SAST

What is SAST? Static Application Security Testing (SAST) scans source code for vulnerabilities. It is a form of white-box testing and would have access to the application source code.

When should SAST take place? It is critical to perform SAST scanning as early as possible in the Secure Development Life Cycle (SDLC). Coordinating linting tools and IDE extensions with SAST solutions is a great solution. While also running SAST scans in the CI/CD with gating enabled. This ensures continuous visibility into vulnerabilities and reduces the amount of vulnerabilities that get into production.

What SAST solutions are available to Medtronic? Contrast CLI SAST SonarQube SAST