datadog-saist: AI-Native Static Application Security Testing (SAST) Tool

This repository hosts datadog-saist, an AI-native Static Application Security Testing tool developed by Datadog. Unlike traditional SAST tools that rely on parsing and rule-based analysis, it uses large language models from Anthropic, OpenAI, or Google to detect security vulnerabilities in source code. Currently in preview, it supports Go, Java, Python, C#, JavaScript, TypeScript, and Kotlin. The tool can be used standalone on a laptop and requires an API key for one of the supported LLM providers, but does not require a Datadog account. It generates industry-standard SARIF reports, builds project context for accurate analysis, and offers features like cross-file indexing and configurable concurrency. The project is written in Go, uses Tree-sitter for parsing, and is available under an open-source license. 

https://github.com/DataDog/datadog-saist

Comments

Popular posts from this blog

Prompt Engineering Demands Rigorous Evaluation

SecObserve: Simplified Vulnerability and License Management for CI/CD Pipelines

OWASP ZAP 2.16.0 Introduces Key Updates and Enhancements