Here's our list of apps for Static Application Security Testing (SAST) Tools. Filters help you narrow down the results to find exactly what you’re looking for.

Sort by
Sponsored Highest Rated About sorting methods

34 Software options

DeepSource

5 (9)
The Code Health Solution.
DeepSource is the code health platform that all tools needed to write maintainable and secure code to improve software's stability and increase developer velocity. Read more about DeepSource
Visit Website
Alternatives

GitHub

4.8 (5759)
Social coding & collaborative development platform
GitHub is a place to share code with friends, co-workers, classmates, and complete strangers, helping individuals and teams to write faster, better code Read more about GitHub
Learn More
Alternatives

GitLab

4.6 (937)
Complete DevOps lifecycle management
GitLab is an integrated, open source DevOps lifecycle management platform for software development teams to plan, code, test, deploy & monitor product changes Read more about GitLab
Learn More
Alternatives

Dynatrace

4.5 (47)
All-in-One Application Performance Monitoring
Dynatrace Ruixt is an all-in-one application performance monitoring Read more about Dynatrace
Learn More
Alternatives

SonarQube

4.6 (47)
Continuous Code Quality and Code Security tool.
SonarQube is a tool used for continuously inspecting Code Quality and Code Security for development teams during code reviews. Read more about SonarQube
Learn More
Alternatives

Kiuwan

4.4 (35)
Security Solutions for your DevOps Process
Kiuwan is a cloud-based application security solution which combines automatic code scanning with automated management of open source components. The platform supports a range of technologies and integrates with a variety of tools such as build systems, bug tracking and code repositories. Read more about Kiuwan
Learn More
Alternatives

SiteLock

3.3 (22)
Threat intelligence software for eCommerce businesses
SiteLock is a static application security testing (SAST) software designed to help businesses protect websites against malware and distributed denial-of-service (DDoS) attacks. Key features of the platform include threat detection, database scanning, bad bot blocking, automated plugin patching, security vulnerability repair, and website acceleratio... Read more about SiteLock
Learn More
Alternatives

Artifactory

4.6 (17)
Artifact repository manager for software development teams
JFrog Artifactory is a binary repository management SaaS solution that provides software development and DevOps teams with a single source of truth for sourcing, storing, sharing, and deploying software components. Release your software with security and ease. Read more about Artifactory
Learn More
Alternatives

Snyk

4.8 (17)
Cloud-based security platform to track & fix vulnerabilities
Snyk is a cloud-based application security and testing platform, which helps enterprises discover and fix vulnerabilities across open source libraries, containers, or codes throughout the development process. Features include runtime monitoring, reporting, exploitability indicators, alerts, and prioritization. Read more about Snyk
Learn More
Alternatives

CodeScan

4.8 (14)
Quality and Security for the Salesforce Platform
For Salesforce DevOps teams, CodeScan helps businesses scan and analyze Salesforce codes, define quality and security standards, and ensure compliance with statutory guidelines across code development projects. We have 350+ rules and support all Salesforce languages and Metadata. Read more about CodeScan
Learn More
Alternatives

BuildPiper

4.2 (12)
Delivering software just got faster
BuildPiper is a product by OpsTree Labs, which is an end-to-end Kubernetes and microservices Delivery Platform. It is a hybrid cloud-enabled system that facilitates the deployment of dockerized code across multiple environments. Read more about BuildPiper
Learn More
Alternatives

Codiga

4.8 (11)
Help developers write better code, faster.
Codiga is a coding assistant that helps software developers write better code faster. With the Codiga coding assistant, businesses can create, find, and import safe and secure reusable code blocks in seconds, saving hours of software development. Read more about Codiga
Learn More
Alternatives

CodeScene

4.7 (11)
Software Analysis Tool for Improving Code Health
CodeScene is a tool that maps hotspots in a codebase and pinpoints the exact lines of unhealthy code hindering software delivery flow. Read more about CodeScene
Learn More
Alternatives

Klocwork

4.6 (8)
Static code analysis tool with continuous compliance
Klocwork is a web-based static code analysis software designed to help businesses identify and manage software security and quality in compliance with regulatory guidelines. It lets DevOps teams detect various security vulnerabilities including tainted data, SQL injection, vulnerable coding practices, buffer overflow, and more. Read more about Klocwork
Learn More
Alternatives

Bytesafe

4.6 (8)
Source code and vulnerability management platform
Bytesafe is a firewall for dependencies. Using the source code and vulnerability management platform, businesses can protect applications, stay in control and keep unwanted dependencies out of the organization. Read more about Bytesafe
Learn More
Alternatives

CxSAST

3.9 (7)
Software for managing application risks and vulnerabilities
Checkmarx Static Application Security Testing (CxSAST) is designed to help businesses conduct static analysis for identifying vulnerabilities in custom codes and open source applications. It enables DevOps teams to scan source codes in the software development lifecycle (SDLC), mitigate risks, and gain insights into the system's security framework. Read more about CxSAST
Learn More
Alternatives

