Static Application Security Testing (SAST) - CI/CD Glossary Definition
SAST scans code without executing it to find security flaws before the app ever runs.
SAST analyzes application source code, bytecode, or binaries without running them, flagging vulnerability patterns such as injection risks or unsafe API use early in development.
SAST scans code without executing it to find security flaws before the app ever runs.
In CI
SAST runs directly against the repository on each pull request, so it fits naturally as a pipeline stage and can block merges when high-severity findings appear.
Related guides
Dynamic Application Security Testing (DAST) - CI/CD Glossary DefinitionDynamic Application Security Testing (DAST): DAST tests a running application from the outside, sending craft…
Software Composition Analysis (SCA) - CI/CD Glossary DefinitionSoftware Composition Analysis (SCA): SCA inventories a project's open-source and third-party dependencies and…
Security Gate - CI/CD Glossary DefinitionSecurity Gate: A security gate is a pipeline checkpoint that blocks a change from progressing unless it passe…