How does this help with false positives?

It offers strategies for rule tuning, path exclusion, and metadata management to minimize noise and focus on real vulnerabilities.

Is it suitable for compliance requirements?

Yes, it helps configure tools to scan for standards like PCI-DSS, SOC 2, and the OWASP Top 10.

What tools does this skill support?

It provides specialized guidance for Semgrep, SonarQube, and CodeQL, covering setup, rule creation, and pipeline integration.

Can I integrate this into my existing CI/CD?

Yes, the skill includes templates and patterns for major platforms like GitHub Actions, GitLab CI, and Jenkins.

Does it support custom security rules?

Absolutely, it includes guidance on writing pattern-based rules for Semgrep and custom queries for CodeQL.

SAST Security Configuration

Name: SAST Security Configuration
Author: yusoofsh

byyusoofsh

0•

Security & Testing

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection within your development workflow.

This skill provides a comprehensive framework for implementing Static Application Security Testing (SAST) across various programming environments, offering expert guidance on configuring industry-standard tools like Semgrep, SonarQube, and CodeQL. It assists developers in establishing security baselines, creating custom scanning rules, and integrating automated security checks directly into CI/CD pipelines to ensure code safety and compliance without sacrificing development velocity.

Key Features

01Quality gate and compliance policy enforcement

02Comprehensive setup for Semgrep, SonarQube, and CodeQL

03CI/CD pipeline integration and automation

04Custom security rule creation and pattern matching

05Performance optimization and false positive reduction

060 GitHub stars

Use Cases

01Integrating security gates into GitHub Actions or GitLab CI pipelines

02Setting up automated security scanning for a new multi-language repository

03Creating custom security rules to detect organization-specific code vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yusoofsh/dotfiles sast-configuration

For use in Claude.ai and ChatGPT

Download Skill