Static Application Security Testing (SAST)
is a method used to review the source code of an application to identify potential vulnerabilities.
- It is commonly integrated into DevOps pipelines.
- Depending on the risk of the vulnerability risk, it can block a release.
- It provides immediate feedback to developers if new issues are introduced in the code.
- The cost of fixing the vulnerabilities is low since since they are caught at early stages.
- it’s fair to say that this kind of tools catch around 50% of the vulnerabilities.
- it doesn’t scan dependencies or libraries included in the project.
- Strategically, it is considered a shift-left security tool.