Does it help with CI/CD integration?

Absolutely. The skill provides templates and examples for integrating security scanning into pipelines like GitHub Actions, GitLab CI, and Jenkins.

Which SAST tools does this skill support?

This skill provides comprehensive guidance for Semgrep, SonarQube, and CodeQL, covering setup, configuration, and custom rule development.

Can I create custom security rules with this skill?

Yes, the skill offers guidance on writing custom rules using pattern matching for specific language vulnerabilities or organizational policies.

Can I use this skill to reduce false positives in my security scans?

Yes, it includes best practices for tuning rule sensitivity, adding path filters, and creating allow lists to minimize noisy results.

Is this skill suitable for teams new to DevSecOps?

Yes, it covers everything from initial assessment and basic tool setup to advanced query development and compliance scanning, making it ideal for incremental adoption.

SAST Security Configuration

Name: SAST Security Configuration
Author: HermeticOrmus

byHermeticOrmus

•

安全与测试

Configures Static Application Security Testing (SAST) tools to automate vulnerability detection and enforce secure coding standards.

This skill empowers developers to integrate industry-standard security scanning tools like Semgrep, SonarQube, and CodeQL into their development workflows. It provides specialized guidance on setting up CI/CD pipelines, creating custom security rules tailored to specific codebases, and optimizing scan performance to reduce false positives. Whether you are implementing DevSecOps practices for the first time or fine-tuning existing security gates, this skill helps ensure your application code is robust against common vulnerabilities and compliant with security standards like PCI-DSS and SOC 2.

主要功能

014 GitHub stars

02Custom security rule creation and pattern matching

03Multi-tool setup for Semgrep, SonarQube, and CodeQL

04CI/CD pipeline integration for automated scanning

05False positive tuning and scan performance optimization

06Quality gate and compliance policy enforcement

使用场景

01Implementing custom vulnerability detection for proprietary frameworks

02Establishing a security baseline for new software projects

03Integrating automated security checks into GitHub Actions or GitLab CI

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/claude-code-game-development sast-configuration

For use in Claude.ai and ChatGPT

Download Skill