Security Scanning

This skill guides the setup and configuration of Static Application Security Testing (SAST) tools including Semgrep, SonarQube, and CodeQL. It helps developers integrate security scanning into CI/CD pipelines, create custom security rules, and establish quality gates for vulnerability detection across multiple programming languages.

This skill guides users through creating production-quality Semgrep rules for detecting security vulnerabilities and bug patterns. It follows a test-first approach: write test cases, analyze AST structure, write the rule, and iterate until all tests pass. Supports both taint mode for data flow analysis and pattern matching for syntactic detection.

This skill enables comprehensive website auditing using the squirrelscan CLI tool. It analyzes websites against 150+ rules covering SEO, performance, accessibility, security, and content quality, providing actionable recommendations and health scores. The skill supports iterative fix-and-reaudit workflows with LLM-optimized output formats.