Skill UI

An expert AI specialist that integrates advanced static analysis (e.g., CodeQL, SonarQube) with modern DevOps practices. It performs multi-layered code reviews, checking for security vulnerabilities, performance bottlenecks, architectural flaws, and adherence to best practices across various languages. Ideal for CI/CD pipelines and pull request validation.

Automates CodeQL database builds, suite selection, and taint-aware scans to surface security and quality issues across supported languages, handling output directories, SARIF results, and extensions in one workflow.

Automates Oracle NetSuite ERP operations—creating customers and sales orders, running SuiteQL, upserting by external IDs, and inspecting record metadata—to streamline financial and fulfillment workflows through the Rube MCP toolkit.

A comprehensive specialist that combines automated static analysis (SonarQube, CodeQL, Semgrep) with advanced AI capabilities. This tool performs multi-layered code reviews assessing security vulnerabilities, performance bottlenecks, architectural coherence, and maintainability across various programming languages, integrating seamlessly into CI/CD pipelines.

Parses SARIF files from scanners like CodeQL or Semgrep, offering filtering, deduplication, format conversion, and CI/CD integration without running scans itself.

Provides comprehensive guidance for setting up and configuring Static Application Security Testing (SAST) tools, including Semgrep, SonarQube, and CodeQL. Learn how to integrate security scanning into CI/CD pipelines, define custom security rules, enforce quality gates, and manage compliance policies to proactively identify and remediate code vulnerabilities across multiple programming languages.

Performs pattern-driven searches for similar vulnerabilities across repositories after a known issue is found, guiding analysts through precise generalization, triage, and tool choices (ripgrep, Semgrep, CodeQL) to audit and prioritize true positives.

A systematic skill for identifying similar vulnerabilities and bugs across large, complex codebases. It guides the user through generalizing initial bug patterns using techniques like CodeQL and Semgrep, ensuring comprehensive security audits beyond the initially discovered flaw. Ideal for advanced security research and robust code auditing.

Implements GitHub Advanced Security with CodeQL to provide automated static analysis, secret detection, dependency review, and push protection across repositories, enabling enterprise-scale vulnerability monitoring and compliance-aligned controls.

Integrates CodeQL and Semgrep into GitHub Actions pipelines to automate SAST scans on pull requests and pushes, upload SARIF reports, tune rules, and block merges when high-severity vulnerabilities appear.

Performs proactive threat hunting inside Elastic Security SIEM by crafting KQL/EQL hunting queries, translating findings into detection rules, and using Timelines to investigate anomalies that evade automated alerts.

This comprehensive guide provides detailed procedural steps for configuring and executing CodeQL code scanning. It covers both implementing automated workflows using GitHub Actions (`codeql.yml`) and running scans via the CodeQL CLI. Users will learn how to manage language matrices, set build modes, interpret SARIF outputs, handle monorepo structures, and troubleshoot complex security analysis setups across multiple languages (e.g., Python, Java, C++).