Can I use this for CI/CD automation?

Yes, it includes specific templates and patterns for integrating security scans into GitHub Actions, GitLab CI, and Jenkins.

Does it help with reducing false positives?

Absolutely, it includes best practices for tuning rule sensitivity and creating allow-lists to minimize noise in your security reports.

What tools does this skill support?

It provides configuration guidance and implementation patterns for leading SAST tools including Semgrep, SonarQube, and CodeQL.

Is this suitable for compliance audits?

Yes, it provides specific configurations for scanning against industry standards such as the OWASP Top 10 and PCI-DSS.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: GaitanS

byGaitanS

0•

安全与测试

Configures and automates Static Application Security Testing (SAST) tools to detect vulnerabilities across multiple programming languages.

This skill empowers developers and security engineers to implement robust DevSecOps practices by setting up industry-standard tools like Semgrep, SonarQube, and CodeQL. It provides comprehensive guidance on creating custom security rules, establishing quality gates, and integrating automated scanning directly into CI/CD pipelines to ensure code security from the initial commit. Whether you are scaling a security program, reducing false positives, or meeting strict compliance standards like PCI-DSS, this skill provides the patterns and templates necessary for high-performance security analysis.

主要功能

010 GitHub stars

02Multi-tool setup for Semgrep, SonarQube, and CodeQL

03Custom security rule and pattern creation

04Quality gate and compliance policy enforcement

05CI/CD pipeline integration and automation templates

06False positive tuning and performance optimization

使用场景

01Writing custom Semgrep patterns to enforce internal security coding standards

02Establishing SonarQube quality gates to block insecure code from being merged

03Integrating automated security scans into GitHub Actions or GitLab CI/CD pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add gaitans/ai-mancare sast-configuration

For use in Claude.ai and ChatGPT

Download Skill