Does it help with reducing false positives?

Yes, it includes best practices for tuning rule sensitivity, creating allow lists, and documenting legitimate suppressions to improve scan accuracy.

Which SAST tools does this skill support?

This skill provides comprehensive configuration and guidance for Semgrep, SonarQube, and CodeQL.

How does this integrate with my existing CI/CD pipeline?

The skill provides templates and scripts for integrating security scans into GitHub Actions, GitLab CI, Jenkins, and pre-commit hooks.

Can I use this skill to create custom security rules?

Yes, it includes specialized patterns for creating custom Semgrep rules and CodeQL queries tailored to your specific application architecture.

SAST Security Configuration

Name: SAST Security Configuration
Author: wshobson

bywshobson

•

23,194

•

Security & Testing

Configures and automates Static Application Security Testing (SAST) tools to detect and remediate vulnerabilities in application code.

This skill enables Claude to set up and fine-tune industry-leading SAST tools including Semgrep, SonarQube, and CodeQL across various programming environments. It provides specialized guidance for creating custom security rules, integrating scanning into CI/CD pipelines, and establishing quality gates to enforce security standards. By optimizing scan performance and reducing false positives, this skill helps developers and security teams implement robust DevSecOps practices and maintain high code security standards without slowing down development cycles.

Key Features

01CI/CD pipeline integration for automated security gates

02Custom security rule development with pattern matching

03Compliance-focused scanning for PCI-DSS and SOC 2

04Optimization strategies to reduce false positives and scan time

0523,194 GitHub stars

06Automated configuration for Semgrep, SonarQube, and CodeQL

Use Cases

01Establishing automated security gates within GitHub Actions or GitLab CI

02Implementing security scanning for new or legacy codebases

03Creating organization-specific security rules to prevent recurring vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add wshobson/agents sast-configuration

For use in Claude.ai and ChatGPT

Download Skill