What is 'Taint Mode' in Semgrep?

Taint mode is an advanced analysis feature that tracks how untrusted data (sources) flows through your code to potentially dangerous functions (sinks), identifying vulnerabilities like injection attacks.

When should I choose Semgrep over CodeQL?

Choose Semgrep for fast scans, custom pattern matching, and enforcing coding standards. Use CodeQL when you need deep, interprocedural taint tracking across complex proprietary frameworks.

What is the primary benefit of using Semgrep with Claude Code?

Semgrep provides fast, pattern-based static analysis that allows Claude to quickly identify security vulnerabilities and code quality issues without the overhead of complex semantic analysis.

Does this skill support custom security rules?

Yes, it provides full support for writing and testing custom YAML-based rules, including the use of metavariables and complex pattern operators.

Can I use this for automated security in my CI/CD pipeline?

Absolutely. The skill includes documentation and patterns for integrating Semgrep into GitHub Actions to scan pull requests and main branches automatically.

Semgrep Static Analysis

Name: Semgrep Static Analysis
Author: fjor1025

byfjor1025

0•

セキュリティとテスト

Performs fast, pattern-based security scanning and static analysis to identify vulnerabilities and enforce coding standards.

The Semgrep Static Analysis skill empowers developers to conduct rapid security audits and bug detection directly within their workflow. By leveraging Semgrep's lightweight yet powerful engine, this skill can scan codebases in minutes, identify common vulnerability patterns like SQL injection or hardcoded secrets, and enforce custom coding standards. It supports a wide array of official rulesets such as OWASP Top 10 and CWE Top 25, while also providing advanced features like taint mode for tracking untrusted data flow. It is an ideal first-line defense for maintaining high-quality, secure code in both local development and automated CI/CD environments.

主な機能

01Seamless CI/CD integration patterns for automated GitHub Actions workflows

020 GitHub stars

03Rapid security scanning using extensive pre-defined rulesets (OWASP, CWE, Trail of Bits)

04Support for multiple output formats including SARIF and JSON for tool integration

05Advanced taint mode for tracking data flow from untrusted sources to dangerous sinks

06Custom YAML rule creation with metavariables and powerful pattern operators

ユースケース

01Scanning pull requests for security regressions and hardcoded credentials

02Enforcing domain-specific coding standards and best practices across large codebases

03Conducting automated security audits to find vulnerabilities before deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fjor1025/infosec-framework semgrep

For use in Claude.ai and ChatGPT

Download Skill