Can I use this for custom security rules?

Yes, it includes patterns, templates, and best practices for creating custom security rules tailored to your organization's specific codebase and compliance needs.

How does it help with false positives in security scans?

The skill offers strategies for rule tuning, management of legitimate suppressions, and baseline scanning to help teams focus on high-priority vulnerabilities while reducing noise.

What tools does this SAST skill support?

This skill provides specialized guidance for configuring Semgrep, SonarQube, and CodeQL, covering both open-source and enterprise security workflows.

Does it support CI/CD pipeline integration?

Absolutely. It provides ready-to-use integration patterns for major platforms including GitHub Actions, GitLab CI, and Jenkins.

Static Security Analysis (SAST)

Name: Static Security Analysis (SAST)
Author: HermeticOrmus

byHermeticOrmus

•

安全与测试

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection in source code.

The SAST Configuration skill empowers Claude to set up, configure, and fine-tune industry-leading security tools like Semgrep, SonarQube, and CodeQL within your development workflow. It provides specialized guidance on creating custom security rules, establishing quality gates, and integrating automated scanning directly into CI/CD pipelines to ensure consistent security standards across your projects. By helping developers automate the detection of vulnerabilities and manage false positives, this skill facilitates the implementation of robust DevSecOps practices across multiple programming languages and environments.

主要功能

01Custom Semgrep rule creation and language-specific pattern matching

02SonarQube quality gate and security profile configuration

03CodeQL query development and GitHub Advanced Security integration

042 GitHub stars

05Automated CI/CD pipeline integration for GitHub, GitLab, and Jenkins

06False positive tuning and scan performance optimization strategies

使用场景

01Implementing organization-specific security policies and compliance rules

02Reducing technical debt and security hotspots in legacy codebases

03Setting up automated security scanning for a new software project

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/libreuiux-claude-code sast-configuration

For use in Claude.ai and ChatGPT

主要功能

01Custom Semgrep rule creation and language-specific pattern matching

02SonarQube quality gate and security profile configuration

03CodeQL query development and GitHub Advanced Security integration

042 GitHub stars

05Automated CI/CD pipeline integration for GitHub, GitLab, and Jenkins

06False positive tuning and scan performance optimization strategies

使用场景

01Implementing organization-specific security policies and compliance rules

02Reducing technical debt and security hotspots in legacy codebases

03Setting up automated security scanning for a new software project

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/libreuiux-claude-code sast-configuration

For use in Claude.ai and ChatGPT