sast▌

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards, and integrate into CI/CD pipelines.

Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.

This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub Actions CI/CD pipelines. It addresses configuring automated code scanning on pull requests and pushes, tuning rules to reduce false positives, uploading SARIF results to GitHub Advanced Security, and establishing quality gates that block merges when high-severity vulnerabilities are detected.

Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection across repositories at enterprise scale.

Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation.

Static Application Security Testing (SAST) for comprehensive code vulnerability detection across multiple languages, frameworks, and security patterns.

Configure SAST tools for automated vulnerability detection across multiple languages and CI/CD pipelines. \n \n Covers three major SAST platforms: Semgrep (custom pattern-based rules), SonarQube (quality gates and code coverage), and CodeQL (GitHub Advanced Security integration) \n Includes CI/CD integration patterns for GitHub Actions, GitLab CI, and Jenkins, plus pre-commit hook setup for early detection \n Provides production-ready configuration templates, custom rule examples, and performanc