### Static Application Security Testing (SAST) advanced features

You can enable and configure SAST in the UI, either with default settings, or with customizations. Use the method that best meets your needs.

You can customize the default scanning rules provided by our SAST analyzers.

https://docs.gitlab.com/ee/user/application_security/sast/#customize-rulesets

#### See new findings in merge request widget

With GitLab Ultimate, SAST results are also processed so you can:  

-   See them in merge requests.  
-   Use them in approval workflows.  
-   Review them in the security dashboard.   

The results are sorted by the priority of the vulnerability:

1.  Critical
2.  High
3.  Medium
4.  Low
5.  Info
6.  Unknown

![sast-in-mr](./sast-in-mr.en.png)  

Example project using Static Application Security Testing (SAST): [Demo SAST](https://jihulab.com/ultimate-plan/demo/sast-demo/-/tree/3-test-new-policy-name)