▲ 15 r/devsecops
Best SAST tool for a mid-size engineering org, what has changed since AI coding tools took over
Building an evaluation shortlist and trying to separate current reality from reviews written when the AI coding tool landscape was different. Most SAST tools were designed for codebases written entirely by humans. That assumption is no longer valid for most orgs and I want to know which tools have adapted versus which ones added AI language support and called it done.
The questions I keep coming back to are real-time scanning inside AI-assisted editors versus post-commit only, whether the correlation layer handles mixed human and AI code patterns, and how false positive rates hold up when a significant portion of commits come from AI suggestions.
u/PurplePlenty4980 — 2 days ago