Open Skills Logo
Open Skills

security-scanning-security-sast

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

Author

@sickn33

Category

Development Tools

Install

Hot:6

Download and extract to your skills directory

Copy command and send to OpenClaw for auto-install:

Download and install this skill https://openskills.cc/api/download?slug=sickn33-skills-security-scanning-security-sast&locale=en&source=copy

SAST Security Plugin - Multilingual Static Code Security Scanning

Overview of Skills

The SAST Security Plugin provides static application security testing (SAST) across multiple programming languages. By integrating toolsets such as Bandit, Semgrep, and ESLint Security, it comprehensively detects security vulnerabilities in code, including SQL injection, XSS, hard-coded keys, and more.

Use Cases

  • Code Review and Security Analysis

    • Automatically detects security vulnerabilities before code is committed or merged. It supports popular languages such as Python, JavaScript, TypeScript, Java, Ruby, Go, Rust, and PHP, helping teams discover and fix security issues early in the development lifecycle.

  • CI/CD Pipeline Integration

    • Offers integration solutions for mainstream CI/CD platforms such as GitHub Actions and GitLab CI. Security scans run automatically on every build, preventing code containing high-severity vulnerabilities from entering production environments.

  • Compliance and Audit Checks

    • Supports vulnerability detection aligned with security standards such as OWASP Top 10, PCI-DSS, and SOC2. It generates structured security reports to meet enterprise compliance requirements and third-party security audit needs.

    Core Features

  • Multilingual Vulnerability Detection

    • Automatically selects the appropriate scanning tools for different languages: Python uses Bandit, JavaScript/TypeScript uses ESLint Security, Ruby uses Brakeman, Java uses SpotBugs, Go uses gosec, and more—ensuring the broadest possible coverage.

  • Framework Security Pattern Recognition

    • Performs in-depth analysis of framework-specific security issues in Django, Flask, Express, Spring Boot, Rails, Laravel, and others—such as Django’s CSRF configuration, Flask’s debug mode, missing helmet middleware in Express, and more.

  • Custom Security Rules

    • Based on the Semgrep rule engine, supports creating organization-specific security detection patterns, such as particular API key formats, internal sensitive endpoints, business logic vulnerabilities, etc., to implement more precise security policies.

    Frequently Asked Questions

    What’s the difference between SAST scanning and penetration testing?

    SAST (static application security testing) analyzes source code directly and does not run the program, allowing vulnerabilities to be detected quickly during development. Penetration testing is dynamic testing: it requires running the application and simulating attacks. SAST is better suited for everyday development workflows, while penetration testing is typically performed as a deep assessment before deployment.

    Which programming languages and frameworks are supported?

    Supports popular languages and frameworks including Python (Django, Flask), JavaScript/TypeScript (React, Express), Java (Spring Boot), Ruby (Rails), PHP (Laravel), Go, Rust, and more. It can automatically detect and select the appropriate scanning tools based on your project.

    Will the scan upload my code to an external service?

    No. All scanning tools run locally or on your self-hosted CI/CD servers, and the code will not leave your infrastructure. If you need to use a cloud scanning service, you must obtain explicit authorization.