SAST and SCA

SAST and SCA use AI-powered static analysis to detect vulnerabilities, exposed secrets, and risky open-source dependencies in application code. Built on a Code Property Graph (CPG), the platform analyzes control flow, data flow, and dependencies together to uncover complex risk scenarios and deliver actionable security insights early in the development lifecycle.

Get started

Definitions

Understand essential terminology of Qwiet AI

Prerequisites

Set up access and requirements to start using Qwiet AI effectively.

QuickStart

Run your first scan and identify risks in minutes.

Overview

Code Property Graph

Analyze code semantics, data flow, and dependencies using a unified graph model.

AI/ML

Leverage AI-driven analysis to uncover deep, contextual security risks.

Integrations

Integrate Qwiet AI with CI/CD pipelines and developer tools seamlessly.

AutoFix

Automatically generates AI-driven code fix suggestions for SAST findings to speed up vulnerability remediation.

Artifacts & Secrets Scanning

Intelligent SCA

Detect vulnerable and risky open-source dependencies with contextual insights.

Containers

Analyze container images to identify vulnerable packages and insecure layers.

Secrets

Detect hardcoded secrets and credentials across your codebase automatically.

Policies

Define and customize security rules to tailor context-aware vulnerability detection.

CLI

Installation

Run SAST and SCA scans from the command line to detect code and dependency risks.

Reference

View Qwiet AI CLI commands and usage details.