DEV Community

# sast

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Applying SAST Tools to Real Applications — A Hands-On Look at Bandit

Applying SAST Tools to Real Applications — A Hands-On Look at Bandit

Comments
4 min read
Why Your SAST Scanner Misses 86% of Real Vulnerabilities

Why Your SAST Scanner Misses 86% of Real Vulnerabilities

Comments
7 min read
Finding Security Bugs Before They Ship: Applying Bandit (SAST) to a Python Web App

Finding Security Bugs Before They Ship: Applying Bandit (SAST) to a Python Web App

40
Comments 1
5 min read
Applying SAST to Any Application with CodeQL

Applying SAST to Any Application with CodeQL

Comments
3 min read
DAST false negatives vs SAST false positives: a real case

DAST false negatives vs SAST false positives: a real case

1
Comments
10 min read
SAST vs SCA: why your CI pipeline needs both

SAST vs SCA: why your CI pipeline needs both

Comments
4 min read
CI/CD Seguro: Dependabot, SAST e DAST no GitHub

CI/CD Seguro: Dependabot, SAST e DAST no GitHub

Comments
10 min read
GitHub Advanced Security vs Kolega: why it is already in our repo is not the same as we are covered

GitHub Advanced Security vs Kolega: why it is already in our repo is not the same as we are covered

Comments
2 min read
Semgrep vs Kolega: a great floor, but a floor is not a finish line

Semgrep vs Kolega: a great floor, but a floor is not a finish line

Comments
2 min read
Aikido vs Kolega: the all-in-one platform is wide, but wide is not deep

Aikido vs Kolega: the all-in-one platform is wide, but wide is not deep

Comments
2 min read
Snyk vs Kolega: why pattern matching has a ceiling, and what sits above it

Snyk vs Kolega: why pattern matching has a ceiling, and what sits above it

Comments
2 min read
We benchmarked 24 SAST tools on ~700 real vulnerabilities. The 3 best known ones came last

We benchmarked 24 SAST tools on ~700 real vulnerabilities. The 3 best known ones came last

Comments
1 min read
SonarQube vs Kolega: why a code quality tool keeps getting sold as a security tool

SonarQube vs Kolega: why a code quality tool keeps getting sold as a security tool

Comments
2 min read
DevSecOps Automation: A Deep Dive into SAST

DevSecOps Automation: A Deep Dive into SAST

1
Comments
4 min read
Static Analysis Without Sending Your Code to the Cloud: Building KCode

Static Analysis Without Sending Your Code to the Cloud: Building KCode

1
Comments
8 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.