security-scanning-security-sast

star 444

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

Dokhacgiakhoa By Dokhacgiakhoa schedule Updated 2/11/2026
play_arrow Run Skill in Manus View GitHub

version: 4.1.0-fractal name: security-scanning-security-sast description: Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks metadata: globs: "**/*.py, **/*.js, **/*.ts, **/*.java, **/*.rb, **/*.go, **/*.rs, **/*.php" keywords: sast, static analysis, code security, vulnerability scanning, bandit, semgrep, eslint, sonarqube, codeql, security patterns, code review, ast analysis

SAST Security Plugin

Static Application Security Testing (SAST) for comprehensive code vulnerability detection across multiple languages, frameworks, and security patterns.

Capabilities

  • Multi-language SAST: Python, JavaScript/TypeScript, Java, Ruby, PHP, Go, Rust
  • Tool integration: Bandit, Semgrep, ESLint Security, SonarQube, CodeQL, PMD, SpotBugs, Brakeman, gosec, cargo-clippy
  • Vulnerability patterns: SQL injection, XSS, hardcoded secrets, path traversal, IDOR, CSRF, insecure deserialization
  • Framework analysis: Django, Flask, React, Express, Spring Boot, Rails, Laravel
  • Custom rule authoring: Semgrep pattern development for organization-specific security policies

Use this skill when

Use for code review security analysis, injection vulnerabilities, hardcoded secrets, framework-specific patterns, custom security policy enforcement, pre-deployment validation, legacy code assessment, and compliance (OWASP, PCI-DSS, SOC2).

Specialized tools: Use security-secrets.md for advanced credential scanning, security-owasp.md for Top 10 mapping, security-api.md for REST/GraphQL endpoints.

Do not use this skill when

  • You only need runtime testing or penetration testing
  • You cannot access the source code or build outputs
  • The environment forbids third-party scanning tools

Instructions

  1. Identify the languages, frameworks, and scope to scan.
  2. Select SAST tools and configure rules for the codebase.
  3. Run scans in CI or locally with reproducible settings.
  4. Triage findings, prioritize by severity, and propose fixes.

Safety

  • Avoid uploading proprietary code to external services without approval.
  • Require review before enabling auto-fix or blocking releases.

SAST Tool Selection

🧠 Knowledge Modules (Fractal Skills)

1. Python: Bandit

2. JavaScript/TypeScript: ESLint Security

3. Multi-Language: Semgrep

4. Other Language Tools

5. SQL Injection

6. Cross-Site Scripting (XSS)

7. Hardcoded Secrets

8. Path Traversal

9. Insecure Deserialization

10. Command Injection

11. Insecure Random

12. Django

13. Flask

14. Express.js

15. GitHub Actions

16. GitLab CI

Install via CLI
npx skills add https://github.com/Dokhacgiakhoa/antigravity-ide --skill security-scanning-security-sast
Repository Details
star Stars 444
call_split Forks 137
navigation Branch main
article Path SKILL.md
More from Creator
Dokhacgiakhoa
Dokhacgiakhoa Explore all skills →