Claude Code Plugins

Community-maintained marketplace

Feedback

code-analyze

@GiantCroissant-Lunar/pigeon-pea
0
0

Run static analysis, security scans, and dependency checks on .NET code. Use when task involves code quality, security audits, or vulnerability detection.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name code-analyze
version 0.1.0
kind cli
description Run static analysis, security scans, and dependency checks on .NET code. Use when task involves code quality, security audits, or vulnerability detection.
inputs [object Object]
contracts [object Object]

Code Analysis Skill (Entry Map)

Goal: Guide agent to the exact analysis procedure needed.

Quick Start (Pick One)

  • Run static code analysisreferences/static-analysis.md
  • Scan for security issuesreferences/security-scan.md
  • Check dependency vulnerabilitiesreferences/dependency-check.md

When to Use

  • Enforce code quality standards and best practices
  • Detect potential bugs and code smells
  • Identify security vulnerabilities in code
  • Check for vulnerable dependencies
  • Run automated code reviews

NOT for: building (dotnet-build), testing (dotnet-test), or formatting (code-format)

Inputs & Outputs

Inputs: analysis_type (static/security/dependencies/all), project_path (default: ./dotnet/PigeonPea.sln), severity_filter (error/warning/suggestion)

Outputs: analysis_report (findings with file/line), exit_code (0=clean, 1=issues), metrics (violations by severity)

Guardrails: Analyze only, never modify code, report all findings with context, fail on critical issues

Navigation

1. Static Code Analysis`references/static-analysis.md`

  • Roslyn analyzers, StyleCop, code quality rules, best practices

2. Security Scanning`references/security-scan.md`

  • Secret detection (gitleaks, detect-secrets), security analyzers, vulnerability patterns

3. Dependency Vulnerability Check`references/dependency-check.md`

  • NuGet package vulnerabilities, outdated dependencies, CVE detection

Common Patterns

Quick Analysis (All Checks)

cd ./dotnet
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=true
dotnet list package --vulnerable

Static Analysis Only

cd ./dotnet
dotnet build PigeonPea.sln /p:RunAnalyzers=true /warnaserror

Security Scan (Pre-commit)

pre-commit run gitleaks --all-files
pre-commit run detect-secrets --all-files

Dependency Check

cd ./dotnet
dotnet list package --vulnerable --include-transitive
dotnet list package --outdated

Full Analysis Suite

# Run from repository root
.agent/skills/code-analyze/scripts/analyze.sh --all

Analysis with Specific Severity

cd ./dotnet
# Errors only
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=false

# Warnings as errors
dotnet build PigeonPea.sln /p:TreatWarningsAsErrors=true

Troubleshooting

No analyzers found: Verify Roslyn analyzers enabled. See references/static-analysis.md.

Too many warnings: Filter by severity or add suppressions. See references/static-analysis.md.

False positives: Use .editorconfig or suppressions. See references/static-analysis.md.

Secrets not detected: Check .gitleaksignore and .secrets.baseline. See references/security-scan.md.

Dependency scan fails: Network issues or package restore needed. See references/dependency-check.md.

Success Indicators

Static Analysis:

Build succeeded.
    0 Warning(s)
    0 Error(s)

Security Scan:

gitleaks................Passed
detect-secrets...........Passed

Dependency Check:

No vulnerable packages found.

Integration

Before commit: Run security scans (gitleaks, detect-secrets) After build: Run static analysis (Roslyn, StyleCop) Regular checks: Run dependency vulnerability checks

CI/CD Integration: Include all analysis in build pipeline, fail on critical issues

Related