🔒Security
3,360
837

semgrep

Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.

#static-analysis#security-audit#semgrep#code
Share
Quick Install
>_npx skills add trailofbits/skills
Documentation
Loading documentation...
Author

trailofbits

@trailofbits

View on GitHub
Repository
Repositorytrailofbits/skills
Stars3,360
Last UpdatedMar 6, 2026
Related Skills
6,168
26

authentication-setup

Setup and manage authentication and authorization systems including JWT, OAuth, and role-based access control.

supercent-io
supercent-io/skills-template
6,013
23,974

azure-role-selector

Helps users select appropriate Azure roles based on required permissions with least privilege access.

github
github/awesome-copilot
5,028
26

security-best-practices

Implement security best practices for web apps and infrastructure, covering HTTPS, CORS, XSS, SQL injection, CSRF, rate limiting, and OWASP

supercent-io
supercent-io/skills-template
3,994
30,440

security-requirement-extraction

Extract security requirements from threat models and business context for actionable security measures.

wshobson
wshobson/agents
2,915
30,440

auth-implementation-patterns

Implement authentication and authorization patterns like JWT, OAuth2, session management, and RBAC for secure API access.

wshobson
wshobson/agents