How are the scan results presented?

Results are provided in a structured format (JSON or standard output) that identifies the file, line number, severity level, specific CWE/OWASP category, and a recommended fix.

Do I need Semgrep installed to use this skill?

Yes, SAST Runner acts as a wrapper for Semgrep. You must have Semgrep installed on your system via pip, Homebrew, or Docker for the skill to function.

Can I target specific security standards like OWASP?

Yes, you can use the --config flag to select specific rulesets such as 'owasp-top-ten', 'cwe-top-25', or 'security-audit' for targeted testing.

What kind of vulnerabilities can this skill detect?

The tool detects common security flaws including SQL Injection, Cross-site Scripting (XSS), OS Command Injection, Path Traversal, and exposure of sensitive information.

What programming languages does the SAST Runner support?

It supports a wide variety of languages including JavaScript, TypeScript, Python, Go, Java, Ruby, PHP, C, C++, Rust, Kotlin, and Swift.

SAST Security Runner

Name: SAST Security Runner
Author: naporin0624

bynaporin0624

•

セキュリティとテスト

Automates static application security testing using Semgrep to identify vulnerabilities, security anti-patterns, and OWASP Top 10 issues.

概要

SAST Runner is a specialized security tool that integrates the power of Semgrep into the Claude Code environment, enabling developers to perform comprehensive static analysis on their source code. It scans for a wide range of security risks, including OWASP Top 10 vulnerabilities and CWE Top 25 threats, across dozens of programming languages. This skill is essential for maintaining code integrity, identifying injection flaws, and ensuring compliance with modern security standards throughout the development lifecycle, providing actionable feedback and remediation guidance directly within the terminal.

主な機能

2 GitHub stars
Support for 15+ languages including JavaScript, Python, Go, and Java
Customizable scan configurations for tailored security audits
Detailed JSON output with line-specific findings and fix suggestions
Pre-configured rulesets for OWASP Top 10 and CWE Top 25
Automated vulnerability scanning powered by Semgrep

ユースケース

Auditing legacy projects for security anti-patterns and sensitive information exposure
Automating security compliance checks against standard industry frameworks
Scanning a new codebase for SQL injection and XSS vulnerabilities before deployment

概要

主な機能

2 GitHub stars
Support for 15+ languages including JavaScript, Python, Go, and Java
Customizable scan configurations for tailored security audits
Detailed JSON output with line-specific findings and fix suggestions
Pre-configured rulesets for OWASP Top 10 and CWE Top 25
Automated vulnerability scanning powered by Semgrep

ユースケース

Auditing legacy projects for security anti-patterns and sensitive information exposure
Automating security compliance checks against standard industry frameworks
Scanning a new codebase for SQL injection and XSS vulnerabilities before deployment