sast-configuration
Configure Semgrep, SonarQube, and CodeQL SAST scanning and custom rules in CI/CD.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for sast-configuration, derived from its capabilities.
AIVSS 8.4 ยท High
View MAESTRO 7-layer threat model โOverview
An Agent Skill that guides the agent to set up static application security testing: Semgrep, SonarQube, and CodeQL configuration, custom rule authoring, quality gates, and false-positive tuning. It injects DevSecOps pipeline patterns and can compose multiple SAST tools for defense-in-depth.
Key features
- Semgrep/SonarQube/CodeQL setup
- Custom security-rule authoring
- CI/CD quality gates and FP tuning
Use cases
- Adding SAST to CI/CD
- Writing custom code-scanning rules