What is your primary use case for GitHub Code Scanning?

Find out what your peers are saying about GitHub, Sonar, Black Duck and others in Static Application Security Testing (SAST). Updated: April 2025.

DOWNLOAD NOW

848,270 professionals have used our research since 2012.

Static Application Security Testing (SAST)

SAST is a method designed to detect security vulnerabilities within an application's source code. By analyzing the code structure, SAST identifies potential flaws early in the development cycle, promoting secure coding practices and reducing the risk of security issues in production. Unlike dynamic testing that examines an application during runtime, SAST operates on static code analysis. This early detection capability is crucial as it enables developers to address vulnerabilities before...

Download Static Application Security Testing (SAST) Report Read more

Related Q&As

Nov 23, 2023

What do you like most about GitHub Code Scanning?

May 28, 2024

What is your experience regarding pricing and costs for GitHub Code Scanning?

reviewer2674647 soln architect at a newspaper with 11-50 employees · Answer 1 · 2025-03-13T14:03:39Z

We were using GitHub Code Scanning ( /products/github-code-scanning-reviews ) for code coverage and to look for obvious logical errors in the code instead of just syntax errors. It was part of a complex pipeline for overseeing code quality efforts, utilizing tools such as Spectral ( /products/check-point-cloudguard-code-security-reviews ) for scanning code repositories. We were not specifically scanning for viruses. The code scanning was employed in various stages for development and production coding efforts.

score 0 · Answer 2 · 2024-05-28T08:51:00Z

The tool helps to know which ports are allowed and which are not. It traverses the entire network, scanning every system to determine which ports are open. As per compliance policy, specific ports prone to attack should not be open.