semgrep-sast
OfficialDetect known code vulnerabilities with semgrep
Authorjikig-ai
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill performs deterministic static analysis to catch known vulnerability signatures, hardcoded secrets, insecure function calls, and CWE patterns that probabilistic LLM-based reviews can miss, improving the reliability of security-focused code reviews.
Core Features & Use Cases
- Deterministic Pattern Matching: Execute semgrep rule-based scans to identify known insecure code patterns and secrets that statistical models may overlook.
- Changed-files Only Scanning: Limit analysis to files modified in the current diff to reduce noise and avoid aggregating repository-wide findings.
- Structured, Inline Findings: Report file/line, rule ID, CWE if present, code snippet, and remediation guidance grouped by severity without writing results to disk.
- Graceful Degradation: Detect missing or failing semgrep installations and skip scanning with a clear warning instead of blocking the review.
- Use Case: Run this Skill during a pull request review to automatically surface hardcoded credentials or insecure API usage introduced by the change.
Quick Start
Run semgrep-sast to scan only the changed files in this pull request and return grouped, inline findings.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: semgrep-sast Download link: https://github.com/jikig-ai/soleur/archive/main.zip#semgrep-sast Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.