How does this skill improve CI/CD pipelines?

It provides ready-to-use integration patterns for tools like GitHub Actions and Jenkins, allowing you to automate security gates and block builds based on critical findings.

What SAST tools does this skill support?

This skill provides detailed configuration guidance for popular tools including Semgrep, SonarQube, and CodeQL, covering various programming languages and CI/CD environments.

Can I use this skill to create custom security rules?

Yes, it includes specific patterns and templates for creating custom rules to detect domain-specific vulnerabilities and enforce organizational coding standards.

Does it help with managing false positives?

Yes, the skill includes best practices for tuning rule sensitivity, excluding non-production files, and managing legitimate suppressions to improve scan accuracy.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: drgaciw

bydrgaciw

0•

安全与测试

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection within the development lifecycle.

This skill provides comprehensive guidance for implementing SAST tools like Semgrep, SonarQube, and CodeQL to identify security vulnerabilities early in the coding process. It enables developers and security engineers to create custom security rules, establish quality gates, and integrate automated scanning into CI/CD pipelines. By providing domain-specific implementation patterns, it helps reduce false positives and ensures robust application security and compliance across various programming languages and frameworks.

主要功能

01CI/CD pipeline integration for DevSecOps workflows

020 GitHub stars

03Performance tuning to reduce false positives

04Custom security rule creation and pattern matching

05Quality gate and compliance policy configuration

06Automated setup for Semgrep, SonarQube, and CodeQL

使用场景

01Setting up automated security scanning for a new project

02Integrating security checks into GitHub Actions or GitLab CI

03Creating custom security rules to enforce organizational standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add drgaciw/academic-compliance-hub-glm sast-configuration

For use in Claude.ai and ChatGPT

Download Skill