{"id":824,"date":"2026-03-25T00:17:40","date_gmt":"2026-03-25T07:17:40","guid":{"rendered":"https:\/\/hackarandas.com\/blog\/?p=824"},"modified":"2026-03-25T00:17:40","modified_gmt":"2026-03-25T07:17:40","slug":"from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation","status":"publish","type":"post","link":"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/","title":{"rendered":"From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#from_noise_to_notes_orchestrating_sast_with_developers_through_ai-driven_remediation\" >From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#the_philosophy_shifting_left\" >The Philosophy: Shifting Left<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#the_challenge_of_%e2%80%9ccacophony%e2%80%9d\" >The Challenge of &#8220;Cacophony&#8221;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#signal_vs_noise_the_quality_of_findings\" >Signal vs. Noise: The Quality of Findings<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#finding_harmony_through_prioritization\" >Finding Harmony Through Prioritization<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#success_and_expansion\" >Success and Expansion<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#closing_the_last_mile_vibe_security_patching\" >Closing the Last Mile: Vibe Security Patching<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#the_five_step_orchestration_process\" >The Five Step Orchestration Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#context_awareness_and_%e2%80%9cmemories%e2%80%9d\" >Context Awareness and &#8220;Memories&#8221;<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#impact_on_security_velocity\" >Impact on Security Velocity<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/#key_takeaways\" >Key Takeaways<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"from_noise_to_notes_orchestrating_sast_with_developers_through_ai-driven_remediation\"><\/span>From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image6-150x150.png\" alt=\"\" width=\"150\" height=\"150\" class=\"alignleft size-thumbnail wp-image-832\" \/>I recently had the incredible honor of presenting my talk, <strong>&#8220;<a href=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/From-Noise-to-Notes_-Orchestrating-SAST-with-Developers-through-AI-Driven-Remediation.pdf\" target=\"_blank\">From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation<\/a>,&#8221;<\/strong> at <strong><a href=\"https:\/\/bsidessf.org\/\" target=\"_blank\">BSidesSF 2026<\/a><\/strong>. It was an amazing experience, and I am truly honored to have been part of the conference this year. I was personally mind-blown by the professionalism and perfect coordination of every detail by the organizers, which made the event a seamless success. This initiative was successfully managed and executed by a lean team: me as a full-time employee and one dedicated contractor. My presentation focused on the journey of transforming Static Application Security Testing (SAST) from a source of developer frustration into a high-value security partner within my current employer.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image2-1024x572.png\" alt=\"\" width=\"640\" height=\"358\" class=\"aligncenter size-large wp-image-828\" srcset=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image2-1024x572.png 1024w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image2-300x167.png 300w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image2-768x429.png 768w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image2-1536x858.png 1536w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image2.png 1999w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"the_philosophy_shifting_left\"><\/span>The Philosophy: Shifting Left<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The core of our strategy is the concept of <strong>&#8220;shifting left.&#8221;<\/strong> SAST is a method of checking computer programs for security vulnerabilities by analyzing source code without actually running the program. By integrating these scans early in the Software Development Lifecycle (SDLC), we help developers catch issues like injection flaws or hardcoded secrets while they are still writing code. This makes fixes faster, cheaper, and more effective than finding them after deployment.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"the_challenge_of_%e2%80%9ccacophony%e2%80%9d\"><\/span>The Challenge of &#8220;Cacophony&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The promise of SAST is to empower developers, but the reality often starts with <strong>&#8220;cacophony.&#8221;<\/strong> When we first rolled out our scanning capabilities across over 1,000 repositories, we were met with a staggering backlog of approximately <strong>3,500 findings.<\/strong><br \/>\nThis massive volume of alerts created a significant problem: noise and mistrust. When engineers are overwhelmed with thousands of findings, many of which are false positives or low-risk items, they begin to see security as a blocker that slows them down. We learned quickly that raw finding counts do not equal security value, and without developer trust, even the most critical findings are often ignored.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"signal_vs_noise_the_quality_of_findings\"><\/span>Signal vs. Noise: The Quality of Findings<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image7-300x168.png\" alt=\"\" width=\"300\" height=\"168\" class=\"alignleft size-medium wp-image-840\" srcset=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image7-300x168.png 300w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image7-768x429.png 768w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image7.png 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>A turning point in our success story was recognizing the difference in the <strong>quality of findings.<\/strong> While community-driven rules, such as those used in <strong>Opengrep,<\/strong> provide a low-cost entry point for scanning, they are often limited to single-file or single-function analysis. This limited scope can lead to higher false-positive rates because the tool cannot track dangerous data as it moves across different files.