SAST tooling does static analysis to find security issues. Things like scanning for secret keys, sql injection attacks, etc. Part of shift left on security strategy and Supply Chain Security practices.
Vendors/Solutions:
- https://semgrep.dev/
- https://checkmarx.com/cxsast-source-code-scanning/
- https://www.jit.io/
- https://snyk.io/product/snyk-code/
- https://www.mend.io/
Related:
- https://corgea.com/ - AI code submission to fix findings
See also: SemGrep for reachability analysis.