DeveloperTown projects should utilize appropriate static application security testing tools.
Static application security testing (SAST) tools automatically scan the source code of an application. The goal is to identify vulnerabilities before deployment. SAST tools perform white-box testing, which involves analyzing the code based on inside knowledge of the application.
- Examine the codebase of an application in one test
- Test an application before compiling or running the code
- Identify vulnerabilities early in the software development life cycle (SDLC), which is when vulnerabilities are easiest and cheapest to fix
- c#
- Kotlin
- Typescript / Javascript
- Terraform