SonarLint

4.7 (6)
Open-source IDE extension
SonarLint is a free and open-source IDE extension that allows developers to detect and fix bugs, vulnerabilities, and code smells to create Clean Code. Read more about SonarLint
Learn More
Alternatives

SonarCloud

4.5 (6)
Web-based tool for catchin bugs and security vulnerabilities
SonarCloud is the leading online service to catch bugs and security vulnerabilities in pull requests and throughout the code repositories. Read more about SonarCloud
Learn More
Alternatives

Coverity

3.6 (5)
Build secure, high-quality software faster.
Coverity is a static application security testing (SAST) solution designed to help businesses manage risks across the application portfolio, address quality defects in the software development life cycle, and maintain compliance with many coding and security standards. Read more about Coverity
Learn More
Alternatives

GuardRails

5 (5)
Application security software
With GuardRails, you can finally feel safe on every level of your security. The platform enhances development processes and gives developers control via its layered approach that shields them from code to the cloud for complete protection against attackers. Read more about GuardRails
Learn More
Alternatives

Nexus Lifecycle

4 (4)
Application security and dependency management solution
Nexus Lifecycle by Sonatype is an application security and dependency management solution designed to help organizations manage open-source governance and automatically find and fix vulnerabilities across the entire software development lifecycle (SDLC). The platform enables developers to monitor security standards in the development process and... Read more about Nexus Lifecycle
Learn More
Alternatives

Apiiro

4.3 (3)
AppSec management tool to secure cloud software development.
Apiiro is re-inventing the secure development lifecycle for agile and cloud-native development. It helps businesses transform application security into multidimensional application risk. Read more about Apiiro
Learn More
Alternatives

Fortify

5 (2)
Application security, data security, and threat detection.
Fortify enables businesses of all sizes to protect their applications, data and the rest of their assets from cyber criminals. With strategic outcomes ranging from DevSecOps to secure data analytics, Fortify helps enterprises gain visibility into their applications, detect threats quickly and defend against them effectively with automated incident... Read more about Fortify
Learn More
Alternatives

Argon

5 (1)
Holistic security for CI/CD pipeline
Argon connects to development environments and tools. It protects the entire CI/CD pipeline from code manipulation misconfigurations, code leaks, and vulnerabilities. This solution enables smooth AppSec orchestration by providing a unified view, full visibility, security, and code integrity. Read more about Argon
Learn More
Alternatives

IDA Pro

5 (1)
A powerful disassembler and a versatile debugger.
Hex-Rays develops and supports the IDA disassembler. This famous software analysis tool, which is a de-facto standard in the software security industry, is an indispensable item in the toolbox of a software analyst, security expert, software developer, or software engineer. Read more about IDA Pro
Learn More
Alternatives

Conviso

4 (1)
Static Application Security Testing (SAST) Solution
Conviso is a SaaS-based tool that helps businesses secure application development pipelines via vulnerability scanning, automated testing, and more. Read more about Conviso
Learn More
Alternatives

Bearer

(0)
Fix data security risks before you release
Bearer enables security and engineering teams to implement data security policies and mitigate risks throughout the development lifecycle. Read more about Bearer
Learn More
Alternatives

ThunderScan

(0)
SAST Application Security
ThunderScan by DefenseCode is a Static Application Security Testing (SAST) software that allows businesses to perform deep and extensive security analysis of various application source codes. ThunderScan can be integrated with existing CI/CD pipelines and DevOps environment, offering a platform that requires almost no user input, easy to use, and... Read more about ThunderScan
Learn More
Alternatives

Veracode

(0)
Software for scanning & managing application vulnerabilities
Veracode is a static application security testing (SAST) software designed to help businesses review applications' source code to identify vulnerabilities. The platform allows software developers to conduct application analysis and receive automated security feedback in the IDE and CI/CD pipeline. Read more about Veracode
Learn More
Alternatives

ShiftLeft CORE

(0)
A code security platform for developers.
ShiftLeft CORE is an application security platform that improves collaboration between Dev and AppSec teams and provides early scans of code at scale. Read more about ShiftLeft CORE
Learn More
Alternatives

esChecker

(0)
Do you trust your Mobile Application Security Protections?
esChecker is a powerful tool that automatically test that the security implemented in the mobile application responds perfectly to the attacks it may suffer. The big highlight of esChecker comes from all the dynamic tests (DAST) that are offered. Read more about esChecker
Learn More
Alternatives

AppSonar

(0)
Improve your application code security and quality
AppSonar helps automate static application security testing to find hidden security and quality bugs at the source. Unlimited code scanning and free email and phone support. Read more about AppSonar
Learn More
Alternatives

Ostorlab

(0)
Cloud-based vulnerability management platform
Ostorlab is a cloud-based vulnerability management platform designed to help businesses detect, monitor, and remediate risks across enterprises' external attack surfaces. Read more about Ostorlab
Learn More
Alternatives

VMware Tanzu Observability

(0)
Enterprise observability platform
Tanzu Observability is a user-friendly enterprise observability solution that offers full-stack visibility for applications running on any cloud. Read more about VMware Tanzu Observability
Learn More
Alternatives

Related categories