SAST means Static Analysis Software Testing , and (I believe) it was originally coined by Gartner when they published their Magic Quadrant for Static Application Security Testing report (first version in 2009).
SAST is basically what we usually (in the web world) call Static Analysis of source code (i.e. White Box tools). It cousin is DAST (Dynamic Application Security Testing) and is what we call Pentesting (i.e. BlackBox tools). Google's DAST search results are also funny. Here is a more detailed answer on the difference between SAST and DAST.
As you will seen in Gartner's website, they change for this report, but some companies have bought them and posted/leaked the PDF online (in a way that Google finds it)
- 1st edition: 6 February 2009 here
- 2nd edition: 13 December 2010: here and here (linked from http://www-01.ibm.com/software/rational/info/gartner-security/)
- https://www.fortify.com/ssa-basics/Gartner2010MQ_SAST.html
- http://blogs.gartner.com/neil_macdonald/2011/01/19/static-or-dynamic-application-security-testing-both/
- https://blog.whitehatsec.com/tag/sast/
Back on the topic of Framewoks, Neil MacDonald (from Gartner) is absolutely spot on in this 2009 entry: For Static Application Security Testing, Frameworks Matter
Btw, I wonder when will the O2 Platform be included in a Gartner Magic Quadrant report?