Which tools does this skill support?

The skill provides comprehensive guidance for Semgrep, SonarQube, and CodeQL, covering over 30 programming languages and various integration patterns.

Is this skill compatible with CI/CD pipelines?

Absolutely. It provides templates and patterns for integrating security gates into GitHub Actions, GitLab CI, and Jenkins workflows.

Can it help reduce false positives in security scans?

Yes, it includes specific strategies for tuning rule sensitivity, adding path filters, and creating organization-specific exceptions to minimize scan noise.

Can I create custom security rules with this skill?

Yes, the skill helps you develop custom Semgrep patterns and CodeQL queries tailored to your specific codebase and compliance requirements.

SAST Security Configuration

Name: SAST Security Configuration
Author: Activer007

byActiver007

0•

보안 및 테스팅

Automates the setup and optimization of static analysis security tools to detect vulnerabilities early in the development lifecycle.

This skill provides specialized guidance for implementing Static Application Security Testing (SAST) across modern development environments. It streamlines the configuration of leading security tools like Semgrep, SonarQube, and CodeQL, helping developers establish robust DevSecOps practices. By leveraging this skill, teams can create custom security rules, integrate automated scanning into CI/CD pipelines, and effectively manage false positives to ensure high-quality, secure code without slowing down production speed.

주요 기능

010 GitHub stars

02Compliance-ready quality gate configuration

03False positive tuning and performance optimization

04Custom security rule and pattern creation

05Multi-tool setup for Semgrep, SonarQube, and CodeQL

06CI/CD pipeline integration for automated scanning

사용 사례

01Setting up a security baseline and remediation roadmap for legacy codebases

02Implementing automated security scanning in GitHub Actions or GitLab CI

03Creating organization-specific security rules to catch proprietary vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add activer007/ordinary-claude-skills sast-configuration

For use in Claude.ai and ChatGPT

Download Skill