implementing-devsecops-security-scanning
CommunityOrchestrate SAST/DAST/SCA in CI/CD pipelines.
System Documentation
What problem does it solve?
Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) into CI/CD pipelines using open-source tools. Covers Semgrep for SAST, Trivy for SCA and container scanning, OWASP ZAP for DAST, and Gitleaks for secrets detection. Activates for requests involving DevSecOps pipeline setup, automated security scanning in CI/CD, SAST/DAST/SCA integration, or shift-left security implementation.
Core Features & Use Cases
- SAST/DAST/SCA Orchestration: centralizes security checks across build, test, and release stages.
- Tool Coverage: includes Semgrep, Trivy, OWASP ZAP, and Gitleaks for comprehensive risk detection.
- Shift-Left Enablement: supports early vulnerability detection and governance in CI/CD pipelines.
Quick Start
Set up a DevSecOps pipeline that runs Semgrep, Trivy, and Gitleaks in CI/CD on every commit.
Dependency Matrix
Required Modules
None requiredComponents
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: implementing-devsecops-security-scanning Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#implementing-devsecops-security-scanning Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.