Where are the AppSec settings stored?

All preferences are saved in a local .appsec/config.yaml file within your repository root, allowing for version-controlled security preferences.

Does this skill support custom scanner paths?

Yes, you can specify absolute paths for security tools like Semgrep, Gitleaks, and Trivy if they are not available in your standard system PATH.

What are security hooks in Claude Code?

Hooks are automated security checks that trigger during specific actions, such as scanning for hardcoded secrets when files are edited or reviewing implementation plans for potential vulnerabilities.

Can I override configuration settings during a scan?

Yes, command-line flags provided during a scan (like --scope or --depth) will always take precedence over the values defined in the config file.

How do I ignore specific security findings?

You can use the 'accept risk' command to add a specific finding ID and reason to your configuration, which automatically suppresses it in future reports.

AppSec Configuration Manager

Name: AppSec Configuration Manager
Author: florianbuetow

byflorianbuetow

•

보안 및 테스팅

Manages persistent security preferences, tool thresholds, and scan exclusions for integrated application security workflows.

The AppSec Config skill provides a centralized interface for managing security audit preferences within Claude Code. It allows developers to define persistent settings in .appsec/config.yaml, controlling scan depth, severity filters, scanner binary paths, and excluded directories. By automating the management of accepted risks and security hooks, this skill ensures that security audits remain relevant, focused, and integrated into the development lifecycle without requiring manual flag overrides for every execution.

주요 기능

01Track and document accepted security risks to suppress false positives or low-priority findings.

02Manage directory exclusions and glob patterns to focus scans on relevant code.

03Configure global scan preferences including scope, depth, and severity thresholds.

046 GitHub stars

05Enable automated security hooks for implementation plan reviews and secret detection.

06Customize security frameworks and red team personas for tailored threat modeling.

사용 사례

01Setting up a repository's baseline security posture by defining standard scan depths and excluded vendor folders.

02Suppressing specific security findings by documenting risk acceptance reasons directly in the configuration.

03Standardizing security tool paths across a team to ensure consistent scanner execution in various environments.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code config

For use in Claude.ai and ChatGPT

Download Skill