Apiiro AI SAST is an Application Security Posture Management (ASPM) platform that provides application visibility and risk management from code to runtime. The platform creates an inventory of applications and software supply chains by connecting to source code management systems to analyze code commits, pull requests, builds, and runtime environments. The platform includes Deep Code Analysis (DCA) and code-to-runtime modeling to understand application architecture and identify critical risks. It features an extended software bill of materials (XBOM) that maps technologies, frameworks, components, and contributors along with their risks and interconnections. Material code change detection monitors commits and pull requests for changes that impact attack surfaces. The platform integrates with existing security tools including SAST, SCA, CSPM, and runtime API security tools to provide a unified view of risks. It normalizes, correlates, and deduplicates findings while tying them to source code and code owners. The Risk Graph connects different risk types using context from code, runtime, databases, and integrated tools. The platform includes a dynamic risk engine for setting granular risk policies and automated workflows. It provides developer-centric guardrails that integrate with pull requests and CI/CD builds. Reporting capabilities include risk dashboards, security testing coverage mapping, and enterprise-grade reports for measuring application security posture.