---
date: '2026-04-28'
created: '2026-04-28'
modified: '2026-04-28'
title: 'the tree of code security part 1: the seed'
description: a deep dig into the history, present and future of application security tool engineering
draft: false
tags:
  - security
  - engineering
published: '2026-04-28'
pageLayout: default
slug: posts/the-tree-of-code-security
permalink: https://stateless.computer/posts/the-tree-of-code-security.md
generator:
  quartz: v4.5.2
  hostedProvider: Cloudflare
  baseUrl: stateless.computer
full: https://stateless.computer/llms-full.txt
---
SAST tools are driving modern day code security. As simple as adding simple Github App into your pipeline to promote yourself from DevOps to DevSecOps Engineer.

But there’s something common between all your favourite code security tooling, even the AI-native ones. They all build upon the branches of a tree called the Abstract Syntax Tree. But why? And, how?

This will be answered in a three-part series where we’ll start by revisiting the origins of code security and static analysis tooling, explore the current adopted paradigms and peak into the future.

## Brief History of Static Analysis

Code security and static analysis are related but, not same. Static analysis tooling did not start with security. It started with correctness in mind.