Introducing our open source AI-native SAST

An AI-native static application security testing (SAST) tool has been developed to enhance vulnerability detection by utilizing large language models (LLMs) for more accurate, context-aware analysis compared to traditional SAST methods. This open-source solution, which scans code changes incrementally, aims to reduce false positives and improve detection rates for vulnerabilities such as SQL injection and cross-site scripting, as demonstrated by its superior performance on OWASP benchmarks. Although more costly due to multiple LLM calls, the tool mitigates expenses through incremental analysis, performing full repository scans only when necessary. The project is integrated within Datadog, allowing scalable operations for each code change and leveraging Datadog LLM Observability to monitor performance and costs. By open sourcing this tool, Datadog seeks to foster transparency and collaboration within the security community, aiming to further refine and expand its capabilities, including potential agentic scanning techniques for deeper contextual understanding. The AI-native SAST solution is available on GitHub, with incremental analysis currently previewed for Datadog customers.