What is SAST?
Last updated: Mar 16, 2026
Static application security testing (SAST) is a security testing technique for identifying security vulnerabilities in an application’s source code.
Unlike dynamic application security testing (DAST), which examines the application during runtime, SAST examines the code itself before compilation or execution. This allows developers to identify and address vulnerabilities early in the software development lifecycle (SDLC), reducing the risk of costly remediation efforts later on.
Fluid Attacks’ static analysis has achieved a true positive rate of 100% and a false positive rate of 0% against the OWASP Benchmark , a widely recognized standard for evaluating security testing tools. This means that Fluid Attacks’ AppSec testing tool accurately identifies real vulnerabilities without raising false alarms, ensuring efficient and reliable security analysis.
To learn more about Fluid Attacks’ SAST capabilities, refer to the following resources in this documentation:
- Supported languages : Discover the extensive range of programming languages supported by the static analysis tool. This way, you can assess its compatibility with your specific development environment and technology stack.
- Supported frameworks : Learn what frameworks are supported by the static analysis tool.
- Security requirements verified with SAST : Understand the comprehensive set of security requirements that form the basis of Fluid Attacks’ SAST scans. This page inform you of the weaknesses the tool can detect, their severity, their CWE ID, and more.
- Use the scanners : Perform SAST, among other techniques, with Fluid Attacks’ free and open-source command-line interface (CLI) tools.
- SAST scanner configuration file : Customize your SAST scans.
- Sign up : Start the free trial of Fluid Attacks’ SAST and other automated techniques, in which the scanner is configured for you to continuously monitor your system’s security as you develop, and Fluid Attacks provides you with reports , analytics , and remediation suggestions on its platform .
- AI SAST: AI-powered static application security testing.
Search for vulnerabilities in your apps for free with Fluid Attacks’ automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan . If you prefer the Advanced plan, which includes the expertise of Fluid Attacks’ hacking team, fill out this contact form .