Static Application Security Test (SAST) 

SAST is a service designed to analyse the source code of Visma services to identify Security defects.  It integrates in the CI/CD (Continuous Integration/ Continuous Delivery) pipeline for full automation and with our ticketing system for export of details.  It also integrates with notification systems to ensure that the developers get information in a timely manner.

The system provides triage functionality for defects in order to classify severity and actions.

The SAST service is put in place to reduce the risk of costly security incidents due to implementation defects in source code at an early stage in the process while the root cause is faster to fix. Parts of SAST are automated, and integrated in the build process as well as ticketing and source code management systems.

The SAST service also provides good training for developers and teaches how to avoid making security defects.