SAST Rules
SAST rules identify insecure patterns in application code across supported languages (Java, Python, Go, Rust, JS/TS, etc.). These rules prioritize high-signal issues that are actionable in PRs.
SAST Rule Table (example)
| ID | Title | Description | Remediation | Tags |
|---|---|---|---|---|
| CODE-0001 | SQL Injection risk due to untrusted input | Detects query construction using untrusted input without safe parameterization. | Use parameterized queries / prepared statements; avoid string concatenation for SQL. | sast, sql-injection, java, python |
| CODE-0002 | OS Command Injection | Detects use of shell execution with untrusted input. | Avoid shelling out; validate input; use safe APIs; use allow-lists. | sast, command-injection, python, go |
Language grouping
In the UI and docs, SAST rules should be grouped by language for clarity:
- Java rules
- Python rules
- Go rules
- Rust rules
- JavaScript / TypeScript rules
- Other languages
Each language section uses the same table format above, filtered by the language tag.