Introducing our open source AI-native SAST | Datadog

Static application security testing (SAST) tools help developers quickly catch potential vulnerabilities as they code. However, these tools rely on inflexible rules that often generate a high number of false positives, reducing trust in their accuracy and slowing adoption.

To help developers access context-aware vulnerability detection, we’ve released an open source AI-native SAST solution. This tool scans code changes incrementally and surfaces security issues in real time. Our project is able to deliver more accurate vulnerability detection than traditional solutions, outperforming the latter on OWASP benchmarks.

What is AI-native SAST?

Traditional SAST tools analyze source code using static rules and pattern matching to detect potential vulnerabilities. Each rule targets a specific type of vulnerability, such as SQL injection, cross-site scripting (XSS), or command injection. A 2018 study from Google found that false positives and the lack of actionable recommendations are the primary barriers to SAST adoption.

AI-native SAST solutions analyze code using large language models (LLMs) to enhance traditional SAST functionality with more flexible, intelligent vulnerability detection. They can reason about code semantics or execution context, such as call stack details or which services the code is associated with, to more reliably assess whether a potential vulnerability is present. This reasoning enables these tools to better contextualize code, decreasing the rate of false positives compared to traditional approaches.