semgrep
Semgrep is a fast, lightweight static analysis tool for finding bugs, security vulnerabilities, and enforcing code standards across a codebase. The agent should use this skill when asked to run static analysis, scan code for security issues, detect code patterns or anti-patterns, write or test custom Semgrep rules, set up SAST in CI/CD pipelines, triage scan findings, suppress false positives, or perform a rapid security audit without building the project.
Installation and usage
Semgrep is a fast, lightweight static analysis tool for finding bugs, security vulnerabilities, and enforcing code standards across a codebase. The agent should use this skill when asked to run static analysis, scan code for security issues, detect code patterns or anti-patterns, write or test custom Semgrep rules, set up SAST in CI/CD pipelines, triage scan findings, suppress false positives, or perform a rapid security audit without building the project.
Después de instalarlo, puedes usar este skill ejecutando el siguiente comando en tu terminal:
skills use semgrep