Which of the following is not a feature of SAST?

The correct answer, indicating that team-building efforts are not a feature of Static Application Security Testing (SAST), is based on the nature of what SAST encompasses. SAST is primarily focused on analyzing source code and identifying vulnerabilities before the application is run. It involves reviewing the code structure and logic to uncover security flaws.

"White-box" testing is an approach intrinsic to SAST, as it requires a detailed understanding of the internal workings of the application being tested, thus the testers have access to the source code. Additionally, the source code review itself is a fundamental characteristic of SAST, making it essential for detecting potential security issues at the code level.

Utilizing highly skilled, often expensive, outside consultants can sometimes happen in practice with SAST implementations, but that detail pertains more to the resources involved rather than a defining feature of the testing process itself. In contrast, team-building efforts are generally not a component of SAST; these efforts relate more to organizational culture and collaboration rather than the technical aspects of static analysis.