mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.4 KiB
1.4 KiB
API Reference: SAST in GitHub Actions Pipeline
Semgrep CLI
Installation
pip install semgrep
Scan Commands
semgrep scan --config auto --json . # Auto-detect rules
semgrep scan --config p/owasp-top-ten --json . # OWASP rules
semgrep scan --config p/ci --sarif . # CI-optimized rules
JSON Output Structure
{"results": [{"check_id": "rule-id", "path": "file.py",
"start": {"line": 10}, "extra": {"severity": "ERROR",
"message": "...", "metadata": {"cwe": ["CWE-89"], "owasp": ["A03"]}}}]}
Severity Levels
| Level | Action |
|---|---|
| ERROR | Block merge |
| WARNING | Require review |
| INFO | Advisory only |
GitHub Actions Integration
Semgrep Action
- uses: returntocorp/semgrep-action@v1
with:
config: auto
generateSarif: "1"
SARIF Upload
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: semgrep.sarif
SARIF 2.1.0 Schema
| Field | Description |
|---|---|
runs[].tool.driver.name |
Scanner name |
runs[].tool.driver.rules |
Rule definitions |
runs[].results |
Finding instances |
results[].ruleId |
Matching rule ID |
results[].level |
error, warning, note |
References
- Semgrep: https://semgrep.dev/docs/
- GitHub Code Scanning: https://docs.github.com/en/code-security/code-scanning
- SARIF spec: https://docs.oasis-open.org/sarif/sarif/v2.1.0/