sast-semgrep

Solid

Static application security testing (SAST) using Semgrep for vulnerability detection, security code review, and secure coding guidance with OWASP and CWE framework mapping. Use when: (1) Scanning code for security vulnerabilities across multiple languages, (2) Performing security code reviews with pattern-based detection, (3) Integrating SAST checks into CI/CD pipelines, (4) Providing remediation guidance with OWASP Top 10 and CWE mappings, (5) Creating custom security rules for organization-specific patterns, (6) Analyzing dependencies for known vulnerabilities.

Testing & QA 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# SAST with Semgrep ## Overview Perform comprehensive static application security testing using Semgrep, a fast, open-source static analysis tool. This skill provides automated vulnerability detection, security code review workflows, and remediation guidance mapped to OWASP Top 10 and CWE standards. ## Quick Start Scan a codebase for security vulnerabilities: ```bash semgrep --config=auto --severity=ERROR --severity=WARNING /path/to/code ``` Run with OWASP Top 10 ruleset: ```bash semgrep --config="p/owasp-top-ten" /path/to/code ``` ## Core Workflows ### Workflow 1: Initial Security Scan 1. Identify the primary languages in the codebase 2. Run `scripts/semgrep_scan.py` with appropriate rulesets 3. Parse findings and categorize by severity (CRITICAL, HIGH, MEDIUM, LOW) 4. Map findings to OWASP Top 10 and CWE categories 5. Generate prioritized remediation report ### Workflow 2: Security Code Review 1. For pull requests or commits, run targeted scans on changed files 2. Use `semgrep --diff` to scan only modified code 3. Flag high-severity findings as blocking issues 4. Provide inline remediation guidance from `references/remediation_guide.md` 5. Link findings to secure coding patterns ### Workflow 3: Custom Rule Development 1. Identify organization-specific security patterns to detect 2. Create custom Semgrep rules in YAML format using `assets/rule_template.yaml` 3. Test rules against known vulnerable code samples 4. Integrate custom rules into CI/CD pipeline 5. Doc...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Integrates with

GitHub · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-semgrep-for-custom-sast-rules

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards, and integrate into CI/CD pipelines.

13,115 Updated today
mukul975
AI & Automation Solid

sast-analyzer

Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools. Parse, prioritize, and deduplicate findings across multiple tools with remediation guidance.

1,160 Updated today
a5c-ai
AI & Automation Listed

semgrep

Run Semgrep security and code quality analysis

10 Updated 6 days ago
jmylchreest
Testing & QA Featured

sast-configuration

Static Application Security Testing (SAST) tool setup, configuration, and custom rule creation for comprehensive security scanning across multiple programming languages.

27,705 Updated today
davila7
AI & Automation Solid

semgrep

Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.

5,501 Updated 4 days ago
trailofbits