Which SAST tools does this skill support?

This skill provides comprehensive guidance and configuration templates for popular tools including Semgrep, SonarQube, and GitHub's CodeQL.

How does it handle false positives in security scans?

The skill offers strategies for rule tuning, allow-listing known safe patterns, and implementing incremental scanning to reduce noise and improve developer experience.

Does it help with custom security rules?

Absolutely. It provides frameworks for developing custom patterns and rules to catch vulnerabilities unique to your specific application logic.

What programming languages are supported?

It covers major languages supported by the integrated tools, including Python, JavaScript, Go, Java, C++, and more.

Can I use this for CI/CD automation?

Yes, it includes specific integration patterns for GitHub Actions, GitLab CI, and Jenkins to automate security scanning on every push.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: Activer007

byActiver007

0•

보안 및 테스팅

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection within the development lifecycle.

This skill enables Claude to guide developers through the end-to-end setup of professional security scanning environments. It covers the configuration of industry-standard tools like Semgrep, SonarQube, and CodeQL, providing templates for CI/CD pipelines, custom security rule development, and strategies for reducing false positives. It is particularly useful for teams looking to implement DevSecOps practices, enforce compliance standards like PCI-DSS or SOC 2, and maintain a high security posture across multi-language codebases.

주요 기능

01Automated CI/CD pipeline integration templates

02Quality gate and compliance policy configuration

030 GitHub stars

04Multi-tool support for Semgrep, SonarQube, and CodeQL

05Custom security rule creation and pattern matching

06False positive tuning and performance optimization

사용 사례

01Creating custom Semgrep rules to detect organization-specific code vulnerabilities

02Setting up automated security scans for a new project repository

03Integrating security quality gates into GitHub Actions or GitLab CI pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add activer007/ordinary-claude-skills sast-configuration

For use in Claude.ai and ChatGPT

Download Skill