Static Application Security Testing (SAST) Software

SonarQube is the leading tool for continuously inspecting the Code Quality and Security of your codebases, and guiding development teams during Code Reviews. Covering 27 programming languages, while pairing-up with your existing... Learn more

Designed for businesses in banking, information technology, financial services and other industries, OX Security is a cloud security platform that provides advanced threat detection and response capabilities. The solution... Learn more

GitLab is a cloud-based project management platform that allows software developers to develop and manage codes collaboratively. The platform can be deployed either on-premise or in the cloud. GitLab helps developers manage the... Learn more

GitHub is a project management and code sharing platform that allows users to share their codes with others and create/iterate using collective intelligence. The software can be used for different kinds of coding assignments... Learn more

Dynatrace is an AIOps solution designed to help businesses automate multi-cloud processes and streamline collaboration across multiple teams through purpose-built use cases. Its filtering capabilities enable supervisors to search... Learn more

Kiuwan is a static application security testing (SAST) solution designed to help businesses identify and remediate vulnerabilities within source code across the software development life cycle (SDLC). The platform supports... Learn more

Acunetix (by Invicti) is a cloud-based digital security solution that assist security analysts with data protection, manual testing and compliance reporting. It is primarily designed to scan websites and identify vulnerabilities... Learn more

SiteLock is a cloud-based security platform, which helps accelerate website performance, conversions and protects the online business against hackers. Designed for all industries, the platform provides solutions for vulnerability... Learn more

Invicti, formerly Netsparker, is a cloud-based and on-premise solution designed to help businesses manage the entire application security lifecycle through automated vulnerability assessments. Key features include maintenance... Learn more

Snyk is an application security and testing platform designed to help businesses find, prioritize and remediate vulnerabilities across open source libraries, codes and containers. The platform enables developers to scan and... Learn more

Modern software application development has evolved from deploying products periodically to build them on a daily or hourly basis using CI servers. Developers and DevOps teams need to support the continual flow of code from the... Learn more

AutoRABIT is the only complete DevSecOps platform for Salesforce developers. Incorporate static code analysis, data security, and CI/CD capabilities to increase the security, release velocity, and quality of your Salesforce code... Learn more

BuildPiper is a microservices and Kubernetes delivery platform. It helps businesses with the entire software delivery process, starting right from the developer's workstation to the final product release. With BuildPiper,... Learn more

CodeScene is a tool that maps hotspots in a codebase and pinpoints the exact lines of unhealthy code threatening software delivery flow. CodeScene helps development teams build more sustainable, safer software with healthier... Learn more

DeepSource is the code health solution, providing organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle. Most organizations use many... Learn more

Klocwork is a web-based static application security testing (SAST software designed to help businesses identify and fix software security issues in compliance with security standards such as OWASP, CWE, PCI DSS, CERT and ISO/IEC... Learn more

A free and open-source IDE plugin, SonarLint helps developers find and fix issues in real-time as they code, enhancing productivity and code quality, and reducing technical debt. Supporting 25 languages and 11 IDEs, SonarLint... Learn more

SonarCloud is an online service that catches bugs and security vulnerabilities in pull requests and throughout code repositories. SonarCloud pairs with existing cloud-based CI/CD workflows and provides clear resolution guidance... Learn more

Checkmarx Static Application Security Testing (CxSAST) is a static analysis platform that enables businesses to identify security vulnerabilities across source codes. It allows software development teams to automate workflows,... Learn more

Bytesafe is a cloud-native security platform reduces risk and protects revenue - without slowing down developers. In today’s insecure world, security attacks are increasingly targeting the software supply chain and simply... Learn more

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security... Learn more

GuardRails is a security platform that empowers developers to build secure applications by giving them continuous protection. GuardRails provides a seamless experience for you and your team by securing all the critical... Learn more

Nexus Lifecycle by Sonatype helps developers streamline open-source governance operations and scan and fix issues in the software development process via a unified portal. The platform enables security professionals to establish... Learn more

Apiiro invented a code risk platform to remediate critical risks from cloud to code and secure all cloud-native application components in a single platform. Once connected to a source control manager, Apiiro will identify all... Learn more

Fortify is an application security platform designed to help organizations address the evolving threats of today and tomorrow. By combining established next-gen technologies with best practices, Fortify allows organizations to... Learn more

Argon’s first-to-market holistic security solution protects the integrity of software development environments’ CI/CD pipelines, eliminating risks from misconfigurations, vulnerabilities, and preventing major scale software... Learn more

IDA Pro is a binary code analysis tool. It's capable of creating maps of software's execution to show the binary instructions that are actually executed by the processor in a symbolic representation called assembly language. This... Learn more

Conviso is a Static Application Security Testing tool that helps businesses secure application development pipelines via vulnerability scanning, automated testing, and more. This platform is designed for businesses in finance,... Learn more

Aikido is a security management system that aids businesses in streamlining their security operations across codes and the cloud. It offers various features, including custom rules, tailored notifications, on-demand security... Learn more

ThunderScan is a static application security testing and white-box testing tool designed to help businesses perform extensive security analysis of application source codes. The application requires minimal user input and can also... Learn more

ShiftLeft CORE is the only suite of Application Security tools and services capable of analyzing the complete flow of data through a modern application in minutes so dev teams can release secure code at scale. ShiftLeft can match... Learn more

Flawnter is a code security and quality analysis software designed to help you quickly find bugs in your application while also providing details how to fix each finding. The scanner is very fast and provides accurate results... Learn more

Ostorlab is a platform that discovers and scans mobile applications, web applications, and external attack surfaces to identify vulnerabilities and security & privacy weaknesses. - Manage attack surfaces and discover assets. -... Learn more

Veracode is a static application security testing (SAST) solution that helps businesses manage security risk across the application building pipeline. It enables software developers to monitor source codes to identify vulnerabilit... Learn more

Bearer is a Static Application Security Testing (SAST) tool that brings the principles and the benefits of the DevSecOps model to the data security practice. Bearer enables security and engineering teams to implement data... Learn more

esChecker, your MAST automation companion Reduce the time wasted to qualify your Mobile Application Protections thanks to MAST automation (SAST static tests and DAST dynamic tests). The slow, manual days of pentesting mobile... Learn more

AIAST – An advanced interactive application security tool identifying vulnerabilities in both self-developed code and open-source dependencies. Seamlessly integrate into CI/CD and can be applied in both application development... Learn more

Mobi Heals is a comprehensive platform addressing the critical issue of mobile app security. With the increasing dependence on mobile applications, protecting user data has become a top priority. Mobi Heals simplifies securing... Learn more

VulnSign is an automated dynamic application security testing tool that detects vulnerabilities in web applications, microservices, and APIs. VulnSign is designed for organizations that want to improve their application security... Learn more

Betterscan is a cloud-native cybersecurity software designed for automating a wide array of checks to secure both cloud environments and applications. It helps businesses automate thousands of checks to prevent human errors in... Learn more