How do I verify that my custom rules actually work?

You can use the built-in testing functionality using '# ruleid:' and '# ok:' annotations in your test files to verify that rules trigger (or don't trigger) as expected.

Can I use this skill to find data flow issues like SQL injection?

Yes, the skill includes detailed guidance on using Semgrep's 'taint' mode to track untrusted user input from sources to dangerous sinks like database executors.

Which programming languages are supported?

Semgrep supports over 30 major languages, including Python, JavaScript, TypeScript, Go, Java, C#, Ruby, and PHP.

Does this work with my existing CI/CD setup?

Absolutely. The skill provides ready-to-use configurations for both GitHub Actions and GitLab CI to automate your security scans on every pull request.

What is the benefit of writing custom Semgrep rules instead of using defaults?

Custom rules allow you to detect vulnerabilities unique to your internal frameworks, proprietary libraries, and specific business logic that generic industry rules might miss.

Custom Semgrep SAST Rule Implementation

Name: Custom Semgrep SAST Rule Implementation
Author: mukul975

bymukul975

•

4,121

•

Security & Testing

Writes and deploys custom Semgrep static analysis rules to detect application-specific vulnerabilities and enforce coding standards.

This skill enables developers and security engineers to create bespoke Semgrep rules in YAML for identifying domain-specific security risks and architectural anti-patterns. It provides comprehensive guidance on pattern matching, taint analysis for tracking untrusted data, and multi-language support across 30+ languages. By integrating these custom checks into CI/CD pipelines like GitHub Actions and GitLab, teams can automate security reviews and ensure that critical issues—such as SQL injection, hardcoded secrets, and insecure JWT configurations—are caught early in the development lifecycle.

Key Features

01Automated rule testing with built-in validation annotations

024,121 GitHub stars

03Advanced taint analysis to track untrusted data from sources to sinks

04Multi-language support for over 30 languages including Python, JS, and Go

05Seamless integration with GitHub Actions and GitLab CI/CD pipelines

06Custom YAML rule creation for domain-specific vulnerability detection

Use Cases

01Developing bespoke security rules to catch organization-specific anti-patterns

02Automating security reviews within pull requests to block insecure code

03Migrating manual security checklists into automated, executable SAST policies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-semgrep-for-custom-sast-rules

For use in Claude.ai and ChatGPT

Key Features

01Automated rule testing with built-in validation annotations

024,121 GitHub stars

03Advanced taint analysis to track untrusted data from sources to sinks

04Multi-language support for over 30 languages including Python, JS, and Go

05Seamless integration with GitHub Actions and GitLab CI/CD pipelines

06Custom YAML rule creation for domain-specific vulnerability detection

Use Cases

01Developing bespoke security rules to catch organization-specific anti-patterns

02Automating security reviews within pull requests to block insecure code

03Migrating manual security checklists into automated, executable SAST policies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-semgrep-for-custom-sast-rules

For use in Claude.ai and ChatGPT