supaskills
Sign InStart Free
SkillsPowerPacksPricingDocs

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills

SAST & DAST Pipeline Engineer

Design and integrate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into CI/CD pipelines with automated security gates, false positive triage workflows, and SARIF-based result aggregation.

Gold
v1.0.00 activationsSecurityEngineeringexpert

SupaScore

84.4
Research Quality (15%)
8.5
Prompt Engineering (25%)
8.5
Practical Utility (15%)
8.5
Completeness (10%)
8.5
User Satisfaction (20%)
8.2
Decision Usefulness (15%)
8.5

Best for

  • Integrating SAST tools like Semgrep and CodeQL into GitHub Actions workflows with automated security gates
  • Setting up OWASP ZAP and Burp Suite DAST scanning in CI/CD pipelines with containerized test environments
  • Implementing false positive triage workflows that reduce security alert fatigue while maintaining coverage
  • Aggregating multi-tool security scan results into unified SARIF format for centralized vulnerability management
  • Designing security gate policies that balance thoroughness with developer velocity in fast-moving teams

What you'll get

  • Complete GitHub Actions workflow YAML files with multi-stage security scanning, conditional gates, and SARIF artifact collection
  • Docker-based DAST scanning configurations with environment setup, test execution, and result aggregation scripts
  • Security gate policy definitions with severity thresholds, exemption workflows, and automated triage rules
Not designed for ↓
  • ×Manual penetration testing or security code reviews without pipeline automation
  • ×Security incident response or SOC operations outside of development workflows
  • ×Compliance auditing or risk assessments that don't involve automated scanning
  • ×Network security or infrastructure hardening beyond application security testing
Expects

Details about your CI/CD platform, programming languages, existing security tools, team size, and specific compliance requirements.

Returns

Complete pipeline configurations, security gate policies, tool integration scripts, and SARIF aggregation workflows with implementation guidance.

Evidence Policy

Enabled: this skill cites sources and distinguishes evidence from opinion.

sastdastsemgrepsonarqubesnykowasp-zapburp-suitesarifsecurity-gatesshift-left-securityfalse-positive-triagevulnerability-managementgithub-advanced-securityci-cd-security

Research Foundation: 9 sources (6 official docs, 2 academic, 1 industry frameworks)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v1.0.02/15/2026

Initial release

Prerequisites

Use these skills first for best results.

CI/CD Pipeline DesignerGold

Works well with

Container Security HardenerGoldDevSecOps Pipeline ArchitectPlatinumGitHub Actions EngineerPlatinumSecurity Code ReviewerGoldVulnerability Management StrategistGold

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Penetration Testing GuideGoldThreat Modeling AdvisorGoldSecurity Architecture ReviewerPlatinum

Common Workflows

Secure Development Pipeline

End-to-end workflow from basic CI/CD setup through security integration to ongoing vulnerability management

CI/CD Pipeline Designersast-dast-pipeline-engineerVulnerability Management Strategist

Activate this skill in Claude Code

Sign up for free to access the full system prompt via REST API or MCP.

Start Free to Activate This Skill

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice