This project is an AI-Native SAST tool. Unlike traditional SAST tools that rely solely on parsing and analysis rules, this project uses LLMs (e.g. Claude from Anthropic, GPT from OpenAI, or Gemini from Google) to find vulnerabilities.
This project can be used standalone on your laptop. It is also available as part of the Datadog Code Security offering.
This project is under development and is in preview stage.
- AI-Powered Analysis: Uses advanced AI models to detect security vulnerabilities
- Multiple Language Support: Go, Java, Python, C#, JavaScript, TypeScript, and Kotlin
- SARIF Output: Generates industry-standard SARIF reports
- Context-Aware: Builds project context for more accurate analysis
- LLM API key: You must provide an API key for one of the supported LLM providers (Anthropic, OpenAI, or Google Gemini). See LLM key below.
No Datadog account is required. SAIST fetches its detection rules from a public Datadog-hosted API endpoint — no Datadog API key or App key needed.
- Go Tree-sitter: Go bindings for Tree-sitter parsing library
- Standard Go text/template: Built-in Go templating for prompt generation
- Go-SARIF: SARIF (Static Analysis Results Interchange Format) library
Set the environment variable for your LLM provider:
- Anthropic:
ANTHROPIC_API_KEY - OpenAI:
OPENAI_API_KEY - Google Gemini:
GOOGLE_API_KEY
Build and run the binary:
make build
./bin/datadog-saist --directory <path> --output <output-file> --detection-model <model>
--validation-model <model> [options]Example with Gemini:
make build
GOOGLE_API_KEY=<...> ./bin/datadog-saist --directory <path> --output <output-file>
--detection-model gemini-2.5-flash --validation-model gemini-2.5-flashRequired Arguments
- --directory: Directory to analyze
- --output: Output file path for SARIF report
- --detection-model: Model to use for vulnerability detection
- --validation-model: Model to use for result validation
Available Models
┌───────────────────────┬───────────┐
│ CLI name │ Provider │
├───────────────────────┼───────────┤
│ openai-gpt5-mini │ OpenAI │
├───────────────────────┼───────────┤
│ openai-gpt5.2 │ OpenAI │
├───────────────────────┼───────────┤
│ openai-gpt5.2-codex │ OpenAI │
├───────────────────────┼───────────┤
│ claude-4.5-sonnet │ Anthropic │
├───────────────────────┼───────────┤
│ claude-4.5-haiku │ Anthropic │
├───────────────────────┼───────────┤
│ gemini-2.5-pro │ Google │
├───────────────────────┼───────────┤
│ gemini-2.5-flash │ Google │
├───────────────────────┼───────────┤
│ gemini-2.0-flash-lite │ Google │
├───────────────────────┼───────────┤
│ gemini-3-flash │ Google │
└───────────────────────┴───────────┘
Optional Arguments
- --debug: Enable debug mode for verbose output
- --request-timeout-sec: Request timeout in seconds for LLM API calls (default: 30)
- --file-concurrency: Number of concurrent files to analyze (default: 20)
- --write-prompts: Write prompts to files during analysis (suffixed .userprompt and .systemprompt)
- --local-prompts: Use detection rules embedded in the binary instead of fetching from the Datadog API
- --skip-indexing: Disable cross-file context indexing. Reduces memory usage on large repositories at the cost of cross-file vulnerability detection.