# Written code Scan (SAST)

{% embed url="<https://youtu.be/AC3CNEXKbN0>" %}

#### **For SAST Scans users need to follow the mentioned steps.**

We can start an online scan by clicking on the **SCAN** button on top right

<figure><img src="https://lh6.googleusercontent.com/VqnfAmR3N3V7DkNNi3QwU0GikgB0NptS5c8-LIQYVMuL-fUc9oPcceq2cT6T1b1tAd3adomsrnLpGlpsXHWXGT8DuDsKMxkcTmfuLUwbAFodB2_S3-x-pfv3IH1UdWJEbjQbsAyBBcNMCU5gxru_UPSA8aQ48kFPT42mByyl4Tfw_fNVhTKnPuB2kA" alt=""><figcaption></figcaption></figure>

We chose **Github** for this example. Once clicked, you get a repo to scan. For the demonstration purpose we take **Vulnado.**

<figure><img src="https://lh6.googleusercontent.com/47OhyaL8GWofSaRIk1kQ9d5NIrcxRNQ0SyInFwVUwcFU1ujVrPyJaFcyKjpL3Ve7vw5Nd64I9rnAJ6PzbiyyQ3WG90Rk_P25Qow7qcqKoGS0AoGEuU-q-fYoE0dbzIlJ3kfg1u-j8aOP53hP_n27FRdivQejFg1zLfi5LjTxwP-maxDHaDoh8etCUg" alt=""><figcaption></figcaption></figure>

We clone the repo and paste it like,

<figure><img src="https://lh6.googleusercontent.com/LoRr3UdM4pxtU0yx4ytimfLaMZC1epKgY3RTJRM6ugZfDjnexUXjTqmWYnTH2hU-9jybQlNpEOGXPC6rZ9wKul4-ezRNdkVaFtA4-W7ey55X46ndeCN9GBVdXHmqwn6cKxhmY9YgAvtYl2MkwZ6sXLWybdVaccVpNt6nNGYq7YKv6-CBFY_Xpkikgw" alt=""><figcaption></figcaption></figure>

Hit the green plus sign and scan.

<figure><img src="https://lh5.googleusercontent.com/9Wrq7AmEnhQqkKlm0mxlm4v9gYWv9ZeKz4PVrxtTQORmObqWCYE-1EWw5uJ5wY_GE9w2jyH1hfIQqW5CEZ3ZWwTLwf5GdmHMqnqeoe5w40qr6O96VPcAcrNVh6-cBmuSzj8HMh4qkvZ3iz2sJO_JlDG7n4JSOCSIk1Pb5QknIY9Snl-366yNKGphbA" alt=""><figcaption></figcaption></figure>

Scan with start

<figure><img src="https://lh5.googleusercontent.com/5mLWHQKuJQn7_e9jkmqF1PAtWki9lhn_Lf2kHDu5f_m_tiVudkaUkHvMLGe0IBurBhnnAr69K5d1nqhr9QnEZj3ggMQR3mO8awblej2mbCMwYqQUhWjXQYSgdonXXWCM9-vonh3GtRrgsb7e1aTi6CkqofJsRnIIW3Pbj8OIjRe666RBPSA9ZpDceA" alt=""><figcaption></figcaption></figure>

Once online scans finishes we get the result like following

<figure><img src="https://lh4.googleusercontent.com/QljpfaZy-EZM62yP_Z0g2ZrSZB_EaiJmA7eJjxdZ30kIwCoDkr00LOb2FnoikKsMSCkcpGSWJhaYeJ6Y62oJihWGxNrqur1ZPd3AmFwNY26pYlZluOGdANs-O5j_ZqoJ3QcH968c3JlvV9c4v6Niovx6nZV2Y2K3n6mNVtxv90IETWcE5VNKYq8o5A" alt=""><figcaption></figcaption></figure>

Above picture shows that we scanned a project names “vulnado-test” which has our Code Analysis (SAST) and other scans. Let’s dive into that.

Once you click on it you will be redirected to a page like following

Which will contain the following information about your SAST scan

```
  1) Project Scanned
```

Named of our current project. In this case vulnado-test

```
 2)  Scan Date
```

When scan was performed, on which date and at what time

```
 3) User’s Email
```

Which user performed this scan? We show their email address

```
4) RuleId 
```

Which rules matched our sets of backend rules. We show that

```
5) Vulnerable Code Snippet
```

Code block which is vulnerable

```
6) Rule description 
```

More information about the ruleid

```
 7) File Path
```

Vulnerable code file path

```
  8) Filter Severity 

	      -  To filter your results based upon the criticality 
          
```