| ▲ | muglug 2 days ago | |||||||
Most of these vulnerabilities could have been discovered much earlier had the same security researchers pointed a SAST tool at the codebase. I wrote an OSS PHP SAST tool 6 years ago, but it's suffered from industry neglect — most people only care about security after an incident, and PHP has enough magical behaviour that any tool needs to be tuned to how specific repositories behave. I agree there's a big opportunity for LLMs to take this work forward, filling in for a lack of human expertise. | ||||||||
| ▲ | unethical_ban 2 days ago | parent [-] | |||||||
Where can I learn more about SAST, and do you have a link to your tool? I stood up a Dokuwiki instance recently and had Qwen look through the codebase, and it didn't find anything critical. It identified "fragile patterns", though. | ||||||||
| ||||||||