Choosing an Open-source SAST for Python Projects

We'll take a look at popular open-source tools for static security analysis (SAST) in Python projects: Bandit, SonarQube, Semgrep, CodeQL. We will discuss advantages and disadvantages of each with examples of using them on a prepared benchmark — a pre-vulnerable Python application (OWASP Top 10).