code-analyze
npx skills add https://github.com/giantcroissant-lunar/lunar-snake-hub --skill code-analyze
Agent 安装分布
Skill 文档
Code Analysis Skill (Entry Map)
Goal: Guide agent to the exact analysis procedure needed.
Quick Start (Pick One)
- Run static code analysis â
references/static-analysis.md - Scan for security issues â
references/security-scan.md - Check dependency vulnerabilities â
references/dependency-check.md
When to Use
- Enforce code quality standards and best practices
- Detect potential bugs and code smells
- Identify security vulnerabilities in code
- Check for vulnerable dependencies
- Run automated code reviews
NOT for: building (dotnet-build), testing (dotnet-test), or formatting (code-format)
Inputs & Outputs
Inputs: analysis_type (static/security/dependencies/all), project_path (default: ./dotnet/PigeonPea.sln), severity_filter (error/warning/suggestion)
Outputs: analysis_report (findings with file/line), exit_code (0=clean, 1=issues), metrics (violations by severity)
Guardrails: Analyze only, never modify code, report all findings with context, fail on critical issues
Navigation
1. Static Code Analysis â references/static-analysis.md
- Roslyn analyzers, StyleCop, code quality rules, best practices
2. Security Scanning â references/security-scan.md
- Secret detection (gitleaks, detect-secrets), security analyzers, vulnerability patterns
3. Dependency Vulnerability Check â references/dependency-check.md
- NuGet package vulnerabilities, outdated dependencies, CVE detection
Common Patterns
Quick Analysis (All Checks)
cd ./dotnet
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=true
dotnet list package --vulnerable
Static Analysis Only
cd ./dotnet
dotnet build PigeonPea.sln /p:RunAnalyzers=true /warnaserror
Security Scan (Pre-commit)
pre-commit run gitleaks --all-files
pre-commit run detect-secrets --all-files
Dependency Check
cd ./dotnet
dotnet list package --vulnerable --include-transitive
dotnet list package --outdated
Full Analysis Suite
# Run from repository root
.agent/skills/code-analyze/scripts/analyze.sh --all
Analysis with Specific Severity
cd ./dotnet
# Errors only
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=false
# Warnings as errors
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=true
Troubleshooting
No analyzers found: Verify Roslyn analyzers enabled. See references/static-analysis.md.
Too many warnings: Filter by severity or add suppressions. See references/static-analysis.md.
False positives: Use .editorconfig or suppressions. See references/static-analysis.md.
Secrets not detected: Check .gitleaksignore and .secrets.baseline. See references/security-scan.md.
Dependency scan fails: Network issues or package restore needed. See references/dependency-check.md.
Success Indicators
Static Analysis:
Build succeeded.
0 Warning(s)
0 Error(s)
Security Scan:
gitleaks................Passed
detect-secrets...........Passed
Dependency Check:
No vulnerable packages found.
Integration
Before commit: Run security scans (gitleaks, detect-secrets) After build: Run static analysis (Roslyn, StyleCop) Regular checks: Run dependency vulnerability checks
CI/CD Integration: Include all analysis in build pipeline, fail on critical issues
Related
./dotnet/ARCHITECTURE.md– Project structure.pre-commit-config.yaml– Pre-commit hooks.editorconfig– Code style rulesdotnet-build– Build skill