Semgrep

This skill guides the setup and configuration of Static Application Security Testing (SAST) tools including Semgrep, SonarQube, and CodeQL. It helps developers integrate security scanning into CI/CD pipelines, create custom security rules, and establish quality gates for vulnerability detection across multiple programming languages.

A variant analysis skill that helps security researchers find similar vulnerabilities across a codebase after discovering an initial bug. It provides a structured methodology for pattern-based searching, ready-to-use Semgrep rule templates for multiple languages (Python, JavaScript, Java, Go, C++), and documentation templates for tracking findings.

This skill helps security engineers port existing Semgrep rules to new programming languages. It provides a structured 4-phase workflow including applicability analysis, test-first development, rule creation, and validation. The skill includes detailed guidance for translating patterns between languages and ensuring rules are properly tested.

This skill guides users through creating production-quality Semgrep rules for detecting security vulnerabilities and bug patterns. It follows a test-first approach: write test cases, analyze AST structure, write the rule, and iterate until all tests pass. Supports both taint mode for data flow analysis and pattern matching for syntactic detection.