26 lines
735 B
Markdown
26 lines
735 B
Markdown
---
|
||
title: "SAST(静态应用安全测试)"
|
||
type: concept
|
||
tags: [安全, 测试, 代码分析]
|
||
sources: [what-is-devsecops-best-practices-benefits-and-tools]
|
||
last_updated: 2026-04-16
|
||
---
|
||
|
||
## Definition
|
||
SAST(Static Application Security Testing)是一种静态代码分析技术,在不运行应用程序的情况下分析源代码以识别安全漏洞。
|
||
|
||
## Characteristics
|
||
- 在开发早期(编码阶段)使用
|
||
- 无需执行代码
|
||
- 可检测 SQL 注入、跨站脚本、缓冲区溢出等常见漏洞
|
||
- 集成到 IDE 和 CI/CD 流水线
|
||
|
||
## Tools
|
||
- SonarQube
|
||
- Checkmarx
|
||
- Fortify
|
||
|
||
## Connections
|
||
- [[DevSecOps]] ← uses ← [[SAST]]
|
||
- [[CI-CD-流水线]] ← integrates ← [[SAST]]
|
||
- [[SDLC]] ← embeds ← [[SAST]] |