Static Application Security Testing (SAST)

is a method used to review the source code of an application to identify potential vulnerabilities.

• It is commonly integrated into DevOps pipelines.
• Depending on the risk of the vulnerability risk, it can block a release.
• It provides immediate feedback to developers if new issues are introduced in the code.
• The cost of fixing the vulnerabilities is low since since they are caught at early stages.
• it’s fair to say that this kind of tools catch around 50% of the vulnerabilities.
• it doesn’t scan dependencies or libraries included in the project.
• Strategically, it is considered a shift-left security tool.