code-analyze

📁 icartsh/icartsh_plugin 📅 Jan 23, 2026

总安装量

周安装量

#18062

全站排名

安装命令

npx skills add https://github.com/icartsh/icartsh_plugin --skill code-analyze

Agent 安装分布

opencode 13

claude-code 13

gemini-cli 12

codex 12

antigravity 9

github-copilot 8

Skill 文档

Code Analysis Skill (Entry Map)

Goal: ìì´ì í¸ê° íìí ë¶ì ì ì°¨ë¥¼ ì ííê² ì°¾ì ì ìëë¡ ê°ì´ëí©ëë¤.

Quick Start (íëë¥¼ ì ííì¸ì)

Static code analysis ì¤í â references/static-analysis.md
ë³´ì ì´ì ì¤ìº (Scan for security issues) â references/security-scan.md
ì¢ìì± ì·¨ì½ì ì²´í¬ (Check dependency vulnerabilities) â references/dependency-check.md

When to Use

ì½ë íì§ íì¤ ë° ëª¨ë² ì¬ë¡ ìí
ì ì¬ì ì¸ ë²ê·¸ ë° code smell íì§
ì½ë ë´ ë³´ì ì·¨ì½ì ìë³
ì·¨ì½í ì¢ìì±(Dependency) íì¸
ìëíë ì½ë ë¦¬ë·° ì¤í

ë¤ìì ìí ê²ì´ ìë: ë¹ë (dotnet-build), íì¤í¸ (dotnet-test), ëë í¬ë§·í (code-format)

Inputs & Outputs

Inputs: analysis_type (static/security/dependencies/all), project_path (default: ./dotnet/PigeonPea.sln), severity_filter (error/warning/suggestion)

Outputs: analysis_report (íì¼/ë¼ì¸ì´ í¬í¨ë ê²°ê³¼), exit_code (0=clean, 1=issues), metrics (ì¬ê°ëë³ ìë° ì¬í)

Guardrails: ë¶ìë§ ìííë©° ì½ëë¥¼ ì ë ìì íì§ ë§ììì¤. ëª¨ë ê²°ê³¼ë¥¼ ì»¨íì¤í¸ì í¨ê» ë³´ê³ íê³ ì¬ê°í ì´ì ë°ì ì ì¤í¨ë¡ ì²ë¦¬í©ëë¤.

Navigation

1. Static Code Analysis â references/static-analysis.md

Roslyn analyzers, StyleCop, ì½ë íì§ ê·ì¹, ëª¨ë² ì¬ë¡

2. Security Scanning â references/security-scan.md

Secret íì§ (gitleaks, detect-secrets), ë³´ì analyzers, ì·¨ì½ì í¨í´

3. Dependency Vulnerability Check â references/dependency-check.md

NuGet í¨í¤ì§ ì·¨ì½ì , ì¤ëë ì¢ìì±, CVE íì§

Common Patterns

Quick Analysis (ëª¨ë ì²´í¬ ìí)

cd ./dotnet
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=true
dotnet list package --vulnerable

Static Analysis ì ì©

cd ./dotnet
dotnet build PigeonPea.sln /p:RunAnalyzers=true /warnaserror

Security Scan (ì»¤ë° ì )

pre-commit run gitleaks --all-files
pre-commit run detect-secrets --all-files

Dependency Check

cd ./dotnet
dotnet list package --vulnerable --include-transitive
dotnet list package --outdated

Full Analysis Suite

# ì ì¥ì ë£¨í¸ìì ì¤í
.agent/skills/code-analyze/scripts/analyze.sh --all

í¹ì ì¬ê°ë(Severity)ë¥¼ í¬í¨í ë¶ì

cd ./dotnet
# ìë¬ ì ì©
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=false

# ê²½ê³ ë¥¼ ìë¬ë¡ ì²ë¦¬
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=true

Troubleshooting

Analyzerë¥¼ ì°¾ì ì ìì: Roslyn analyzersê° íì±íëì´ ìëì§ íì¸íììì¤. references/static-analysis.mdë¥¼ ì°¸ì¡°íì¸ì.

ê²½ê³ ê° ëë¬´ ë§ì: Severityë³ë¡ íí°ë§íê±°ë suppressionì ì¶ê°íììì¤. references/static-analysis.mdë¥¼ ì°¸ì¡°íì¸ì.

Secretì´ íì§ëì§ ìì: .gitleaksignore ë° .secrets.baselineì íì¸íììì¤. references/security-scan.mdë¥¼ ì°¸ì¡°íì¸ì.

Dependency scan ì¤í¨: ë¤í¸ìí¬ ë¬¸ì ëë í¨í¤ì§ ë³µì(Restore)ì´ íìí ì ììµëë¤. references/dependency-check.mdë¥¼ ì°¸ì¡°íì¸ì.

Success Indicators

Static Analysis:

Build succeeded.
    0 Warning(s)
    0 Error(s)

Security Scan:

gitleaks................Passed
detect-secrets...........Passed

Dependency Check:

No vulnerable packages found.

Integration

ì»¤ë° ì : ë³´ì ì¤ìº(gitleaks, detect-secrets) ì¤í ë¹ë í: ì ì ë¶ì(Roslyn, StyleCop) ì¤í ì ê¸° ì²´í¬: ì¢ìì± ì·¨ì½ì ì²´í¬ ì¤í

CI/CD Integration: ë¹ë íì´íë¼ì¸ì ëª¨ë ë¶ìì í¬í¨íê³ ì¬ê°í ì´ì ë°ì ì ì¤í¨ ì²ë¦¬

./dotnet/ARCHITECTURE.md – íë¡ì í¸ êµ¬ì¡°
.pre-commit-config.yaml – Pre-commit hooks
.editorconfig – ì½ë ì¤íì¼ ê·ì¹
dotnet-build – ë¹ë SKILL

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台