Can I use this to create custom security rules?

Yes, the skill includes templates and instructions for developing custom pattern-based rules tailored to your specific codebase and unique security requirements.

Is this suitable for compliance scanning?

Absolutely. It includes guidance for configuring scans focused on compliance frameworks like PCI-DSS, SOC 2, and the OWASP Top 10.

How does it handle false positives in security scans?

It provides best practices for rule tuning, creating allow-lists for known safe patterns, and organizational policies to reduce noise and focus on critical findings.

Which SAST tools does this skill support?

This skill provides detailed configuration guidance for industry-standard tools including Semgrep, SonarQube, and CodeQL across over 30 programming languages.

Does this integrate with GitHub Actions?

Yes, the skill provides specific integration patterns and YAML templates for GitHub Actions, GitLab CI, and Jenkins to automate security in your pipeline.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: Activer007

byActiver007

0•

보안 및 테스팅

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection in application source code.

This skill provides expert guidance for implementing and managing SAST tools such as Semgrep, SonarQube, and CodeQL within the development lifecycle. It enables teams to set up automated security scans, develop custom vulnerability detection rules, and seamlessly integrate security checks into CI/CD pipelines. By facilitating the identification of OWASP Top 10 risks and language-specific vulnerabilities early in the development process, this skill helps developers maintain high security standards while optimizing scan performance and reducing false positives in a DevSecOps environment.

주요 기능

01False positive reduction and scan performance optimization strategies

02Quality gate enforcement and compliance policy mapping for PCI-DSS and SOC 2

03Automated security scanning configuration for Semgrep, SonarQube, and CodeQL

040 GitHub stars

05Custom security rule development and pattern matching for specific codebases

06CI/CD pipeline integration templates for GitHub Actions, GitLab CI, and Jenkins

사용 사례

01Establishing a security baseline and automated scanning for new software projects

02Integrating blocking security gates into DevOps pipelines to prevent vulnerable code merges

03Developing custom organizational security rules to catch proprietary code patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add activer007/ordinary-claude-skills sast-configuration

For use in Claude.ai and ChatGPT

Download Skill