Is this suitable for compliance scanning?

Yes, it offers specific configurations for scanning against standards like the OWASP Top 10, PCI-DSS, and SOC 2.

Can I use this for CI/CD integration?

Yes, the skill includes templates and patterns for integrating security scans into GitHub Actions, GitLab CI, and Jenkins pipelines.

Does it help with false positives?

Absolutely. It includes best practices for rule tuning, path exclusions, and suppression management to ensure scan results are actionable and accurate.

Which SAST tools does this skill support?

The skill provides comprehensive guidance for Semgrep, SonarQube, and CodeQL, covering over 30 programming languages.

SAST Configuration & Vulnerability Scanning

Name: SAST Configuration & Vulnerability Scanning
Author: Microck

byMicrock

•

108

•

Security & Testing

Automates the setup and configuration of Static Application Security Testing (SAST) tools to detect code vulnerabilities early in the development lifecycle.

This skill enables Claude to guide developers through the end-to-end process of implementing Static Application Security Testing (SAST) across various programming languages. It provides specific implementation patterns for leading tools like Semgrep, SonarQube, and CodeQL, facilitating CI/CD integration, custom security rule development, and the establishment of automated quality gates. By streamlining security scanning and reducing false positives, it helps teams adopt DevSecOps practices and maintain a robust security posture without compromising development velocity.

Key Features

01108 GitHub stars

02False positive tuning and performance optimization strategies

03Multi-tool configuration for Semgrep, SonarQube, and CodeQL

04CI/CD pipeline integration for automated scanning

05Custom security rule development and pattern matching

06Compliance policy enforcement for PCI-DSS and SOC 2

Use Cases

01Automating vulnerability detection within DevSecOps pipelines

02Establishing a security baseline for new or existing software projects

03Developing custom security queries to identify domain-specific code risks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add microck/ordinary-claude-skills sast-configuration

For use in Claude.ai and ChatGPT

Download Skill