Skip to content

SAST

Medium — good to knowSecurity

ELI5 — The Vibe Check

SAST scans your source code for security bugs WITHOUT running it. It reads your code like a very paranoid code reviewer who knows every vulnerability pattern. SQL injection? It'll find it. Hardcoded secrets? Caught. It's like spell-check but for security holes.

Real Talk

Static Application Security Testing analyzes source code, bytecode, or binaries for security vulnerabilities without execution. It identifies issues like injection flaws, buffer overflows, and insecure configurations by tracing data flows and matching vulnerability patterns. Tools include Semgrep, SonarQube, and Checkmarx.

When You'll Hear This

"SAST caught a SQL injection vulnerability in the PR before it was merged." / "We run SAST in CI — no code ships without a clean scan."

Related Terms

Code Review

A code review is when another developer reads your code before it gets merged, looking for bugs, bad practices, or anything confusing.

beginnerGeneral Dev

DAST

DAST attacks your running application to find vulnerabilities — like hiring a friendly hacker to poke at your website.

intermediateSecurity

SCA

SCA checks if the libraries you're using have known vulnerabilities. You didn't write the bug, but you imported it. That lodash version from 2019?

intermediateSecurity

Secret Scanning

Secret Scanning checks your code for accidentally committed passwords, API keys, and tokens. Pushed your AWS key to GitHub?

beginnerSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.