contracts | {"success":"Analysis completes with findings report; exit code 0","failure":"Non-zero exit code or tool execution errors"} |
Code Analysis Skill (Entry Map)
Goal: Guide agent to the exact analysis procedure needed.
Quick Start (Pick One)
- Run static code analysis โ
references/static-analysis.md
- Scan for security issues โ
references/security-scan.md
- Check dependency vulnerabilities โ
references/dependency-check.md
When to Use
- Enforce code quality standards and best practices
- Detect potential bugs and code smells
- Identify security vulnerabilities in code
- Check for vulnerable dependencies
- Run automated code reviews
NOT for: building (dotnet-build), testing (dotnet-test), or formatting (code-format)
Inputs & Outputs
Inputs: analysis_type (static/security/dependencies/all), project_path (default: ./dotnet/PigeonPea.sln), severity_filter (error/warning/suggestion)
Outputs: analysis_report (findings with file/line), exit_code (0=clean, 1=issues), metrics (violations by severity)
Guardrails: Analyze only, never modify code, report all findings with context, fail on critical issues
Navigation
1. Static Code Analysis โ references/static-analysis.md
- Roslyn analyzers, StyleCop, code quality rules, best practices
2. Security Scanning โ references/security-scan.md
- Secret detection (gitleaks, detect-secrets), security analyzers, vulnerability patterns
3. Dependency Vulnerability Check โ references/dependency-check.md
- NuGet package vulnerabilities, outdated dependencies, CVE detection
Common Patterns
Quick Analysis (All Checks)
cd ./dotnet
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=true
dotnet list package --vulnerable
Static Analysis Only
cd ./dotnet
dotnet build PigeonPea.sln /p:RunAnalyzers=true /warnaserror
Security Scan (Pre-commit)
pre-commit run gitleaks --all-files
pre-commit run detect-secrets --all-files
Dependency Check
cd ./dotnet
dotnet list package --vulnerable --include-transitive
dotnet list package --outdated
Full Analysis Suite
.agent/skills/code-analyze/scripts/analyze.sh --all
Analysis with Specific Severity
cd ./dotnet
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=false
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=true
Troubleshooting
No analyzers found: Verify Roslyn analyzers enabled. See references/static-analysis.md.
Too many warnings: Filter by severity or add suppressions. See references/static-analysis.md.
False positives: Use .editorconfig or suppressions. See references/static-analysis.md.
Secrets not detected: Check .gitleaksignore and .secrets.baseline. See references/security-scan.md.
Dependency scan fails: Network issues or package restore needed. See references/dependency-check.md.
Success Indicators
Static Analysis:
Build succeeded.
0 Warning(s)
0 Error(s)
Security Scan:
gitleaks................Passed
detect-secrets...........Passed
Dependency Check:
No vulnerable packages found.
Integration
Before commit: Run security scans (gitleaks, detect-secrets)
After build: Run static analysis (Roslyn, StyleCop)
Regular checks: Run dependency vulnerability checks
CI/CD Integration: Include all analysis in build pipeline, fail on critical issues
Related
