Secure software development life cycle models propose static code analysis testing as a best practice for development. The purpose of static code analysis testing (SAST) tools is to detect bad code, bugs and potential security issues.

There are free and commercial SAST solutions available. Does it make a difference which one to use? We put some of them to a test to find out how they fare in uncovering security vulnerabilities.

How to benefit from SAST tools

Programming mistakes generate bugs, and bugs can be exploited as security vulnerabilities. SAST tools are used to discover bad code as soon as possible, before it becomes part of…

Valtteri Rahkonen

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store