Sast

This skill guides the setup and configuration of Static Application Security Testing (SAST) tools including Semgrep, SonarQube, and CodeQL. It helps developers integrate security scanning into CI/CD pipelines, create custom security rules, and establish quality gates for vulnerability detection across multiple programming languages.

A comprehensive guide for using Semgrep, a fast static analysis tool for finding bugs and security vulnerabilities. Covers installation, custom rule writing, CI/CD integration with GitHub Actions, and best practices for security scanning without sharing code with third parties.