How does this help with CI/CD integration?

It provides ready-to-use YAML examples and execution scripts for integrating security scans into GitHub Actions, GitLab CI, and other popular CI/CD platforms.

Can I use this to create custom security rules?

Yes, it includes specific patterns and templates for developing custom rules to detect unique vulnerabilities and enforce organizational coding policies.

Does it help reduce false positives in security scans?

Yes, the skill offers best practices for tuning rule sensitivity, using path filters, and managing suppressions to significantly improve scan accuracy and reduce noise.

Is this suitable for compliance auditing?

Absolutely; it includes configurations tailored for industry standards like PCI-DSS and OWASP Top 10 to help teams maintain high security and compliance bars.

Which SAST tools are supported by this skill?

The skill provides detailed configuration guidance for Semgrep, SonarQube, and CodeQL, covering a wide range of programming languages and development environments.

SAST Security Scanning

Name: SAST Security Scanning
Author: HermeticOrmus

byHermeticOrmus

0•

Seguridad y Pruebas

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection within the development lifecycle.

This skill provides specialized guidance for implementing comprehensive Static Application Security Testing (SAST) workflows using industry-standard tools like Semgrep, SonarQube, and CodeQL. It enables developers to automate vulnerability detection, establish security baselines, and enforce compliance policies directly within CI/CD pipelines. By offering pre-configured templates, custom rule-writing patterns, and performance optimization strategies, it helps teams transition to a robust DevSecOps model while reducing false positives and ensuring critical security flaws are caught early in the development process.

Características Principales

01Compliance policy enforcement for PCI-DSS, SOC 2, and OWASP

02False positive tuning and scan performance optimization

03Multi-tool configuration for Semgrep, SonarQube, and CodeQL

04Custom security rule development and pattern matching

05CI/CD pipeline integration for automated security gates

060 GitHub stars

Casos de Uso

01Automating security scanning for new and existing codebases

02Integrating security quality gates into GitHub Actions or GitLab CI/CD

03Creating custom security rules to detect organization-specific vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/floreserlife sast-configuration

For use in Claude.ai and ChatGPT

Download Skill