Does it help with reducing false positives?

Yes, it includes best practices for tuning rule sensitivity, creating allow lists, and documenting legitimate suppressions to improve scan accuracy.

Which SAST tools does this skill support?

This skill provides comprehensive configuration and guidance for Semgrep, SonarQube, and CodeQL.

How does this integrate with my existing CI/CD pipeline?

The skill provides templates and scripts for integrating security scans into GitHub Actions, GitLab CI, Jenkins, and pre-commit hooks.

Can I use this skill to create custom security rules?

Yes, it includes specialized patterns for creating custom Semgrep rules and CodeQL queries tailored to your specific application architecture.

SAST Security Configuration

Name: SAST Security Configuration
Author: wshobson

bywshobson

•

23,194

セキュリティとテスト

Configures and automates Static Application Security Testing (SAST) tools to detect and remediate vulnerabilities in application code.

概要

This skill enables Claude to set up and fine-tune industry-leading SAST tools including Semgrep, SonarQube, and CodeQL across various programming environments. It provides specialized guidance for creating custom security rules, integrating scanning into CI/CD pipelines, and establishing quality gates to enforce security standards. By optimizing scan performance and reducing false positives, this skill helps developers and security teams implement robust DevSecOps practices and maintain high code security standards without slowing down development cycles.

主な機能

CI/CD pipeline integration for automated security gates
Custom security rule development with pattern matching
Compliance-focused scanning for PCI-DSS and SOC 2
Optimization strategies to reduce false positives and scan time
23,194 GitHub stars
Automated configuration for Semgrep, SonarQube, and CodeQL

ユースケース

Establishing automated security gates within GitHub Actions or GitLab CI
Implementing security scanning for new or legacy codebases
Creating organization-specific security rules to prevent recurring vulnerabilities

概要

主な機能

CI/CD pipeline integration for automated security gates
Custom security rule development with pattern matching
Compliance-focused scanning for PCI-DSS and SOC 2
Optimization strategies to reduce false positives and scan time
23,194 GitHub stars
Automated configuration for Semgrep, SonarQube, and CodeQL

ユースケース

Establishing automated security gates within GitHub Actions or GitLab CI
Implementing security scanning for new or legacy codebases
Creating organization-specific security rules to prevent recurring vulnerabilities