SAST vs WAF: What should I choose?

Given the fact that I have a WAF already deployed, what is the benefit I could get by purchasing a SAST tool that would scan the engineers’ code for security flaws?

Does this also apply for SCA tools where they can alert in case of using a vulnerable/malicious dependency or library? Can WAFs also protect from that?

Thank you