Python
Python SAST is tuned for web services, data processing jobs, and scripts.
What It Commonly detects:
- Command injection (subprocess, shell usage)
- SSRF in requests/URL fetch
- Insecure pickle/deserialization usage
- Weak crypto/hard-coded secrets patterns (when they present as code issues)
- Unsafe YAML loading and insecure parsing defaults
Recommended doc additions:
- Security tips for Django/Flask/FastAPI usage patterns
- Guidance for handling findings in test code vs production code