I'm thinking about when is the perfect moment to run a SAST review but I am not sure. For me the best moment is before merging my branch to master (on the pull request), due to, you can fix it before putting your code on production. However, imagine, there are two or more branches without any vulnerability (you run your SAST review before merging these branches), is it possible new vulnerabilities appear on the code if you merge these branches without vulnerabilities into master? I mean the combination of different code without vulnerabilities can make you code vulnerable? if yes, could you give an example? does it make sense to run another SAST review on master (after merging any branch)?
Asked
Active
Viewed 31 times
