Skills
skills/dokhacgiakhoa/antigravity-ide/security-scanning-security-sast

security-scanning-security-sast

SKILL.md

SAST Security Plugin

Static Application Security Testing (SAST) for comprehensive code vulnerability detection across multiple languages, frameworks, and security patterns.

Capabilities

  • Multi-language SAST: Python, JavaScript/TypeScript, Java, Ruby, PHP, Go, Rust
  • Tool integration: Bandit, Semgrep, ESLint Security, SonarQube, CodeQL, PMD, SpotBugs, Brakeman, gosec, cargo-clippy
  • Vulnerability patterns: SQL injection, XSS, hardcoded secrets, path traversal, IDOR, CSRF, insecure deserialization
  • Framework analysis: Django, Flask, React, Express, Spring Boot, Rails, Laravel
  • Custom rule authoring: Semgrep pattern development for organization-specific security policies

Use this skill when

Use for code review security analysis, injection vulnerabilities, hardcoded secrets, framework-specific patterns, custom security policy enforcement, pre-deployment validation, legacy code assessment, and compliance (OWASP, PCI-DSS, SOC2).

Specialized tools: Use security-secrets.md for advanced credential scanning, security-owasp.md for Top 10 mapping, security-api.md for REST/GraphQL endpoints.

Do not use this skill when

  • You only need runtime testing or penetration testing
  • You cannot access the source code or build outputs
  • The environment forbids third-party scanning tools

Instructions

  1. Identify the languages, frameworks, and scope to scan.
  2. Select SAST tools and configure rules for the codebase.
  3. Run scans in CI or locally with reproducible settings.
  4. Triage findings, prioritize by severity, and propose fixes.

Safety

  • Avoid uploading proprietary code to external services without approval.
  • Require review before enabling auto-fix or blocking releases.

SAST Tool Selection

🧠 Knowledge Modules (Fractal Skills)

1. Python: Bandit

2. JavaScript/TypeScript: ESLint Security

3. Multi-Language: Semgrep

4. Other Language Tools

5. SQL Injection

6. Cross-Site Scripting (XSS)

7. Hardcoded Secrets

8. Path Traversal

9. Insecure Deserialization

10. Command Injection

11. Insecure Random

12. Django

13. Flask

14. Express.js

15. GitHub Actions

16. GitLab CI

Weekly Installs
1
Repository
dokhacgiakhoa/a…vity-ide
GitHub Stars
384
First Seen
12 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1