Spread the love

Static Application Security Testing (SAST)

is a method used to review the source code of an application to identify potential vulnerabilities.

  • It is commonly integrated into DevOps pipelines.
  • Depending on the risk of the vulnerability risk, it can block a release.
  • It provides immediate feedback to developers if new issues are introduced in the code.
  • The cost of fixing the vulnerabilities is low since since they are caught at early stages.
  • it’s fair to say that this kind of tools catch around 50% of the vulnerabilities.
  • it doesn’t scan dependencies or libraries included in the project.
  • Strategically, it is considered a shift-left security tool.

Leave a Reply

Your email address will not be published. Required fields are marked *