Does this skill modify my source code?

No, the skill is designed to analyze and report findings only; it adheres to a strict guardrail of never modifying your code.

Can I filter results by severity?

Yes, you can specify a severity filter of error, warning, or suggestion to focus on the most critical issues first.

What types of analysis does this skill perform?

It performs static code analysis for code quality, security scans for secrets detection, and dependency vulnerability checks specifically for .NET projects.

Which tools are used for the analysis?

The skill leverages standard .NET tools including dotnet build with Roslyn analyzers, StyleCop for styling, and Gitleaks or detect-secrets for security scanning.

.NET Code Security & Quality Analyzer

Name: .NET Code Security & Quality Analyzer
Author: icartsh

byicartsh

0•

Security & Testing

Performs automated static analysis, security audits, and dependency vulnerability scans for .NET projects.

The Code Analysis Skill is a comprehensive diagnostic suite designed for .NET developers to maintain high code standards and robust security postures. It automates the detection of code smells, potential bugs, and security vulnerabilities using industry-standard tools like Roslyn analyzers, StyleCop, and Gitleaks. By integrating dependency checks for NuGet packages and secret detection, it ensures that your .NET applications are not only well-written but also secure from common threats and supply chain vulnerabilities, providing actionable reports with file and line-level precision.

Key Features

01Automated static code analysis using Roslyn and StyleCop rules

02Comprehensive NuGet dependency vulnerability and outdated package checks

030 GitHub stars

04Configurable severity filtering for tailored reporting

05Detailed findings reports with specific file and line-level context

06Deep security scanning for secrets and credentials in source code

Use Cases

01Identifying and fixing security vulnerabilities before code commits

02Enforcing consistent code quality and best practices across .NET teams

03Scanning project dependencies for known CVEs and outdated libraries

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add icartsh/icartsh_plugin code-analyze

For use in Claude.ai and ChatGPT

Download Skill