Static Application Security Testing
It’s similar to a Dynamic Application Security Testing, it scan the application’s source, binary or byte code to identify vulnerabilities. SAST tools can be addedd to your IDE and can be enabled in certain services like Gitlab.
The most significant ability is to detect the exact location of a security vulnerability and marks the file name and the code line, so that developers can rapidly fix them.
One of the downside of using SAST is that i generates many false-positives, increasing investigation time and reductin trust in such tools.