#12DELIVERYSCAN

Code Scan (SAST)

Static security analysis

Medium

Overview

Automated scanning for security vulnerabilities in code before it's merged. Catches SQL injection, XSS, and common bugs.

Why It Matters

Find security issues before they ship. Catches SQL injection, XSS, and common vulnerabilities.

The Risk

Without code scanning, security vulnerabilities slip through review and reach production. When exploited, they lead to data breaches, customer trust loss, and compliance violations.

Implementation Components

A complete implementation of this capability includes:

Static analysis tool integrated with CI
Language-specific security rules
Scans run on every PR
Critical findings block merge
False positive suppression workflow
Findings tracked in security dashboard

Implementation Pattern

1Choose scanning tools
2Integrate with CI
3Configure scan rules
4Set up automated PR comments

Tool Examples

These are examples, not endorsements. Choose what fits your context.

Dependencies

Requires (must have first)

•#5 Code Check-in

Enhanced by (more effective with)

•#6 Code Review

Enables (unlocks)

•#62 Vulnerability Tracking

Same Phase

Other capabilities in this pipeline phase

Quick Actions

View in Flow View full landscape Assess your platform

←

#11 LLM Failure Analysis

#13 Dependency Scan (SCA)

→