Can I use this for specific compliance requirements?

Absolutely. It includes guidance for running scans focused on compliance frameworks like PCI-DSS, SOC 2, and the OWASP Top 10.

Which SAST tools does this skill support?

The skill provides comprehensive guidance for Semgrep, SonarQube, and CodeQL, including setup, configuration, and advanced rule creation.

Does this skill help reduce false positives in security scans?

Yes, it provides strategies for tuning rule sensitivity, path filtering, and documenting legitimate suppressions to reduce noise.

Can I integrate these scans into my CI/CD pipeline?

Yes, the skill includes specific patterns and templates for integrating SAST tools into GitHub Actions, GitLab CI, and Jenkins.

SAST Configuration

Name: SAST Configuration
Author: ccf

byccf

0•

Security & Testing

Configures Static Application Security Testing (SAST) tools to automate vulnerability detection and enforce security standards in application code.

This skill provides specialized expertise for setting up and optimizing Static Application Security Testing (SAST) tools such as Semgrep, SonarQube, and CodeQL. It guides users through the entire security lifecycle, from initial baseline scanning and custom rule creation to deep CI/CD integration and false positive management. By leveraging this skill, developers can implement robust DevSecOps practices, ensure compliance with standards like PCI-DSS, and maintain a high security posture across diverse programming environments without requiring deep security engineering background.

Key Features

01CI/CD pipeline integration for automated security gates

02Compliance-focused scanning for PCI-DSS and SOC 2

03Automated setup for Semgrep, SonarQube, and CodeQL

04Custom security rule development with pattern matching

050 GitHub stars

06Performance tuning and false positive reduction strategies

Use Cases

01Establishing a security baseline and roadmap for new or legacy projects

02Developing organization-specific security rules to prevent proprietary vulnerabilities

03Integrating automated security scanning into GitHub Actions or GitLab CI workflows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ccf/claude-code-ccf-marketplace sast-configuration

For use in Claude.ai and ChatGPT

Download Skill