Which SAST tools does this skill support?

This skill provides specialized configuration and optimization guidance for Semgrep, SonarQube, and CodeQL.

Can I integrate these tools into my CI/CD pipeline?

Yes, it includes integration patterns and templates for GitHub Actions, GitLab CI, and Jenkins.

How does this skill handle false positives?

It provides best practices for tuning rule sensitivity, creating allow-lists, and documenting legitimate suppressions to minimize noise.

Does it support custom security rules?

Absolutely. It includes guidance on pattern matching and query development for creating custom rules specific to your tech stack.

Is it suitable for compliance auditing?

Yes, it helps configure scans specifically for compliance frameworks like PCI-DSS, SOC 2, and OWASP Top 10.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: pur3v4d3r

bypur3v4d3r

•

セキュリティとテスト

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection within development workflows.

The SAST Configuration skill provides comprehensive guidance for implementing and managing security scanning tools like Semgrep, SonarQube, and CodeQL. It enables developers to integrate automated security checks directly into CI/CD pipelines, develop custom security rules tailored to specific codebases, and establish quality gates for compliance frameworks like PCI-DSS and SOC 2. By focusing on both initial setup and advanced performance tuning, this skill helps teams reduce false positives and maintain a high security posture without sacrificing development velocity.

主な機能

01CI/CD pipeline integration for GitHub, GitLab, and Jenkins

02Custom security rule development and pattern matching

03False positive management and rule optimization strategies

04Automated setup for Semgrep, SonarQube, and CodeQL

05Compliance-focused scanning for OWASP and industry standards

061 GitHub stars

ユースケース

01Creating organization-specific security rules to prevent recurring bugs

02Establishing a security baseline for new or existing software projects

03Automating vulnerability detection within DevSecOps pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add pur3v4d3r/pur3-pkb-codebase sast-configuration

For use in Claude.ai and ChatGPT

Download Skill