SAST and AI Intersection

How we use SLM with SAST

Let’s keep it simple.

Any SAST tool will give you a list of findings. Some will be true issues (True Positives), others won’t (False Positives), and a few might still be under review.

Now imagine scanning the same code again—but this time, using a different technique. You still sort the findings into the same buckets: FP, TP, and “needs review.”

But here’s where it gets interesting.

What if you combine both techniques? You get a few big benefits:

  1. Fewer False Positives – You can catch and eliminate them before they even show up in reports.

  2. Access to True Negatives – You see safe areas of the code that one technique alone might have missed.

  3. Train the AI to focus only on real issues (TPs) – It starts learning what actually matters.

That’s the idea. And yes, we made it work.

Last updated

Was this helpful?