SAST and AI Intersection
How we use SLM with SAST

Let’s keep it simple.
Any SAST tool will give you a list of findings. Some will be true issues (True Positives), others won’t (False Positives), and a few might still be under review.
Now imagine scanning the same code again—but this time, using a different technique. You still sort the findings into the same buckets: FP, TP, and “needs review.”
But here’s where it gets interesting.
What if you combine both techniques? You get a few big benefits:
Fewer False Positives – You can catch and eliminate them before they even show up in reports.
Access to True Negatives – You see safe areas of the code that one technique alone might have missed.
Train the AI to focus only on real issues (TPs) – It starts learning what actually matters.
That’s the idea. And yes, we made it work.
Last updated
Was this helpful?