Which SAST tools does this skill support?

The skill provides comprehensive configuration and integration guidance for Semgrep, SonarQube, and CodeQL.

Can I create custom security rules with this skill?

Yes, it includes specialized patterns and templates for developing custom security rules tailored to your specific codebase and security requirements.

Does it support CI/CD integration?

Absolutely. It provides ready-to-use YAML configurations and scripts for integrating security scans into GitHub Actions, GitLab CI, and Jenkins.

How does it handle false positives?

It includes best practices for rule tuning, path exclusions, and organizational policy enforcement to minimize noise and focus on critical vulnerabilities.

Can I use this for compliance scanning?

Yes, the skill includes configurations specifically designed for compliance standards like PCI-DSS, SOC 2, and the OWASP Top 10.

SAST Configuration & Security Scanning

Name: SAST Configuration & Security Scanning
Author: kivilaid

bykivilaid

•

Security & Testing

Configures and automates Static Application Security Testing (SAST) tools for comprehensive vulnerability detection in application code.

This skill streamlines the implementation of DevSecOps by providing expert guidance on setting up and optimizing SAST tools like Semgrep, SonarQube, and CodeQL. It enables developers to automate code security audits, develop custom security rules, and establish automated quality gates within CI/CD pipelines. By leveraging this skill, teams can improve their security posture through proactive vulnerability detection, false-positive reduction, and compliance-driven scanning across multiple programming languages.

Key Features

01Custom security rule creation and pattern matching

026 GitHub stars

03Multi-tool setup for Semgrep, SonarQube, and CodeQL

04Compliance-focused scanning for PCI-DSS and OWASP standards

05CI/CD pipeline integration patterns (GitHub, GitLab, Jenkins)

06False positive tuning and performance optimization

Use Cases

01Creating custom detection patterns for organization-specific security requirements

02Establishing a security baseline for new or existing codebases

03Integrating automated security gates into the development lifecycle

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add kivilaid/plugin-marketplace sast-configuration

For use in Claude.ai and ChatGPT

Download Skill