We don't cover code analysis (SAST). We sit in production applications and the microagents inspect the execution flow of requests inside apps.
If we detect that a vulnerability is being triggered we will virtually patch it and send remediation details to developers.
We wrote a blog post [1] that explains how we detect these vulnerabilities.
If we detect that a vulnerability is being triggered we will virtually patch it and send remediation details to developers. We wrote a blog post [1] that explains how we detect these vulnerabilities.
[1] - https://blog.sqreen.com/block-sql-injections-not-customers/