SAST and AI Intersection
How we use SLM with SAST
Last updated
Was this helpful?
How we use SLM with SAST
Last updated
Was this helpful?
Let’s keep it simple.
Any SAST tool will give you a list of findings. Some will be true issues (True Positives), others won’t (False Positives), and a few might still be under review.
Now imagine scanning the same code again—but this time, using a different technique. You still sort the findings into the same buckets: FP, TP, and “needs review.”
But here’s where it gets interesting.
What if you combine both techniques? You get a few big benefits:
Fewer False Positives – You can catch and eliminate them before they even show up in reports.
Access to True Negatives – You see safe areas of the code that one technique alone might have missed.
Train the AI to focus only on real issues (TPs) – It starts learning what actually matters.
That’s the idea. And yes, we made it work.