<\/p>\n<p>To build a high-signal program, we prioritized <strong>Research-curated Pro rules.<\/strong> These high-confidence, professionally maintained rules are <strong>only available through <a href=\"https:\/\/semgrep.dev\/products\/pro-engine\/\" target=\"_blank\">Semgrep Pro<\/a>.<\/strong> Unlike community rules, Pro rules leverage advanced inter-file dataflow analysis to trace vulnerabilities across the entire codebase. By focusing our efforts on these specific findings, we were able to effectively separate high-quality &#8220;notes&#8221; from the background &#8220;noise,&#8221; ensuring that the issues we sent to developers were accurate and actionable.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"finding_harmony_through_prioritization\"><\/span>Finding Harmony Through Prioritization<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>To move from noise to an actionable signal, we changed our approach to focus on what matters most to developers and the business. This section of our journey was critical to rebuilding trust across our engineering teams. We implemented a multi-layered strategy to tune our results:<\/p>\n<ul>\n<li><strong>Prioritizing by Severity and Confidence:<\/strong> We shifted our focus strictly to findings classified as High or Critical Severity that also carried High or Medium Confidence. This was largely made possible by the Pro rules, which are specifically designed to produce highly accurate findings.<\/li>\n<li><strong>Risk-Based Classification:<\/strong> We used a system to classify repositories by data sensitivity (levels D0 to D2) and availability tiers (T1 to T2). This allowed us to focus our primary efforts on core business systems and repositories that handle sensitive customer or financial data.<\/li>\n<li><strong>Leveraging Advanced Tooling:<\/strong> We utilized <strong><a href=\"https:\/\/semgrep.dev\/blog\/2025\/why-ai-powered-memories-are-the-future-of-semgrep-sast\/\" target=\"_blank\">Semgrep Memories<\/a><\/strong> to auto-learn patterns and suppress repeated false positives. Additionally, we deployed <strong><a href=\"https:\/\/semgrep.dev\/products\/semgrep-code\/assistant\" target=\"_blank\">Semgrep Assistant<\/a>,<\/strong> an LLM-powered triage tool, to pre-triage findings and reduce the manual effort required from our engineering teams.<\/li>\n<li><strong>Aggregating Results:<\/strong> To reduce context switching, we began reporting similar triaged findings within a single ticket rather than flooding developers with individual alerts for the same underlying issue.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image1.png\" alt=\"\" width=\"1024\" height=\"572\" class=\"aligncenter size-full wp-image-827\" srcset=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image1.png 1024w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image1-300x168.png 300w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image1-768x429.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"success_and_expansion\"><\/span>Success and Expansion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>By the <strong>end of Q3 2025,<\/strong> this focused high-impact scope allowed us to reduce nearly 6,000 total findings down to <strong>785 prioritized items.<\/strong> At that time, we were scanning 1,039 of our 2,760 repositories, which covered approximately <strong>95% of our high-risk systems.<\/strong><br \/>\nBased on the success of this story, we received additional budget by the <strong>first quarter of 2026.<\/strong> This allowed us to increase our coverage to <strong>100% of our repositories.<\/strong> Remarkably, reaching full coverage only resulted in a <strong>spike of approximately 20% more findings.<\/strong> This small increase proved that our initial risk-based classification strategy was correct: the vast majority of critical issues were indeed captured within our first prioritized 95%. Today, we have reached a major security milestone: we have achieved zero open findings with Critical or High severity and high confidence across our entire codebase.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"closing_the_last_mile_vibe_security_patching\"><\/span>Closing the Last Mile: Vibe Security Patching<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong><a href=\"https:\/\/hackarandas.com\/blog\/2025\/09\/27\/modernizing-security-patching-with-vibe-security-patching-and-ai-assistance\/\" target=\"_blank\">Vibe Security Patching<\/a><\/strong> is the strategic solution to what is often called the <strong>&#8220;Last Mile&#8221;<\/strong> problem in application security. While traditional Static Application Security Testing (SAST) is excellent at identifying <strong>what<\/strong> is wrong and <strong>where<\/strong> it is located, it traditionally stops there, leaving the difficult task of determining <strong>how<\/strong> to fix the issue entirely to the developer.<\/p>\n<p>We recognized that this gap creates a significant burden for engineers, who must research the vulnerability, understand the specific code context, and write a fix from scratch, a process that is frequently slow and error-prone. To close this gap, we moved beyond mere detection into <strong>AI driven remediation<\/strong>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"the_five_step_orchestration_process\"><\/span>The Five Step Orchestration Process<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Vibe Security Patching follows a structured workflow to turn findings into fixes:<\/p>\n<ol>\n<li><strong>Security Engineer Triage:<\/strong> A security professional identifies high impact vulnerabilities from the existing backlog.<\/li>\n<li><strong>Aggregate and Scope:<\/strong> Similar issues across the entire codebase are grouped together. This allows for fixing multiple instances of a vulnerability pattern at once rather than addressing them in isolation.