Where are the custom rules stored in my project?

Rules are typically stored in the .specify/security/rules/ or .semgrep/ directories to be automatically picked up by the security scanner.

What scanners does this skill support?

This skill primarily supports Semgrep for multi-language pattern matching and Bandit for Python-specific security analysis.

Can I use this to reduce false positives in my scans?

Yes, the skill provides guidance on using pattern-not clauses and pattern-inside constraints to exclude safe code and focus on real vulnerabilities.

How do I verify my new security rules work?

The skill helps you create positive and negative test cases and provides the specific Semgrep CLI commands to validate your rule syntax and logic.

Security Custom Rules

Name: Security Custom Rules
Author: jpoley

byjpoley

•

Security & Testing

Empowers developers to design, validate, and implement tailored security linting rules using Semgrep and Bandit syntax.

The Security Custom Rules skill streamlines the process of creating organization-specific security policies within Claude Code. It guides users through identifying vulnerability patterns, writing precise Semgrep or Bandit rules, and testing them against real codebases to ensure high accuracy with minimal false positives. By integrating directly with the flowspec workflow, it helps teams enforce internal coding standards and detect domain-specific security risks that generic scanners often miss.

Key Features

01Interactive Semgrep and Bandit rule generation

02Direct integration with flowspec security scanning

03Automated rule validation and syntax checking

045 GitHub stars

05False positive reduction using context-aware filters

06Integrated test case creation for security policies

Use Cases

01Reducing noise in security scans by fine-tuning existing rule patterns

02Detecting organization-specific vulnerabilities and hardcoded secrets

03Enforcing internal coding standards and secure development practices

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-custom-rules

For use in Claude.ai and ChatGPT

Download Skill