Explore how Datadog's open source SAST solution uses AI to surface code vulnerabilities more accurately and efficiently.

DataDog Blog offers insights, tutorials, and updates on monitoring, analytics, and observability solutions. Covering topics such as infrastructure monitoring, log management, and application performance monitoring, DataDog Blog provides resources for developers, DevOps engineers, and IT professionals. Developers can learn about best practices, troubleshooting techniques, and optimization strategies for managing complex systems through DataDog's blog posts and guides.

Datadog

Datadog has open sourced an AI-native Static Application Security Testing (SAST) tool that uses LLMs to detect code vulnerabilities with greater accuracy than traditional rule-based approaches. The tool works in four steps: heuristic-based file identification, context retrieval, LLM-based analysis, and post-processing with false-positive filtering. To manage cost, it performs a full scan at onboarding and then only rescans files when their content or context changes. Benchmarked against the OWASP framework, the AI-native solution significantly outperforms traditional SAST on context-dependent vulnerabilities like SQL injection (86% vs 63% true positive rate) and command injection (90% vs 59%). The codebase is available on GitHub, though incremental analysis requires a Datadog subscription. Future plans include exploring agentic scanning techniques for deeper contextual reasoning.

Introducing our open source AI-native SAST

How does Datadog’s AI-native SAST feature work?

Evaluating accuracy against the OWASP Benchmark

The future of AI-enhanced SAST at Datadog