Here's our list of apps for Static Application Security Testing (SAST). Filters help you narrow down the results to find exactly what you’re looking for.

14 Software options

Sort by
GitHub is a place to share code with friends, co-workers, classmates, and complete strangers, helping individuals and teams to write faster, better code Read more about GitHub
GitLab is an integrated, open source DevOps lifecycle management platform for software development teams to plan, code, test, deploy & monitor product changes Read more about GitLab
Kiuwan is a cloud-based application security solution which combines automatic code scanning with automated management of open source components. The platform supports a range of technologies and integrates with a variety of tools such as build systems, bug tracking and code repositories. Read more about Kiuwan
SiteLock is a static application security testing (SAST) software designed to help businesses protect websites against malware and distributed denial-of-service (DDoS) attacks. Key features of the platform include threat detection, database scanning, bad bot blocking, automated plugin patching, security vulnerability repair, and website... Read more about SiteLock
For Salesforce DevOps teams, CodeScan helps businesses scan and analyze Salesforce codes, define quality and security standards, and ensure compliance with statutory guidelines across code development projects. We have 350+ rules and support all Salesforce languages and Metadata. Read more about CodeScan
Snyk is a cloud-based application security and testing platform, which helps enterprises discover and fix vulnerabilities across open source libraries, containers, or codes throughout the development process. Features include runtime monitoring, reporting, exploitability indicators, alerts, and prioritization. Read more about Snyk
Klocwork is a web-based static code analysis software designed to help businesses identify and manage software security and quality in compliance with regulatory guidelines. It lets DevOps teams detect various security vulnerabilities including tainted data, SQL injection, vulnerable coding practices, buffer overflow, and more. Read more about Klocwork
Coverity is an on-premise and cloud-based static application security testing (SAST) solution designed to help businesses manage risks across the application portfolio, address quality defects in the software development life cycle (SDLC), and maintain compliance with several coding and security standards. Administrators can gain insights into... Read more about Coverity
Checkmarx Static Application Security Testing (CxSAST) is designed to help businesses conduct static analysis for identifying vulnerabilities in custom codes and open source applications. It enables DevOps teams to scan source codes in the software development lifecycle (SDLC), mitigate risks, and gain insights into the system's security framework. Read more about CxSAST
SonarQube is a tool used for continuously inspecting Code Quality and Code Security for development teams during code reviews. Read more about SonarQube
DeepSource is a static application security testing (SAST) software designed to help businesses review application codes to identify potential vulnerabilities or performance issues. The platform automatically determines the context of codes, enabling supervisors to analyze and detect various types of issues, including bug risks, anti-patterns, and... Read more about DeepSource
ThunderScan by DefenseCode is a Static Application Security Testing (SAST) software that allows businesses to perform deep and extensive security analysis of various application source codes. ThunderScan can be integrated with existing CI/CD pipelines and DevOps environment, offering a platform that requires almost no user input, easy to use, and... Read more about ThunderScan
Veracode is a static application security testing (SAST) software designed to help businesses review applications' source code to identify vulnerabilities. The platform allows software developers to conduct application analysis and receive automated security feedback in the IDE and CI/CD pipeline. Read more about Veracode

Related categories