More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities. 
The post The architecture of SAST tools: An explainer for developers appeared first on The GitHub Blog.

The architecture of SAST tools: An explainer for developers

In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how. 
The post AppSec is harder than you think. Here’s how AI can help. appeared first on The GitHub Blog.

AppSec is harder than you think. Here’s how AI can help.

Learn how GitHub’s CodeQL leveraged AI modeling and multi-repository variant analysis to discover a new CVE in Gradle.
The post CodeQL team uses AI to power vulnerability detection in code appeared first on The GitHub Blog.

CodeQL team uses AI to power vulnerability detection in code

In this post, Michael Fanning gives us a short history on standards (think Julius Caesar), how consensus on something very small can enable something very large, and how all of it relates to the design of the ‘Static Analysis Results Interchange Format’ (SARIF).
The post Caesar, standards, and SAST: The road to SARIF appeared first on Engineering@Microsoft.

CoFeed

Posts about #sast from the top innovative companies, all in one place.