SAST

  • SAST stands for Static Application Security Testing
  • It is the methodology for finding the security flaws in the application from the source code
  • It is White-box Security testing methodology

In SAST phase we are going to perform below scan

ToolsUses
SCAScan for security flaws in dependency
Secret ScanningScan for sensitive information in the codebase
SASTScan for security flaws in the application code