Which tools does this SAST skill support?

The skill provides comprehensive guidance for industry-standard tools including Semgrep, SonarQube, and CodeQL, covering both open-source and enterprise configurations.

How does it help reduce false positives in security scans?

The skill offers strategies for rule tuning, creating custom allow-lists, and implementing path filters to ensure developers only see actionable security findings.

Does it support specific compliance frameworks?

Yes, it provides configurations tailored for various compliance standards such as PCI-DSS, SOC 2, and the OWASP Top 10.

Can I use this for CI/CD pipeline integration?

Yes, it includes templates and patterns for integrating security scans into major platforms like GitHub Actions, GitLab CI, and Jenkins.

SAST Security Configuration

Name: SAST Security Configuration
Author: Tahir-yamin

byTahir-yamin

•

보안 및 테스팅

Configures Static Application Security Testing (SAST) tools and automated vulnerability detection workflows for secure software development.

소개

This skill enables Claude to guide developers through the end-to-end setup and optimization of static analysis security tools like Semgrep, SonarQube, and CodeQL. It provides specialized knowledge for creating custom security rules, integrating scanning into CI/CD pipelines, and managing false positives across multiple programming languages. By implementing these DevSecOps patterns, teams can catch vulnerabilities early in the development lifecycle, enforce organizational compliance standards, and maintain a robust defense-in-depth security posture.

주요 기능

3 GitHub stars
Automated configuration for Semgrep, SonarQube, and CodeQL
False positive tuning and quality gate configuration
CI/CD pipeline integration for automated scanning
Compliance policy enforcement for PCI-DSS and SOC 2
Custom security rule creation and pattern matching

사용 사례

Developing custom security rules to detect organization-specific code patterns
Setting up a new DevSecOps pipeline for automated vulnerability scanning
Optimizing SAST tool performance to reduce scan times and noisy alerts

소개

주요 기능

3 GitHub stars
Automated configuration for Semgrep, SonarQube, and CodeQL
False positive tuning and quality gate configuration
CI/CD pipeline integration for automated scanning
Compliance policy enforcement for PCI-DSS and SOC 2
Custom security rule creation and pattern matching

사용 사례

Developing custom security rules to detect organization-specific code patterns
Setting up a new DevSecOps pipeline for automated vulnerability scanning
Optimizing SAST tool performance to reduce scan times and noisy alerts