3 parameters to measure SAST testing

In assessing a SAST testing tool, it's essential to consider three parameters: accuracy, completeness, and unique additional values. Accuracy refers to the number of true positives (actual issues) while maintaining false positives (irrelevant findings). Completeness measures the real issues found versus all possible issues, with higher rates indicating better visibility and protection. The qualitative aspect looks at language and vulnerability support, including how a tool approaches depth and accuracy, and its development velocity and maintenance. To measure these parameters, one needs to triage results, calculate accuracy and completeness using formulas, and consider the importance of context and personal expertise in interpreting SAST results.