sast-configuration

Quick Review

Well-structured skill with comprehensive coverage of SAST configuration across multiple tools (Semgrep, SonarQube, CodeQL). The description clearly conveys when to use the skill, and the SKILL.md provides solid task knowledge including setup commands, configuration examples, best practices, and troubleshooting guidance. The structure is logical with clear sections and references to external files for detailed documentation. However, novelty is moderate since much of this involves configuring existing tools with well-documented processes that a CLI agent could potentially accomplish with sufficient prompting, though the skill does provide valuable consolidation and organization-specific guidance. The skill would be particularly useful for teams new to SAST or implementing DevSecOps practices, reducing the research and trial-and-error typically required.