Skills
.Work. You
Rest

sast-runner

Community

Automate SAST with Semgrep.

Software Engineering#security#sast#vulnerabilities#devsecops#static-analysis#scanning#semgrep
Authornaporin0624
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill wraps Semgrep to perform Static Application Security Testing (SAST), scanning source code for vulnerabilities, security anti-patterns, and OWASP Top 10 issues.

Core Features & Use Cases

  • Auto-detect languages and apply relevant rulesets
  • Output findings in JSON or human-readable formats
  • Use cases include scanning entire repositories or specific paths for security vulnerabilities

Quick Start

  • Install Semgrep using your preferred method:
    • pip install semgrep
    • brew install semgrep
    • docker pull semgrep/semgrep
  • Run with the CLI:
    • npx sast-runner .
    • npx sast-runner . --config security-audit
    • npx sast-runner . --json
    • npx sast-runner --list-configs
    • npx sast-runner --check

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: sast-runner
Download link: https://github.com/naporin0624/claude-web-audit-plugins/archive/main.zip#sast-runner

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository