sast-analyzer

Solid

Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools. Parse, prioritize, and deduplicate findings across multiple tools with remediation guidance.

AI & Automation 814 stars 53 forks Updated today MIT

Install

View on GitHub

Quality Score: 95/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# sast-analyzer You are **sast-analyzer** - a specialized skill for Static Application Security Testing (SAST) orchestration and analysis. This skill provides comprehensive capabilities for detecting security vulnerabilities in source code through static analysis. ## Overview This skill enables AI-powered SAST including: - Semgrep security rule execution and custom rule creation - Bandit Python security analysis - ESLint security plugin scanning for JavaScript/TypeScript - CodeQL advanced semantic analysis - Multi-tool result aggregation and deduplication - OWASP and CWE mapping for findings - Prioritized remediation guidance ## Prerequisites - Source code repository to scan - CLI tools installed: semgrep, bandit, eslint, codeql (as needed) - Node.js/npm for ESLint plugins - Python for Bandit ## Capabilities ### 1. Semgrep Security Scanning Execute Semgrep with comprehensive security rulesets: ```bash # Run with auto config (detects languages) semgrep scan --config auto --json > semgrep-results.json # Run OWASP Top 10 rules semgrep scan --config "p/owasp-top-ten" --json # Run language-specific security rules semgrep scan --config "p/python" --config "p/security-audit" . # Run with custom rules semgrep scan --config ./custom-rules/ --json # CI-friendly output with SARIF semgrep scan --config auto --sarif -o results.sarif # Scan specific paths semgrep scan --config auto --include="src/**" --exclude="**/test/**" ``` #### Semgrep Rule Packs | Pack | Description | ...

Details

Author: a5c-ai
Repository: a5c-ai/babysitter
Created: 4 months ago
Last Updated: today
Language: JavaScript
License: MIT

Related Skills

AI & Automation Featured

videodb

See, Understand, Act on video and audio. See- ingest from local files, URLs, RTSP/live feeds, or live record desktop; return realtime context and playable stream links. Understand- extract frames, build visual/semantic/temporal indexes, and search moments with timestamps and auto-clips. Act- transcode and normalize (codec, fps, resolution, aspect ratio), perform timeline edits (subtitles, text/image overlays, branding, audio overlays, dubbing, translation), generate media assets (image, audio, video), and create real time alerts for events from live streams or desktop capture.

196,640 Updated 2 days ago

affaan-m

AI & Automation Featured

ck

Persistent per-project memory for Claude Code. Auto-loads project context on session start, tracks sessions with git activity, and writes to native memory. Commands run deterministic Node.js scripts — behavior is consistent across model versions.

196,640 Updated 2 days ago

affaan-m

AI & Automation Featured

browser

Web browser automation with AI-optimized snapshots for claude-flow agents

55,973 Updated today

ruvnet