ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

SAST-EDI

Static source-code analysis — first line of defence in CI/CD.

Definition

For EDI, SAST detects: XPath injection in a Schematron, hardcoded secrets in a parser, unsafe deserialisation of XML signatures, path traversal in EDI file storage. Modern SAST tools (Semgrep, Snyk Code) carry rules for XML signature wrapping, OWASP Top 10, CWE Top 25.

Origin

Category created by Gartner around 2010. Older origin (1990s lint tools, AT&T RATS 2001).

Example in context

A GitLab CI running Snyk Code on every MR and blocking the merge if a secret is detected.

  • DAST — complementary dynamic analysis.

Last updated: May 14, 2026