What is SAST (Static Application Security Testing)?

Security testing that analyzes source code or build artifacts without executing the code.

Full explanation

SAST tools read your source code and flag patterns associated with vulnerabilities — string concatenation into SQL queries, missing escape on HTML output, use of weak crypto, and so on. Classic SAST is pattern-based and produces high false-positive rates. Modern SAST (including Securie's approach) adds intent-graph reasoning and sandbox verification to reduce noise.

Example

Snyk, Semgrep, CodeQL, Checkmarx, Veracode are all SAST tools. Each matches code against rule catalogs.

FAQ

SAST vs DAST?

SAST reads source code. DAST tests a running application. Securie runs both — static analysis to find candidates, sandbox dynamic testing to prove exploits.