Is this skill suitable for PCI-DSS or SOC 2 compliance?

Absolutely. It includes guidance on configuring compliance-focused scanning profiles and generating reports necessary for security audits and certifications.

Can this skill help reduce false positives in security scans?

Yes, it includes best practices for rule tuning, path filtering, and creating organization-specific exceptions to significantly improve scan accuracy.

How do I integrate these security tools into my CI/CD pipeline?

The skill provides specific YAML templates and integration patterns for GitHub Actions, GitLab CI, and Jenkins to automate scanning on every code push.

Which SAST tools are supported by this skill?

The skill provides detailed configuration guidance for Semgrep, SonarQube, and CodeQL across over 30 different programming languages.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: carloscroc

bycarloscroc

0•

보안 및 테스팅

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection within the development lifecycle.

This skill streamlines the implementation of Static Application Security Testing (SAST) across various development environments. It provides expert guidance on configuring industry-standard tools like Semgrep, SonarQube, and CodeQL to identify security vulnerabilities, manage code quality gates, and enforce compliance policies. Whether setting up a new CI/CD pipeline or fine-tuning custom security rules to reduce false positives, this skill ensures a robust 'shift-left' security approach for modern software development.

주요 기능

010 GitHub stars

02Custom security rule creation and pattern matching

03False positive reduction and scan performance optimization

04Automated quality gate and compliance policy enforcement

05Multi-tool configuration for Semgrep, SonarQube, and CodeQL

06Seamless CI/CD pipeline integration for GitHub, GitLab, and Jenkins

사용 사례

01Creating custom security rules to catch organization-specific vulnerabilities

02Integrating automated security scanning into existing DevSecOps pipelines

03Establishing a security baseline for legacy codebases during modernization

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add carloscroc/fitness sast-configuration

For use in Claude.ai and ChatGPT

Download Skill