Static Application Security Testing (SAST) is one of the earliest and most powerful ways to secure your applications. Right at your code. In this episode of Tool Time, Mackenzie Jackson explores how SAST works, why it’s important, and where it struggles. We also dive into open-source SAST tools, AI-driven triage, and autofixing vulnerabilities. Whether trying to understand how SAST works, looking for open-source SAST tools, or exploring how AI improves code security, this video is a must-watch. Links: OpenGrep Website - OpenGrep GitHub - 00:00 Introduction to Tool Time 00:28 What is SAST (Static Application Security Testing)? 01:06 Why SAST Matters in the Development Lifecycle 01:27 Strengths and Weaknesses of SAST 02:03 How SAST Tools Detect Vulnerabilities 03:39 Open Source Example: OpenGrip 04:45 Writing and Customizing SAST Rules 06:14 The Problem of False Positives 07:10 How AI Improves SAST (Auto-Triage & Context) 09:06 AI in SAST: Autofix and Developer Assistance 10:51 Where to Implement SAST in Your Workflow 12:01 Conclusion and Upcoming Episodes