Which SAST tools does this skill support?

It provides specialized guidance for Semgrep, SonarQube, and CodeQL, covering setup, rule creation, and pipeline integration.

Can I use this for custom security policies?

Yes, it includes capabilities for creating custom rules using pattern matching and language-specific security logic to suit your organization's needs.

How does it handle false positives?

The skill offers strategies for tuning rule sensitivity, creating allow lists, and documenting legitimate suppressions to reduce developer friction.

Is it suitable for compliance audits?

Yes, it includes configuration guidance for compliance standards like PCI-DSS and SOC 2 by implementing specific scanning profiles.

Does it help with DevSecOps integration?

Absolutely, it provides templates and patterns for integrating security scans into GitHub Actions, GitLab CI, and other major CI/CD platforms.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: EngineerWithAI

byEngineerWithAI

0•

Security & Testing

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection across multiple programming languages.

The sast-configuration skill empowers Claude to set up, fine-tune, and integrate industry-standard security scanning tools like Semgrep, SonarQube, and CodeQL into your development workflow. It provides comprehensive guidance on creating custom security rules, establishing quality gates, and managing false positives to ensure a robust security posture. Whether you are implementing DevSecOps practices from scratch or optimizing existing CI/CD pipelines, this skill facilitates deep code analysis to identify and remediate vulnerabilities before they reach production.

Key Features

01Multi-tool support for Semgrep, SonarQube, and CodeQL

02Automated CI/CD pipeline integration for GitHub, GitLab, and Jenkins

030 GitHub stars

04Custom security rule creation and pattern matching

05Quality gate and compliance policy enforcement (PCI-DSS, SOC 2)

06False positive tuning and scan performance optimization

Use Cases

01Setting up automated security scanning for a new software project

02Creating organization-specific security rules to catch proprietary code patterns

03Integrating security gates into CI/CD pipelines to block vulnerable code deployments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add engineerwithai/engineerwith-agents sast-configuration

For use in Claude.ai and ChatGPT

Download Skill