Which SAST tools are supported by this skill?

The skill provides specialized configuration guidance for Semgrep, SonarQube, and CodeQL, covering both open-source and enterprise setups.

Does it support CI/CD integration?

Absolutely. It provides specific YAML templates and scripts for integrating security scanning into GitHub Actions, GitLab CI, and other major automation platforms.

Is this skill suitable for compliance-heavy industries?

Yes, it offers patterns for configuring scans and quality gates to meet various compliance frameworks like PCI-DSS, OWASP Top 10, and SOC 2.

Can this skill help reduce false positives in security scans?

Yes, it includes best practices for rule tuning, path exclusion, and metadata management to minimize noise and improve scan accuracy.

SAST Configuration

Name: SAST Configuration
Author: Microck

byMicrock

•

安全与测试

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection in application code.

关于

This skill provides specialized guidance for implementing Static Application Security Testing (SAST) across modern development environments. It helps developers and security engineers deploy and fine-tune industry-standard tools such as Semgrep, SonarQube, and CodeQL. By providing implementation patterns for CI/CD integration, custom security rule creation, and false positive management, the skill enables teams to establish robust DevSecOps practices and maintain high security standards throughout the software development lifecycle.

主要功能

81 GitHub stars
CI/CD pipeline integration for GitHub Actions, GitLab, and Jenkins
Optimization strategies to reduce scan latency and false positive rates
Quality gate configuration for PCI-DSS and SOC 2 compliance
Custom security rule development using pattern matching and logic
Comprehensive setup guides for Semgrep, SonarQube, and CodeQL

使用场景

Developing custom Semgrep rules to detect proprietary or domain-specific vulnerabilities
Setting up automated security scanning for a new multi-language repository
Implementing security quality gates to block vulnerable code from reaching production

关于

主要功能

81 GitHub stars
CI/CD pipeline integration for GitHub Actions, GitLab, and Jenkins
Optimization strategies to reduce scan latency and false positive rates
Quality gate configuration for PCI-DSS and SOC 2 compliance
Custom security rule development using pattern matching and logic
Comprehensive setup guides for Semgrep, SonarQube, and CodeQL

使用场景

Developing custom Semgrep rules to detect proprietary or domain-specific vulnerabilities
Setting up automated security scanning for a new multi-language repository
Implementing security quality gates to block vulnerable code from reaching production