This project is an AI-Native SAST tool. Unlike traditional SAST tools that rely solely on parsing and analysis rules, this project uses LLM (e.g. Claude from Anthropic, GPT from OpenAI or Gemini from Google) to find vulnerabilities.
This project can be used standalone on your laptop. It is available as part of the Datadog Code Security offering.
This project is under development and is in preview stage.
SAIST can be run standalone, but has the following dependencies:
DD_API_KEY and DD_APP_KEY environment variables.datadoghq.com. If your Datadog account is on a different site (e.g. EU), set DD_SITE accordingly.Note for open source users: Due to the Datadog API dependency, SAIST cannot currently be used without a Datadog account. If you'd like to see a mode that works fully without a Datadog subscription, please open an issue.
Set the following environment variables to specify the API key to your LLM provider
ANTHROPIC_API_KEYOPENAI_API_KEYGOOGLE_API_KEYBuild and run the binary:
make build
./bin/datadog-saist --directory <path> --output <output-file> --detection-model <model> --validation-model <model> [options]
Example to run with Gemini
make build
GOOGLE_API_KEY=<...> ./bin/datadog-saist --directory <path> --output <output-file> --detection-model gemini-3-flash --validation-model gemini-3-flash
--directory: Directory to analyze (required)--output: Output file path for SARIF report (required) --model: Model to use for analysis (required)openai-gpt5.2: OpenAI GPT-5.2openai-gpt5.2-codex: OpenAI GPT-5.2 codexclaude-4.5-haiku: Claude 4.5 Haikuclaude-4.5-opus: Claude 4.5 Haikugemini-2.5-pro: Gemini 2.5 Progemini-2.5-flash: Gemini 2.5 Flashgemini-3-flash: Gemini 3 Flash--debug: Enable debug mode for verbose output--request-timeout-sec: Request timeout in seconds (default: 30)--file-concurrency: Number of concurrent files to analyze (default: 20)--write-prompts: Write prompts to files during analysis--skip-indexing: Disable cross-file context indexing. When set, related files are not collected and included in prompts. Reduces memory usage on large repositories at the cost of cross-file vulnerability detection.$ claude mcp add datadog-saist \
-- python -m otcore.mcp_server <graph>