Skip to content

DataDog/datadog-saist

Repository files navigation

Datadog Static AI Security Testing (SAIST) tool

This project is an AI-Native SAST tool. Unlike traditional SAST tools that rely solely on parsing and analysis rules, this project uses LLMs (e.g. Claude from Anthropic, GPT from OpenAI, or Gemini from Google) to find vulnerabilities.

This project can be used standalone on your laptop. It is also available as part of the Datadog Code Security offering.

Project Status

This project is under development and is in preview stage.

Features

  • AI-Powered Analysis: Uses advanced AI models to detect security vulnerabilities
  • Multiple Language Support: Go, Java, Python, C#, JavaScript, TypeScript, and Kotlin
  • SARIF Output: Generates industry-standard SARIF reports
  • Context-Aware: Builds project context for more accurate analysis

Requirements

  • LLM API key: You must provide an API key for one of the supported LLM providers (Anthropic, OpenAI, or Google Gemini). See LLM key below.

No Datadog account is required. SAIST fetches its detection rules from a public Datadog-hosted API endpoint — no Datadog API key or App key needed.

Dependencies

  • Go Tree-sitter: Go bindings for Tree-sitter parsing library
  • Standard Go text/template: Built-in Go templating for prompt generation
  • Go-SARIF: SARIF (Static Analysis Results Interchange Format) library

Usage

LLM key

Set the environment variable for your LLM provider:

  • Anthropic: ANTHROPIC_API_KEY
  • OpenAI: OPENAI_API_KEY
  • Google Gemini: GOOGLE_API_KEY

Command Line Interface

Build and run the binary:

make build
./bin/datadog-saist --directory <path> --output <output-file> --detection-model <model>
--validation-model <model> [options]

Example with Gemini:

  make build
  GOOGLE_API_KEY=<...> ./bin/datadog-saist --directory <path> --output <output-file>
  --detection-model gemini-2.5-flash --validation-model gemini-2.5-flash

Required Arguments

  • --directory: Directory to analyze
  • --output: Output file path for SARIF report
  • --detection-model: Model to use for vulnerability detection
  • --validation-model: Model to use for result validation

Available Models

  ┌───────────────────────┬───────────┐
  │       CLI name        │ Provider  │
  ├───────────────────────┼───────────┤
  │ openai-gpt5-mini      │ OpenAI    │
  ├───────────────────────┼───────────┤
  │ openai-gpt5.2         │ OpenAI    │
  ├───────────────────────┼───────────┤
  │ openai-gpt5.2-codex   │ OpenAI    │
  ├───────────────────────┼───────────┤
  │ claude-4.5-sonnet     │ Anthropic │
  ├───────────────────────┼───────────┤
  │ claude-4.5-haiku      │ Anthropic │
  ├───────────────────────┼───────────┤
  │ gemini-2.5-pro        │ Google    │
  ├───────────────────────┼───────────┤
  │ gemini-2.5-flash      │ Google    │
  ├───────────────────────┼───────────┤
  │ gemini-2.0-flash-lite │ Google    │
  ├───────────────────────┼───────────┤
  │ gemini-3-flash        │ Google    │
  └───────────────────────┴───────────┘

Optional Arguments

  • --debug: Enable debug mode for verbose output
  • --request-timeout-sec: Request timeout in seconds for LLM API calls (default: 30)
  • --file-concurrency: Number of concurrent files to analyze (default: 20)
  • --write-prompts: Write prompts to files during analysis (suffixed .userprompt and .systemprompt)
  • --local-prompts: Use detection rules embedded in the binary instead of fetching from the Datadog API
  • --skip-indexing: Disable cross-file context indexing. Reduces memory usage on large repositories at the cost of cross-file vulnerability detection.

About

AI-native SAST

Topics

Resources

License

Contributing

Stars

64 stars

Watchers

1 watching

Forks

Packages

 
 
 

Contributors

Languages