the.com/sast
a linter with a security degree, judging your code before it ever runs.
means static application security testing scans your source code for vulnerabilities without ever executing it.
from emerged in the 2000s as software audits went automated, letting tools flag flaws by reading code the way a reviewer would, just faster and humorless.
speed vs depthcatches bugs early but misses runtime-only flaws
common culpritfalse positives pile up, drowning real issues
pairs withdast, its runtime-testing counterpart