SAST

4 posts

More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities. The post The architecture of SAST tools: An explainer for developers appeared first on The GitHub Blog.

Nicole Choi2/12/2024

GitHub

Security AI-Insights AppSec CodeQL DevSecOps GitHub-Advanced-Security SAST

AppSec is harder than you think. Here’s how AI can help.

In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how. The post AppSec is harder than you think. Here’s how AI can help. appeared first on The GitHub Blog.

Eric Tooley2/6/2024

GitHub

Security code-scanning CodeQL SAST

CodeQL team uses AI to power vulnerability detection in code

Learn how GitHub’s CodeQL leveraged AI modeling and multi-repository variant analysis to discover a new CVE in Gradle. The post CodeQL team uses AI to power vulnerability detection in code appeared first on The GitHub Blog.

Walker Chabbott9/12/2023

Microsoft

Engineering@Microsoft 1ES SARIF SAST security standards

Caesar, standards, and SAST: The road to SARIF

In this post, Michael Fanning gives us a short history on standards (think Julius Caesar), how consensus on something very small can enable something very large, and how all of it relates to the design of the ‘Static Analysis Results Interchange Format’ (SARIF). The post Caesar, standards, and SAST: The road to SARIF appeared first on Engineering@Microsoft.

Michael C. Fanning9/27/2021