Playbooks
We have two kinds of playbooks available:
SAST
These playbooks analyze repositories for vulnerabilities in source code through Static Application Security Testing (SAST). These playbooks analyze repository code statically to find vulnerabilities such as insecure patterns, secrets, or dependency issues in 1P or 3P code. SAST is run over code repositories and does not require execution of the program, making them ideal for pre-deployment checks.
DAST
These playbooks perform Dynamic Application Security Testing (DAST) by interacting with live applications using parameters for testing. They often use parameters like URLs or domains to perform tasks such as scanning endpoints, brute-forcing, or performing load tests. DAST playbooks simulate real-world attacks to enhance application security.
