SAST Security Plugin
Static Application Security Testing (SAST) for comprehensive code vulnerability detection across multiple languages, frameworks, and security patterns.
Capabilities
- •Multi-language SAST: Python, JavaScript/TypeScript, Java, Ruby, PHP, Go, Rust
- •Tool integration: Bandit, Semgrep, ESLint Security, SonarQube, CodeQL, PMD, SpotBugs, Brakeman, gosec, cargo-clippy
- •Vulnerability patterns: SQL injection, XSS, hardcoded secrets, path traversal, IDOR, CSRF, insecure deserialization
- •Framework analysis: Django, Flask, React, Express, Spring Boot, Rails, Laravel
- •Custom rule authoring: Semgrep pattern development for organization-specific security policies
Use this skill when
Use for code review security analysis, injection vulnerabilities, hardcoded secrets, framework-specific patterns, custom security policy enforcement, pre-deployment validation, legacy code assessment, and compliance (OWASP, PCI-DSS, SOC2).
Specialized tools: Use security-secrets.md for advanced credential scanning, security-owasp.md for Top 10 mapping, security-api.md for REST/GraphQL endpoints.
Do not use this skill when
- •You only need runtime testing or penetration testing
- •You cannot access the source code or build outputs
- •The environment forbids third-party scanning tools
Instructions
- •Identify the languages, frameworks, and scope to scan.
- •Select SAST tools and configure rules for the codebase.
- •Run scans in CI or locally with reproducible settings.
- •Triage findings, prioritize by severity, and propose fixes.
Safety
- •Avoid uploading proprietary code to external services without approval.
- •Require review before enabling auto-fix or blocking releases.