trailofbits-codeql
Trail of Bits security skill to run and author CodeQL static-analysis queries for vulnerability hunting.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for trailofbits-codeql, derived from its capabilities.
AIVSS 8.1 ยท High
View MAESTRO 7-layer threat model โOverview
Security skill from Trail of Bits that guides running CodeQL and writing custom queries to find vulnerabilities via static analysis. Bundled reference and tooling; executes CodeQL against target codebases as its script surface. Part of the building-secure-contracts/static-analysis plugin.
Key features
- CodeQL query authoring
- Static-analysis vulnerability hunting
- Query execution guidance
Use cases
- Security audits
- Variant/vulnerability discovery