security-scanning-security-sastlisted

# SAST Security Plugin Static Application Security Testing (SAST) for comprehensive code vulnerability detection across multiple languages, frameworks, and security patterns. ## Capabilities - **Multi-language SAST**: Python, JavaScript/TypeScript, Java, Ruby, PHP, Go, Rust - **Tool integration**: Bandit, Semgrep, ESLint Security, SonarQube, CodeQL, PMD, SpotBugs, Brakeman, gosec, cargo-clippy - **Vulnerability patterns**: SQL injection, XSS, hardcoded secrets, path traversal, IDOR, CSRF, insecure deserialization - **Framework analysis**: Django, Flask, React, Express, Spring Boot, Rails, Laravel - **Custom rule authoring**: Semgrep pattern development for organization-specific security policies ## Use this skill when Use for code review security analysis, injection vulnerabilities, hardcoded secrets, framework-specific patterns, custom security policy enforcement, pre-deployment validation, legacy code assessment, and compliance (OWASP, PCI-DSS, SOC2). **Specialized tools**: Use `security-secrets.md` for advanced credential scanning, `security-owasp.md` for Top 10 mapping, `security-api.md` for REST/GraphQL endpoints. ## Do not use this skill when - You only need runtime testing or penetration testing - You cannot access the source code or build outputs - The environment forbids third-party scanning tools ## Instructions 1. Identify the languages, frameworks, and scope to scan. 2. Select SAST tools and configure rules for the codebase. 3. Run scans in CI or locally