Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

ahmad-ubaidillah/security-scanning-security-sast

Name: security-scanning-security-sast
Author: ahmad-ubaidillah

aizen-gate/skills-reference/.agent/skills/security-scanning-security-sast/SKILL.md

npx skillsauth add ahmad-ubaidillah/aizen-gate security-scanning-security-sast

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

SAST Security Plugin

Static Application Security Testing (SAST) for comprehensive code vulnerability detection across multiple languages, frameworks, and security patterns.

Capabilities

Multi-language SAST: Python, JavaScript/TypeScript, Java, Ruby, PHP, Go, Rust
Tool integration: Bandit, Semgrep, ESLint Security, SonarQube, CodeQL, PMD, SpotBugs, Brakeman, gosec, cargo-clippy
Vulnerability patterns: SQL injection, XSS, hardcoded secrets, path traversal, IDOR, CSRF, insecure deserialization
Framework analysis: Django, Flask, React, Express, Spring Boot, Rails, Laravel
Custom rule authoring: Semgrep pattern development for organization-specific security policies

Use this skill when

Use for code review security analysis, injection vulnerabilities, hardcoded secrets, framework-specific patterns, custom security policy enforcement, pre-deployment validation, legacy code assessment, and compliance (OWASP, PCI-DSS, SOC2).

Specialized tools: Use security-secrets.md for advanced credential scanning, security-owasp.md for Top 10 mapping, security-api.md for REST/GraphQL endpoints.

Do not use this skill when

You only need runtime testing or penetration testing
You cannot access the source code or build outputs
The environment forbids third-party scanning tools

Instructions

Identify the languages, frameworks, and scope to scan.
Select SAST tools and configure rules for the codebase.
Run scans in CI or locally with reproducible settings.
Triage findings, prioritize by severity, and propose fixes.

Safety

Avoid uploading proprietary code to external services without approval.
Require review before enabling auto-fix or blocking releases.

SAST Tool Selection

🧠 Knowledge Modules (Fractal Skills)

1. Python: Bandit

2. JavaScript/TypeScript: ESLint Security

3. Multi-Language: Semgrep

4. Other Language Tools

5. SQL Injection

6. Cross-Site Scripting (XSS)

7. Hardcoded Secrets

8. Path Traversal

9. Insecure Deserialization

10. Command Injection

11. Insecure Random

12. Django

13. Flask

14. Express.js

15. GitHub Actions

16. GitLab CI

ahmad-ubaidillah/security-scanning-security-sast

aizen-gate/skills-reference/.agent/skills/security-scanning-security-sast/SKILL.md

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

development

Updated Mar 28, 2026

$ install --global

skillsauth

npx skillsauth add ahmad-ubaidillah/aizen-gate security-scanning-security-sast

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 30, 2026, 9:59 PM56.1s17 files scanned

SKILL.md

version:: 4.1.0-fractal
name:: security-scanning-security-sast
description:: Static Application Security Testing (SAST) for code vulnerability
globs:: **/*.py, **/*.js, **/*.ts, **/*.java, **/*.rb, **/*.go, **/*.rs, **/*.php
keywords:: sast, static analysis, code security, vulnerability scanning, bandit,

SAST Security Plugin

Static Application Security Testing (SAST) for comprehensive code vulnerability detection across multiple languages, frameworks, and security patterns.

Capabilities

Multi-language SAST: Python, JavaScript/TypeScript, Java, Ruby, PHP, Go, Rust
Tool integration: Bandit, Semgrep, ESLint Security, SonarQube, CodeQL, PMD, SpotBugs, Brakeman, gosec, cargo-clippy
Vulnerability patterns: SQL injection, XSS, hardcoded secrets, path traversal, IDOR, CSRF, insecure deserialization
Framework analysis: Django, Flask, React, Express, Spring Boot, Rails, Laravel
Custom rule authoring: Semgrep pattern development for organization-specific security policies

Use this skill when

Specialized tools: Use security-secrets.md for advanced credential scanning, security-owasp.md for Top 10 mapping, security-api.md for REST/GraphQL endpoints.

Do not use this skill when

You only need runtime testing or penetration testing
You cannot access the source code or build outputs
The environment forbids third-party scanning tools

Instructions

Identify the languages, frameworks, and scope to scan.
Select SAST tools and configure rules for the codebase.
Run scans in CI or locally with reproducible settings.
Triage findings, prioritize by severity, and propose fixes.

Safety

Avoid uploading proprietary code to external services without approval.
Require review before enabling auto-fix or blocking releases.

SAST Tool Selection

🧠 Knowledge Modules (Fractal Skills)

1. Python: Bandit

2. JavaScript/TypeScript: ESLint Security

3. Multi-Language: Semgrep

4. Other Language Tools

5. SQL Injection

6. Cross-Site Scripting (XSS)

7. Hardcoded Secrets

8. Path Traversal

9. Insecure Deserialization

10. Command Injection

11. Insecure Random

12. Django

13. Flask

14. Express.js

15. GitHub Actions

16. GitLab CI

Related Skills

ahmad-ubaidillah/angular

development

VerifiedTrustedCommunity

Modern Angular (v20+) expert with deep knowledge of Signals, Standalone Components, Zoneless applications, SSR/Hydration, and reactive patterns.

SKILL.mdUpdated Mar 28, 2026

ahmad-ubaidillah/angular

ahmad-ubaidillah/angular-ui-patterns

development

VerifiedTrustedCommunity

Modern Angular UI patterns for loading states, error handling, and data display. Use when building UI components, handling async data, or managing component states.

SKILL.mdUpdated Mar 28, 2026

ahmad-ubaidillah/angular-ui-patterns

ahmad-ubaidillah/angular-state-management

tools

VerifiedTrustedCommunity

Master modern Angular state management with Signals, NgRx, and RxJS. Use when setting up global state, managing component stores, choosing between state solutions, or migrating from legacy patterns.

SKILL.mdUpdated Mar 28, 2026

ahmad-ubaidillah/angular-state-management

ahmad-ubaidillah/angular-migration

development

VerifiedTrustedCommunity

Migrate from AngularJS to Angular using hybrid mode, incremental component rewriting, and dependency injection updates. Use when upgrading AngularJS applications, planning framework migrations, or ...

SKILL.mdUpdated Mar 28, 2026

ahmad-ubaidillah/angular-migration

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/ahmad-ubaidillah/aizen-gate.git

# Copy into Claude Code skills folder (global)
cp -r aizen-gate/aizen-gate/skills-reference/.agent/skills/security-scanning-security-sast ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

ahmad-ubaidillah/aizen-gate

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT