# Code Security (SAST) ### **Overview** Xygeni's **Static Application Security Testing (SAST)** tool provides in-depth analysis of your source code to uncover security vulnerabilities and malicious patterns **before code is compiled or deployed**. By scanning source files directly, Xygeni ensures early detection of flaws that could be exploited in production, enabling secure-by-design software development practices. Through integration with DevOps workflows and developer environments, Xygeni’s SAST scanner delivers actionable insights, prioritizes critical findings and facilitates **quick remediations** based on secure coding guidelines and regulatory standards. ### **Protect Applications from Malicious Code and Vulnerabilities Early** Modern applications often combine large volumes of custom code with third-party libraries. This increases the risk of hidden vulnerabilities or **intentionally inserted malicious logic**. Xygeni's SAST tool is built to uncover: * Insecure functions and APIs (e.g., use of `eval()`, hardcoded credentials, or unsafe deserialization). * Input validation flaws (e.g., XSS, SQL injection, command injection). * Misuse of cryptographic functions. * Data leakage risks due to improper handling of secrets. * Suspicious patterns indicative of **malware or backdoors** in source files. The scanner covers multiple languages and frameworks commonly used in web, backend, and cloud-native environments. For more information regarding Code Security, refer to these sections: * [Code Security User Interface Guide](/xygeni-products/code-security-cs/cs-user-interface-guide.md) * [Risks (SAST)](/xygeni-products/code-security-cs/cs-user-interface-guide/risks-sast.md) * [Malicious Code](/xygeni-products/code-security-cs/cs-user-interface-guide/risks-sast/malicious-code.md) * [Malware Scanner](/xygeni-products/code-security-cs/malware-scanner.md) * [SAST Scanner](/xygeni-products/code-security-cs/ci-cd-scanner.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.xygeni.io/xygeni-products/code-security-cs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.