Can I use this to create custom security rules?

Yes, it includes detailed patterns and templates for writing custom Semgrep and CodeQL rules tailored to your specific codebase requirements.

Does it support CI/CD automation?

Yes, the skill provides ready-to-use integration patterns for major platforms like GitHub Actions, GitLab CI, and Jenkins.

Which security tools does this skill support?

This skill provides comprehensive setup and configuration guidance for Semgrep, SonarQube, and CodeQL across over 30 programming languages.

Is this skill helpful for compliance audits?

Absolutely. It includes configurations specifically designed for PCI-DSS, SOC 2, and OWASP Top 10 compliance scanning.

How does this skill help reduce false positives in scans?

It offers strategies for rule sensitivity tuning, path filtering, and metadata exclusion to ensure your security reports are accurate and actionable.

SAST Security Configuration

Name: SAST Security Configuration
Author: Microck

byMicrock

•

安全与测试

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection within development workflows.

This skill provides specialized guidance for implementing and managing Static Application Security Testing (SAST) tools like Semgrep, SonarQube, and CodeQL. It enables Claude to assist developers in setting up automated security scans, creating custom vulnerability detection rules, and integrating security quality gates directly into CI/CD pipelines. By automating the identification of security flaws early in the software development lifecycle, this skill helps teams maintain high security standards, reduce technical debt, and ensure compliance with industry frameworks such as PCI-DSS and SOC 2.

主要功能

01Multi-tool support for Semgrep, SonarQube, and CodeQL

0281 GitHub stars

03Compliance policy enforcement for standard frameworks

04Automated CI/CD pipeline integration patterns

05False positive tuning and performance optimization

06Custom security rule creation and pattern matching

使用场景

01Integrating security quality gates into GitHub Actions or GitLab CI pipelines

02Developing custom Semgrep or CodeQL rules to detect proprietary anti-patterns

03Establishing automated security scanning for a new software repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add microck/ordinary-claude-skills sast-configuration

For use in Claude.ai and ChatGPT

Download Skill