Does it support CI/CD integration?

Absolutely. It provides configuration examples for popular platforms like GitHub Actions, GitLab CI, and Jenkins.

How does this help with false positives?

The skill includes specialized troubleshooting steps for tuning rule sensitivity and implementing path filtering to reduce noise in scan results.

Which SAST tools are supported by this skill?

This skill provides comprehensive guidance for industry-standard tools including Semgrep, SonarQube, and GitHub's CodeQL.

Can I use this for custom security rules?

Yes, it includes templates and patterns for creating organization-specific rules using Semgrep and CodeQL query development.

SAST Security Configuration

Name: SAST Security Configuration
Author: HermeticOrmus

byHermeticOrmus

Security & Testing

Configures and automates Static Application Security Testing (SAST) tools to identify and remediate code vulnerabilities early in the development lifecycle.

About

The SAST Security Configuration skill provides expert guidance for implementing and optimizing static analysis tools such as Semgrep, SonarQube, and CodeQL. It simplifies the process of setting up automated security scans within CI/CD pipelines, developing custom vulnerability detection rules, and establishing robust quality gates. By leveraging best practices for defense-in-depth and false positive reduction, this skill enables teams to shift security left and maintain a high standard of code integrity across multiple programming languages.

Key Features

0 GitHub stars
Multi-tool support for Semgrep, SonarQube, and CodeQL
CI/CD pipeline integration for automated scanning
Custom security rule creation and pattern matching
False positive tuning and rule optimization
Compliance-focused scanning for PCI-DSS and OWASP

Use Cases

Automating vulnerability detection in CI/CD workflows
Reducing security technical debt via automated quality gates
Implementing custom security policies for enterprise codebases

About

Key Features

0 GitHub stars
Multi-tool support for Semgrep, SonarQube, and CodeQL
CI/CD pipeline integration for automated scanning
Custom security rule creation and pattern matching
False positive tuning and rule optimization
Compliance-focused scanning for PCI-DSS and OWASP

Use Cases

Automating vulnerability detection in CI/CD workflows
Reducing security technical debt via automated quality gates
Implementing custom security policies for enterprise codebases