Does it support CI/CD integration?

Absolutely. It provides configuration examples for popular platforms like GitHub Actions, GitLab CI, and Jenkins.

How does this help with false positives?

The skill includes specialized troubleshooting steps for tuning rule sensitivity and implementing path filtering to reduce noise in scan results.

Which SAST tools are supported by this skill?

This skill provides comprehensive guidance for industry-standard tools including Semgrep, SonarQube, and GitHub's CodeQL.

Can I use this for custom security rules?

Yes, it includes templates and patterns for creating organization-specific rules using Semgrep and CodeQL query development.

SAST Security Configuration

Name: SAST Security Configuration
Author: HermeticOrmus

byHermeticOrmus

0•

Security & Testing

Configures and automates Static Application Security Testing (SAST) tools to identify and remediate code vulnerabilities early in the development lifecycle.

The SAST Security Configuration skill provides expert guidance for implementing and optimizing static analysis tools such as Semgrep, SonarQube, and CodeQL. It simplifies the process of setting up automated security scans within CI/CD pipelines, developing custom vulnerability detection rules, and establishing robust quality gates. By leveraging best practices for defense-in-depth and false positive reduction, this skill enables teams to shift security left and maintain a high standard of code integrity across multiple programming languages.

Key Features

010 GitHub stars

02Multi-tool support for Semgrep, SonarQube, and CodeQL

03CI/CD pipeline integration for automated scanning

04Custom security rule creation and pattern matching

05False positive tuning and rule optimization

06Compliance-focused scanning for PCI-DSS and OWASP

Use Cases

01Automating vulnerability detection in CI/CD workflows

02Reducing security technical debt via automated quality gates

03Implementing custom security policies for enterprise codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/floraheritage sast-configuration

For use in Claude.ai and ChatGPT

Download Skill