# Static Application Security Testing ## Overview Static Application Security Testing (SAST) is a methodology used to analyze source code, bytecode, or binary code to identify security vulnerabilities at the early stages of software development. SAST tools perform a thorough inspection of the codebase without executing the program, allowing developers to pinpoint potential security flaws before the application is deployed. By leveraging SAST, organizations can proactively detect and remediate vulnerabilities such as SQL injection, cross-site scripting (XSS), buffer overflows, and other common security threats. These tools provide detailed insights into code quality and security, often integrating seamlessly into the development pipeline for continuous monitoring and feedback. ## Rules Rules are essential for detecting security risks and vulnerabilities across your codebase, as well as for enforcing best practices. The Sec1 SAST Scanner enables rapid identification of rule violations within your code. The built-in rules are designed to safeguard against the most critical security risks and vulnerabilities in your applications. These rules are accompanied by corresponding Common Weakness Enumeration (CWE) and OWASP references, providing clear identification and context for each detected issue. Below are the set of language specific rules. * [Go](https://github.com/sec0ne/user-docs/blob/main/docs/4-sast/1-go/README.md) * [Java](/user-docs/4-sast/2-java.md) * [JavaScript / TypeScript](/user-docs/4-sast/3-javascript.md) * [PHP](https://github.com/sec0ne/user-docs/blob/main/docs/4-sast/4-php/README.md) * [Python](https://github.com/sec0ne/user-docs/blob/main/docs/4-sast/5-python/README.md) * [Ruby](https://github.com/sec0ne/user-docs/blob/main/docs/4-sast/6-ruby/README.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sec1.io/user-docs/4-sast.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.