How does this skill help reduce false positives?

The skill includes best practices for rule tuning, path exclusion, and organization-specific allow-listing to ensure developers only see actionable security findings.

Which SAST tools does this skill support?

This skill provides comprehensive configuration guidance for leading industry tools including Semgrep, SonarQube, and GitHub's CodeQL.

Can I use this skill to create custom security rules?

Yes, it includes specialized guidance for creating pattern-based rules in Semgrep and complex query development in CodeQL for vulnerability variant analysis.

Does it support CI/CD integration?

Absolutely. It provides ready-to-use templates for GitHub Actions, pre-commit hooks, and general shell scripts for automated security gate enforcement.

SAST Security Configuration

Name: SAST Security Configuration
Author: HermeticOrmus

byHermeticOrmus

0•

セキュリティとテスト

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection in source code.

This skill enables developers and security engineers to implement robust DevSecOps practices by setting up and fine-tuning industry-standard SAST tools like Semgrep, SonarQube, and CodeQL. It provides comprehensive guidance for creating custom security rules tailored to specific codebases, establishing automated quality gates in CI/CD pipelines, and optimizing scan performance to reduce false positives, ensuring that security remains a core part of the development lifecycle without hindering velocity.

主な機能

01Custom security rule creation for 30+ programming languages

020 GitHub stars

03CI/CD pipeline integration for automated security gates

04Multi-tool setup for Semgrep, SonarQube, and CodeQL

05Vulnerability variant analysis and SARIF result processing

06Optimization strategies for high-performance scanning and low false positives

ユースケース

01Implementing a comprehensive security scanning baseline for new or existing repositories.

02Developing custom security rules to detect organization-specific architectural vulnerabilities.

03Integrating automated security checks into GitHub Actions, GitLab CI, or Jenkins workflows.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/hermetic-line sast-configuration

For use in Claude.ai and ChatGPT

Download Skill