Which SAST tools does this skill support?

This skill provides comprehensive guidance and configuration templates for Semgrep, SonarQube, and CodeQL.

Does it provide CI/CD integration examples?

Absolutely. It includes ready-to-use patterns for GitHub Actions, GitLab CI, and Jenkins to automate security checks on every commit.

Can this skill help reduce false positives in security scans?

Yes, it includes specific strategies for rule tuning, path exclusions, and organizational policy optimization to improve scan accuracy.

Can I use this for compliance audits?

Yes, the skill covers scanning configurations for industry standards like OWASP Top 10, PCI-DSS, and SOC 2.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: Microck

byMicrock

•

108

•

Seguridad y Pruebas

Automates the setup and configuration of Static Application Security Testing (SAST) tools to detect and remediate vulnerabilities in application code.

This skill provides expert guidance for implementing comprehensive security scanning using industry-standard tools like Semgrep, SonarQube, and CodeQL. It assists developers in setting up automated vulnerability detection within CI/CD pipelines, creating custom security rules, and optimizing scan performance to reduce false positives. Whether you are establishing DevSecOps practices from scratch or performing a deep security audit, this skill helps ensure your application code adheres to high security standards and compliance requirements like PCI-DSS and SOC 2.

Características Principales

01Performance optimization and false positive management

02Quality gate configuration and policy enforcement

03108 GitHub stars

04Custom security rule development and pattern matching

05Automated CI/CD pipeline integration templates

06Multitool support for Semgrep, SonarQube, and CodeQL

Casos de Uso

01Automating vulnerability detection within GitHub Actions or GitLab CI

02Establishing a security baseline for new or existing software projects

03Developing custom security rules to prevent organization-specific code patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add microck/ordinary-claude-skills sast-configuration

For use in Claude.ai and ChatGPT

Download Skill