How does it help with false positives?

It provides strategies for rule tuning, path exclusion, and creating organization-specific exceptions to improve scan accuracy and developer experience.

Which SAST tools does this skill support?

This skill provides specialized configuration guidance for Semgrep, SonarQube, and CodeQL, covering setup, rule creation, and optimization.

Is it suitable for multi-language projects?

Absolutely; it covers language-specific rules and configurations for Python, JavaScript, Go, Java, and over 25 other programming languages.

Can I use this for CI/CD integration?

Yes, it includes templates and patterns for integrating security scans into GitHub Actions, GitLab CI, Jenkins, and pre-commit hooks.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: Activer007

byActiver007

セキュリティとテスト

Automates the setup and management of Static Application Security Testing (SAST) tools to detect and remediate vulnerabilities in application codebases.

概要

This skill provides a comprehensive framework for implementing and optimizing Static Application Security Testing (SAST) within modern development workflows. It offers expert guidance on configuring leading tools like Semgrep, SonarQube, and CodeQL, enabling teams to automate vulnerability detection, develop custom security rules, and enforce strict compliance policies. By integrating these specialized security scans into CI/CD pipelines, the skill helps developers maintain a robust security posture, minimize false positives, and ensure defense-in-depth across diverse programming languages and complex architectures.

主な機能

Automated configuration for Semgrep, SonarQube, and CodeQL
Quality gate setup and organizational compliance enforcement
Performance optimization strategies for large-scale codebase scanning
CI/CD pipeline integration for GitHub Actions, GitLab, and Jenkins
Custom security rule creation with advanced pattern matching
0 GitHub stars

ユースケース

Reducing security technical debt through baseline scans and remediation roadmaps
Creating custom security rules to enforce organization-specific coding standards
Establishing automated security scanning for a new DevSecOps pipeline

概要

主な機能

Automated configuration for Semgrep, SonarQube, and CodeQL
Quality gate setup and organizational compliance enforcement
Performance optimization strategies for large-scale codebase scanning
CI/CD pipeline integration for GitHub Actions, GitLab, and Jenkins
Custom security rule creation with advanced pattern matching
0 GitHub stars

ユースケース

Reducing security technical debt through baseline scans and remediation roadmaps
Creating custom security rules to enforce organization-specific coding standards
Establishing automated security scanning for a new DevSecOps pipeline