Skip to main content
Intermediate ~12 hours
🛡️ Security Engineer🔧 DevOps Engineer

SAST + Secret Scanning Pipeline

Build a CI security pipeline: SAST, dependency scanning, secret detection, with proper triage workflow.

Semgrep + Trivy + gitleaksGitHub ActionsCI integration

About this project

Most companies bolt on a SAST tool and ignore the alerts. This project teaches the discipline: tool selection (Semgrep, CodeQL, Snyk), triage workflow, false-positive management, and the org skill of getting developers to actually fix findings. Set it up on a real repo and ship it with documented triage SLAs.

Why build this in 2026?

Supply-chain security is now a regulatory requirement in many sectors.

What you'll ship

  • GitHub repo with the pipeline
Triage SLA document
Sample false-positive suppression workflow

Sign up to see the full project brief

Full deliverables, success criteria, and AI Career Tutor support — free.

Sign up free Already have an account? Sign in

You'll unlock:Complete project brief, AI tutor that knows this project, and progress tracking when you start.

Skills you'll practice

securitycicdgithub actions