<\/li>\n<li><strong>AI Patch Generation:<\/strong> Using <strong>Semgrep Assistant<\/strong> (an LLM powered tool), the system analyzes the finding and its surrounding context to create a <strong>&#8220;code-vibed&#8221; security patch<\/strong>. This patch is specifically designed to match the existing style and logic of <strong>the company&#8217;s<\/strong> codebase.<\/li>\n<li><strong>Developer Review:<\/strong> Instead of starting from zero, the developer receives a ready to review patch that they can quickly apply or modify as needed.<\/li>\n<li><strong>Merge and Verify:<\/strong> Once approved, the patch is merged, and the vulnerability is officially resolved.<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image4.png\" alt=\"\" width=\"1024\" height=\"572\" class=\"aligncenter size-full wp-image-830\" srcset=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image4.png 1024w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image4-300x168.png 300w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image4-768x429.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"context_awareness_and_%e2%80%9cmemories%e2%80%9d\"><\/span>Context Awareness and &#8220;Memories&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>A critical component of this success is the use of <strong>Semgrep Multimodal<\/strong> and <strong>Memories<\/strong>. These advanced AI features allow the tool to learn the preferred libraries and functions used by engineering. This ensures the generated patches are not generic but are tailored to our specific architectural standards.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"impact_on_security_velocity\"><\/span>Impact on Security Velocity<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The transformation from manual remediation to Vibe Security Patching has shifted security from a <strong>blocker to a partner<\/strong> for our engineering teams. By automating the &#8220;how to fix&#8221; portion of the lifecycle, the <strong>Mean Time to Remediation (MTTR)<\/strong> for prioritized vulnerabilities was reduced from <strong>weeks to just 48 to 72 hours<\/strong>. This allows <strong>my company<\/strong> to maintain high developer velocity while ensuring a secure by default coding environment.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"key_takeaways\"><\/span>Key Takeaways<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image5.png\" alt=\"\" width=\"1024\" height=\"572\" class=\"aligncenter size-full wp-image-831\" srcset=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image5.png 1024w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image5-300x168.png 300w, https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/image5-768x429.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>As we look toward the future of application security, these four lessons remain our north star:<\/p>\n<ol>\n<li><strong>SAST adoption only works when it works WITH developers:<\/strong> Empathy, trust, and developer experience are non-negotiable.<\/li>\n<li><strong>Reduce noise to find signal:<\/strong> Focus strictly on high-confidence, high-severity findings and use AI to help with auto-triaging.<\/li>\n<li><strong>Measure outcomes, not findings:<\/strong> Prioritize metrics like adoption rates and fix rates over raw vulnerability counts.<\/li>\n<li><strong>AI closes the last mile:<\/strong> Moving from alerts to actual fixes through AI-driven remediation accelerates secure software delivery.<\/li>\n<\/ol>\n<p>Our journey proved that SAST adoption only works when it works <strong>with<\/strong> developers. Empathy and developer experience are non-negotiable. By focusing on high-quality Pro rules and AI-driven fixes, we moved from a state of noise to a state of notes. I am incredibly grateful to the BSidesSF team for the opportunity to share this story at such a perfectly run event. Building a secure culture is about more than just tools; it is about turning findings into fixes and building confidence across the entire organization.<\/p>\n<p> You can download the presentation here: <strong>&#8220;<a href=\"https:\/\/hackarandas.com\/blog\/wp-content\/uploads\/2026\/03\/From-Noise-to-Notes_-Orchestrating-SAST-with-Developers-through-AI-Driven-Remediation.pdf\" target=\"_blank\">From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation<\/a>,&#8221;<\/strong><\/p>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation I recently had the incredible honor of presenting my talk, &#8220;From Noise to Notes: Orchestrating SAST with Developers through AI-Driven Remediation,&#8221; at BSidesSF 2026. It was an amazing experience, &hellip; <a href=\"https:\/\/hackarandas.com\/blog\/2026\/03\/25\/from-noise-to-notes-orchestrating-sast-with-developers-through-ai-driven-remediation\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":840,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[113,31,41,37,112,4,114],"tags":[119,118,115,116,121,128,127,129,105,120,126,106,124,125,123,117,122],"class_list":["post-824","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai","category-conferences","category-inphographic","category-presentations","category-sast","category-security","category-vibesecuritypatching","tag-ai-drivenremediation","tag-appsec","tag-bsidessf","tag-bsidessf2026","tag-developerexperience","tag-falsepositives","tag-mttr","tag-riskprioritization","tag-sast","tag-securityautomation","tag-securitymetrics","tag-semgrep","tag-semgrepassistant","tag-semgrepmemories","tag-semgreppro","tag-shiftingleft","tag-vibesecuritypatching"],"_links":{"self":[{"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/posts\/824","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/comments?post=824"}],"version-history":[{"count":12,"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/posts\/824\/revisions"}],"predecessor-version":[{"id":847,"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/posts\/824\/revisions\/847"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/media\/840"}],"wp:attachment":[{"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/media?parent=824"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/categories?post=824"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackarandas.com\/blog\/wp-json\/wp\/v2\/tags?post=824"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}