# Written code Scan (SAST)

{% embed url="<https://youtu.be/AC3CNEXKbN0>" %}

#### **For SAST Scans users need to follow the mentioned steps.**

We can start an online scan by clicking on the **SCAN** button on top right

<figure><img src="https://lh6.googleusercontent.com/VqnfAmR3N3V7DkNNi3QwU0GikgB0NptS5c8-LIQYVMuL-fUc9oPcceq2cT6T1b1tAd3adomsrnLpGlpsXHWXGT8DuDsKMxkcTmfuLUwbAFodB2_S3-x-pfv3IH1UdWJEbjQbsAyBBcNMCU5gxru_UPSA8aQ48kFPT42mByyl4Tfw_fNVhTKnPuB2kA" alt=""><figcaption></figcaption></figure>

We chose **Github** for this example. Once clicked, you get a repo to scan. For the demonstration purpose we take **Vulnado.**

<figure><img src="https://lh6.googleusercontent.com/47OhyaL8GWofSaRIk1kQ9d5NIrcxRNQ0SyInFwVUwcFU1ujVrPyJaFcyKjpL3Ve7vw5Nd64I9rnAJ6PzbiyyQ3WG90Rk_P25Qow7qcqKoGS0AoGEuU-q-fYoE0dbzIlJ3kfg1u-j8aOP53hP_n27FRdivQejFg1zLfi5LjTxwP-maxDHaDoh8etCUg" alt=""><figcaption></figcaption></figure>

We clone the repo and paste it like,

<figure><img src="https://lh6.googleusercontent.com/LoRr3UdM4pxtU0yx4ytimfLaMZC1epKgY3RTJRM6ugZfDjnexUXjTqmWYnTH2hU-9jybQlNpEOGXPC6rZ9wKul4-ezRNdkVaFtA4-W7ey55X46ndeCN9GBVdXHmqwn6cKxhmY9YgAvtYl2MkwZ6sXLWybdVaccVpNt6nNGYq7YKv6-CBFY_Xpkikgw" alt=""><figcaption></figcaption></figure>

Hit the green plus sign and scan.

<figure><img src="https://lh5.googleusercontent.com/9Wrq7AmEnhQqkKlm0mxlm4v9gYWv9ZeKz4PVrxtTQORmObqWCYE-1EWw5uJ5wY_GE9w2jyH1hfIQqW5CEZ3ZWwTLwf5GdmHMqnqeoe5w40qr6O96VPcAcrNVh6-cBmuSzj8HMh4qkvZ3iz2sJO_JlDG7n4JSOCSIk1Pb5QknIY9Snl-366yNKGphbA" alt=""><figcaption></figcaption></figure>

Scan with start

<figure><img src="https://lh5.googleusercontent.com/5mLWHQKuJQn7_e9jkmqF1PAtWki9lhn_Lf2kHDu5f_m_tiVudkaUkHvMLGe0IBurBhnnAr69K5d1nqhr9QnEZj3ggMQR3mO8awblej2mbCMwYqQUhWjXQYSgdonXXWCM9-vonh3GtRrgsb7e1aTi6CkqofJsRnIIW3Pbj8OIjRe666RBPSA9ZpDceA" alt=""><figcaption></figcaption></figure>

Once online scans finishes we get the result like following

<figure><img src="https://lh4.googleusercontent.com/QljpfaZy-EZM62yP_Z0g2ZrSZB_EaiJmA7eJjxdZ30kIwCoDkr00LOb2FnoikKsMSCkcpGSWJhaYeJ6Y62oJihWGxNrqur1ZPd3AmFwNY26pYlZluOGdANs-O5j_ZqoJ3QcH968c3JlvV9c4v6Niovx6nZV2Y2K3n6mNVtxv90IETWcE5VNKYq8o5A" alt=""><figcaption></figcaption></figure>

Above picture shows that we scanned a project names “vulnado-test” which has our Code Analysis (SAST) and other scans. Let’s dive into that.

Once you click on it you will be redirected to a page like following

Which will contain the following information about your SAST scan

```
  1) Project Scanned
```

Named of our current project. In this case vulnado-test

```
 2)  Scan Date
```

When scan was performed, on which date and at what time

```
 3) User’s Email
```

Which user performed this scan? We show their email address

```
4) RuleId 
```

Which rules matched our sets of backend rules. We show that

```
5) Vulnerable Code Snippet
```

Code block which is vulnerable

```
6) Rule description 
```

More information about the ruleid

```
 7) File Path
```

Vulnerable code file path

```
  8) Filter Severity 

	      -  To filter your results based upon the criticality 
          
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.clouddefenseai.com/scans/written-code-scan-sast.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.