> For the complete documentation index, see [llms.txt](https://docs.opsmx.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.opsmx.com/code-to-cloud-security-and-scanners/code-security/sast.md). # SAST Static Application Security Testing (SAST) analyzes your application's source code **before it runs** — catching vulnerabilities, coding flaws, and security misconfigurations early in the development cycle, before they reach production. OpsMx Delivery Shield natively integrates with CI/CD tools such as Jenkins, GitHub Actions, and GitLab. As and when any stage in the CI/CD pipeline is triggered, automated security scans defined within those stages are also triggered by OpsMx. ## How It Works OpsMx SAST leverages open-source tools Semgrep and SonarQube to provide lightweight, fast, and customizable static analysis designed for developers and security professionals. When a pipeline stage is triggered, Delivery Shield: 1. **Connects** to your repository via the integrated CI/CD tool 2. **Scans** the source code using Semgrep and/or SonarQube rule sets 3. **Analyzes** findings against your defined security policies 4. **Reports** vulnerabilities categorized by severity and confidence 5. **Blocks or flags** the release depending on your policy configuration ## Viewing SAST Results Once a scan completes, results are available in the **Delivery Shield dashboard**: * Navigate to your **Application** → **Source Scan** section * View findings organized by **severity** (Critical, High, Medium, Low) and **confidence level** * Drill into individual findings to see the affected file, line number, and rule triggered * Track remediation status across environments from a **centralized view** {% hint style="info" %} SAST scan findings are also incorporated into your **application's overall security score** and reflected in the Delivery Bill of Materials (DBOM). {% endhint %} ## Remediation When vulnerabilities are detected, Delivery Shield provides: * **Inline suggestions** with remediation guidance per finding * **AI-powered remediation** — the ability to generate recommendations for upgrading insecure dependencies and suggest alternatives to vulnerable libraries. * **Automated pull requests** to apply fixes directly in the repository (where configured) ## Supported Languages & Frameworks SAST in Delivery Shield supports 20+ programming languages including Python, JavaScript, Java, Go, and Ruby, with framework-specific rules for React, Flask, and Django, plus a rich library of rules from the open-source community. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opsmx.com/code-to-cloud-security-and-scanners/code-security/sast.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.