Source code analysis¶

Approaches:

• Static (SAST): Check code without execution

• Dynamic (DAST): Test running applications

• Interactive (IAST): Hybrid approach

Tools:

• Checkmarx (SAST)

• Veracode (SAST+DAST)

• Snyk Code (SAST)