Which SAST tools does this skill support?

It provides specialized guidance for Semgrep, SonarQube, and CodeQL, covering setup, rule creation, and pipeline integration.

Can I use this for custom security policies?

Yes, it includes capabilities for creating custom rules using pattern matching and language-specific security logic to suit your organization's needs.

How does it handle false positives?

The skill offers strategies for tuning rule sensitivity, creating allow lists, and documenting legitimate suppressions to reduce developer friction.

Is it suitable for compliance audits?

Yes, it includes configuration guidance for compliance standards like PCI-DSS and SOC 2 by implementing specific scanning profiles.

Does it help with DevSecOps integration?

Absolutely, it provides templates and patterns for integrating security scans into GitHub Actions, GitLab CI, and other major CI/CD platforms.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: EngineerWithAI

byEngineerWithAI

安全与测试

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection across multiple programming languages.

关于

The sast-configuration skill empowers Claude to set up, fine-tune, and integrate industry-standard security scanning tools like Semgrep, SonarQube, and CodeQL into your development workflow. It provides comprehensive guidance on creating custom security rules, establishing quality gates, and managing false positives to ensure a robust security posture. Whether you are implementing DevSecOps practices from scratch or optimizing existing CI/CD pipelines, this skill facilitates deep code analysis to identify and remediate vulnerabilities before they reach production.

主要功能

Multi-tool support for Semgrep, SonarQube, and CodeQL
Automated CI/CD pipeline integration for GitHub, GitLab, and Jenkins
0 GitHub stars
Custom security rule creation and pattern matching
Quality gate and compliance policy enforcement (PCI-DSS, SOC 2)
False positive tuning and scan performance optimization

使用场景

Setting up automated security scanning for a new software project
Creating organization-specific security rules to catch proprietary code patterns
Integrating security gates into CI/CD pipelines to block vulnerable code deployments

关于

主要功能

Multi-tool support for Semgrep, SonarQube, and CodeQL
Automated CI/CD pipeline integration for GitHub, GitLab, and Jenkins
0 GitHub stars
Custom security rule creation and pattern matching
Quality gate and compliance policy enforcement (PCI-DSS, SOC 2)
False positive tuning and scan performance optimization

使用场景

Setting up automated security scanning for a new software project
Creating organization-specific security rules to catch proprietary code patterns
Integrating security gates into CI/CD pipelines to block vulnerable code deployments