What tools are supported by the SAST Configuration skill?

The skill provides comprehensive guidance, templates, and execution scripts for Semgrep, SonarQube, and CodeQL.

Can I use this skill to create custom security rules?

Yes, it includes specialized documentation and patterns for writing custom rules to detect organization-specific vulnerabilities.

How does this skill handle false positives?

It provides best practices for rule sensitivity tuning, path filtering, and documenting legitimate suppressions to reduce noise.

Does it support CI/CD integration?

Yes, the skill contains YAML examples and shell scripts for integrating security scans into GitHub Actions, GitLab CI, and Jenkins.

SAST Security Configuration

Name: SAST Security Configuration
Author: as4584

byas4584

Security & Testing

Configures Static Application Security Testing (SAST) tools to automate vulnerability detection and enforce security policies across the software development lifecycle.

About

The SAST Configuration skill empowers developers and security engineers to implement robust security scanning using industry-standard tools like Semgrep, SonarQube, and CodeQL. It provides specialized guidance on setting up CI/CD pipelines, drafting custom security rules, and optimizing scan performance to reduce false positives. Whether you are establishing a security baseline for a new project or integrating complex compliance policies into an existing enterprise workflow, this skill offers the patterns and templates necessary to maintain a secure codebase through defense-in-depth strategies.

Key Features

Compliance policy enforcement for PCI-DSS and SOC 2
False positive tuning and rule optimization strategies
Automated CI/CD pipeline integration templates
Custom security rule creation for Semgrep, SonarQube, and CodeQL
Language-specific security pattern matching for 30+ languages
0 GitHub stars

Use Cases

Establishing security baselines and remediation roadmaps for new projects.
Developing custom security rules to catch domain-specific vulnerabilities.
Implementing automated security gates in production CI/CD pipelines.

About

Key Features

Compliance policy enforcement for PCI-DSS and SOC 2
False positive tuning and rule optimization strategies
Automated CI/CD pipeline integration templates
Custom security rule creation for Semgrep, SonarQube, and CodeQL
Language-specific security pattern matching for 30+ languages
0 GitHub stars

Use Cases

Establishing security baselines and remediation roadmaps for new projects.
Developing custom security rules to catch domain-specific vulnerabilities.
Implementing automated security gates in production CI/CD pipelines.