How does this skill improve CI/CD pipelines?

It provides ready-to-use integration patterns for tools like GitHub Actions and Jenkins, allowing you to automate security gates and block builds based on critical findings.

What SAST tools does this skill support?

This skill provides detailed configuration guidance for popular tools including Semgrep, SonarQube, and CodeQL, covering various programming languages and CI/CD environments.

Can I use this skill to create custom security rules?

Yes, it includes specific patterns and templates for creating custom rules to detect domain-specific vulnerabilities and enforce organizational coding standards.

Does it help with managing false positives?

Yes, the skill includes best practices for tuning rule sensitivity, excluding non-production files, and managing legitimate suppressions to improve scan accuracy.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: drgaciw

bydrgaciw

セキュリティとテスト

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection within the development lifecycle.

概要

This skill provides comprehensive guidance for implementing SAST tools like Semgrep, SonarQube, and CodeQL to identify security vulnerabilities early in the coding process. It enables developers and security engineers to create custom security rules, establish quality gates, and integrate automated scanning into CI/CD pipelines. By providing domain-specific implementation patterns, it helps reduce false positives and ensures robust application security and compliance across various programming languages and frameworks.

主な機能

CI/CD pipeline integration for DevSecOps workflows
0 GitHub stars
Performance tuning to reduce false positives
Custom security rule creation and pattern matching
Quality gate and compliance policy configuration
Automated setup for Semgrep, SonarQube, and CodeQL

ユースケース

Setting up automated security scanning for a new project
Integrating security checks into GitHub Actions or GitLab CI
Creating custom security rules to enforce organizational standards

概要

主な機能

CI/CD pipeline integration for DevSecOps workflows
0 GitHub stars
Performance tuning to reduce false positives
Custom security rule creation and pattern matching
Quality gate and compliance policy configuration
Automated setup for Semgrep, SonarQube, and CodeQL

ユースケース

Setting up automated security scanning for a new project
Integrating security checks into GitHub Actions or GitLab CI
Creating custom security rules to enforce organizational standards