{"id":"48e5e5dc-5dab-4720-afe4-49b97342a915","shortId":"zqUZvZ","kind":"skill","title":"Semgrep SAST Scanner","tagline":"Runs Semgrep static analysis with custom rule packs targeting OWASP Top 10 patterns. Uses semgrep CLI with --config=auto and --sarif output for GitHub Advanced Security integration and CWE-tagged finding reports.","description":"# Semgrep SAST Scanner\n\nRuns Semgrep static analysis with custom rule packs targeting OWASP Top 10 patterns. Uses semgrep CLI with --config=auto and --sarif output for GitHub Advanced Security integration and CWE-tagged finding reports.\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- $ brew install semgrep\n- $ docker run -it -v \"${PWD}:/src\" semgrep/semgrep semgrep login\n- $ docker run -e SEMGREP_APP_TOKEN=<TOKEN> --rm -v \"${PWD}:/src\" semgrep/semgrep semgrep ci\n- $ brew upgrade semgrep\n\nRequirements and caveats from upstream:\n- <a href=\"https://hub.docker.com/r/semgrep/semgrep\">\n- <img src=\"https://img.shields.io/docker/pulls/semgrep/semgrep.svg?style=flat-square\" alt=\"Docker Pulls\" />\n- <img src=\"https://img.shields.io/docker/pulls/semgrep/semgrep.svg?style=flat-square\" alt=\"Docker Pulls (Old)\" />\n\nBasic usage or getting-started notes:\n- Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep [supports 30+ languages](#language-support) and can run in an IDE, as a...\n- [From the Semgrep AppSec Platform](#option-1-getting-started-from-the-semgrep-appsec-platform-recommended)\n- [From the CLI](#option-2-getting-started-from-the-cli)\n\n- Source: https://github.com/semgrep/semgrep\n- Extracted from upstream docs: https://raw.githubusercontent.com/semgrep/semgrep/HEAD/README.md\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/semgrep-sast-scanner-skill/)","tags":["semgrep","sast","scanner","skill","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex"],"capabilities":["skill","source-agentskillexchange","skill-semgrep-sast-scanner-skill","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/semgrep-sast-scanner-skill","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,527 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:25.515Z","embedding":null,"createdAt":"2026-05-18T13:19:19.286Z","updatedAt":"2026-05-18T19:12:25.515Z","lastSeenAt":"2026-05-18T19:12:25.515Z","tsv":"'-1':168 '-2':182 '/semgrep/semgrep':192 '/semgrep/semgrep/head/readme.md':199 '/skills/semgrep-sast-scanner-skill/)':206 '/src':93,106 '10':15,51 '30':149 'advanc':28,64 'agent':201 'agentskillexchange.com':205 'agentskillexchange.com/skills/semgrep-sast-scanner-skill/)':204 'analysi':7,43,133 'app':101 'appsec':165,175 'auto':22,58 'basic':118 'brew':85,110 'bug':139 'caveat':115 'ci':109 'cli':19,55,180,188 'code':137,145 'config':21,57 'custom':9,45 'cwe':33,69 'cwe-tag':32,68 'doc':196 'docker':88,97 'e':99 'enforc':141 'environ':84 'exchang':203 'extract':193 'fast':128 'find':35,71,138 'get':122,170,184 'getting-start':121 'getting-started-from-the-c':183 'getting-started-from-the-semgrep-appsec-platform-recommend':169 'github':27,63 'github.com':191 'github.com/semgrep/semgrep':190 'guardrail':143 'ide':159 'instal':73,77,86 'integr':30,66 'languag':150,152 'language-support':151 'login':96 'match':82 'note':124 'open':130 'open-sourc':129 'option':167,181 'output':25,61 'owasp':13,49 'pack':11,47 'path':80 'pattern':16,52 'platform':166,176 'pwd':92,105 'raw.githubusercontent.com':198 'raw.githubusercontent.com/semgrep/semgrep/head/readme.md':197 'recommend':177 'report':36,72 'requir':113 'rm':103 'rule':10,46 'run':4,40,89,98,156 'sarif':24,60 'sast':2,38 'scanner':3,39 'search':136 'secur':29,65,142 'semgrep':1,5,18,37,41,54,87,95,100,108,112,125,147,164,174 'semgrep/semgrep':94,107 'setup':79 'skill':202 'skill-semgrep-sast-scanner-skill' 'sourc':131,189,200 'source-agentskillexchange' 'standard':146 'start':123,171,185 'static':6,42,132 'support':148,153 'tag':34,70 'target':12,48 'token':102 'tool':134 'top':14,50 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'upgrad':111 'upstream':76,117,195 'usag':119 'use':17,53,74 'v':91,104","prices":[{"id":"02649198-c9af-496b-82c3-6bd1b0be0c73","listingId":"48e5e5dc-5dab-4720-afe4-49b97342a915","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:19:19.286Z"}],"sources":[{"listingId":"48e5e5dc-5dab-4720-afe4-49b97342a915","source":"github","sourceId":"agentskillexchange/skills/semgrep-sast-scanner-skill","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/semgrep-sast-scanner-skill","isPrimary":false,"firstSeenAt":"2026-05-18T13:19:19.286Z","lastSeenAt":"2026-05-18T19:12:25.515Z"}],"details":{"listingId":"48e5e5dc-5dab-4720-afe4-49b97342a915","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"semgrep-sast-scanner-skill","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"b9a07823cfdc43c0d2c930df994deb4697083062","skill_md_path":"skills/semgrep-sast-scanner-skill/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/semgrep-sast-scanner-skill"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Semgrep SAST Scanner","description":"Runs Semgrep static analysis with custom rule packs targeting OWASP Top 10 patterns. Uses semgrep CLI with --config=auto and --sarif output for GitHub Advanced Security integration and CWE-tagged finding reports."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/semgrep-sast-scanner-skill"},"updatedAt":"2026-05-18T19:12:25.515Z"}}