OpenCode Skills.
← Catalog

No. 019 · code-quality

Static Analysis

CodeQL, Semgrep, and SARIF toolkit

Version 1.0.0 License MIT Format SKILL.md

Run static analysis with CodeQL and Semgrep, interpret SARIF output, and integrate results into CI. Use when finding vulnerabilities, enforcing code patterns, or auditing a codebase.

When to use this skill

  • Running static analysis on a codebase
  • Writing CodeQL queries
  • Interpreting SARIF results

Core concepts

This skill provides guidance on static analysis best practices, patterns, and common pitfalls. It is designed to be loaded on demand when a relevant task is detected.

Installation

curl -LO https://opencode-skills.example/downloads/code-quality/static-analysis.zip
unzip static-analysis.zip -d ~/.config/opencode/skills/

Restart OpenCode — the skill loads automatically.

When it triggers

  • running static analysis on a codebase
  • writing CodeQL queries
  • interpreting SARIF results