Devsecops

This skill guides the setup and configuration of Static Application Security Testing (SAST) tools including Semgrep, SonarQube, and CodeQL. It helps developers integrate security scanning into CI/CD pipelines, create custom security rules, and establish quality gates for vulnerability detection across multiple programming languages.

This skill provides comprehensive security threat modeling capabilities using the STRIDE methodology. It helps security professionals build attack trees to visualize threat paths, map threats to security controls, extract security requirements from threat models, and configure SAST tools for automated vulnerability detection.