Static Application Security Testing (SAST) tools often generate overly generic warnings, hindering developers—especially junior and mid-level practitioners—from accurately understanding vulnerability root causes, security impacts, and remediation strategies, thereby severely limiting tool usability. To address this, we propose SAFE, the first IDE-integrated SAST explainability plugin that deeply incorporates GPT-4o via context-aware prompt engineering to automatically generate precise, natural-language explanations of root causes, security implications, and actionable fix recommendations. Its core innovation lies in real-time orchestration between large language models and static analysis outputs, enabling personalized, operationally grounded vulnerability interpretations. A user study demonstrates that SAFE significantly improves developers’ vulnerability comprehension accuracy (+42%) and average repair efficiency (3.1× faster), effectively bridging the semantic gap between SAST detection capabilities and practical development workflows.

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic warning messages do not sufficiently communicate important information to developers, resulting in misunderstandings or oversight of critical findings. In light of recent developments in Large Language Models (LLMs) and their text generation capabilities, our work investigates a hybrid approach that uses LLMs to tackle the SAST explainability challenges. In this paper, we present SAFE, an Integrated Development Environment (IDE) plugin that leverages GPT-4o to explain the causes, impacts, and mitigation strategies of vulnerabilities detected by SAST tools. Our expert user study findings indicate that the explanations generated by SAFE can significantly assist beginner to intermediate developers in understanding and addressing security vulnerabilities, thereby improving the overall usability of SAST tools.