Static analysis security testing (SAST) is a technique and class of solutions that performs automated testing and analysis of program source code to identify security flaws in applications. SAST is a powerful security tool that offers a variety of advantages. For example, because it does not rely on runtime environments, it can be used to test code during development, catching vulnerabilities early on.
Organizations may be tempted to regard SAST as a complete response to application security precisely because it’s such a powerful tool. However, there is no one complete answer to security. SAST will not detect all vulnerabilities, and some types of application flaws are outside its scope. The first principle of security is that security should be built into applications — and, indeed, all processes — from the outset.