SAST-EDI
Static source-code analysis — first line of defence in CI/CD.
Definition
For EDI, SAST detects: XPath injection in a Schematron, hardcoded secrets in a parser, unsafe deserialisation of XML signatures, path traversal in EDI file storage. Modern SAST tools (Semgrep, Snyk Code) carry rules for XML signature wrapping, OWASP Top 10, CWE Top 25.
Origin
Category created by Gartner around 2010. Older origin (1990s lint tools, AT&T RATS 2001).
Example in context
A GitLab CI running Snyk Code on every MR and blocking the merge if a secret is detected.
Related terms
- DAST — complementary dynamic analysis.