SAST Fundamentals III - FOSS SAST tools
At the moment GitLab integrates different SAST solutions all of which use different data-structures to represent source-code. They all use different strategies to actually detect vulnerability or code bugs/issues. Some of them rely only on AST patterns, others use a taint-based analysis.
The goal of this brown-bag is to illustrate the strength and weaknesses of all integrated SAST tools based on their underlying technology.
Edited by Julian Thome