SAST Configuration

Static Application Security Testing (SAST) tool setup, configuration, and custom rule creation for comprehensive security scanning across multiple programming languages.

Overview

This skill provides comprehensive guidance for setting up and configuring SAST tools including Semgrep, SonarQube, and CodeQL. Use this skill when you need to:

• Set up SAST scanning in CI/CD pipelines
• Create custom security rules for your codebase
• Configure quality gates and compliance policies
• Optimize scan performance and reduce false positives
• Integrate multiple SAST tools for defense-in-depth

Core Capabilities