Static Application Security Testing (SAST) Software
GetApp offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links.
Learn more
Here's our list of apps for Static Application Security Testing (SAST) Software. Filters help you narrow down the results to find exactly what you’re looking for.
Filter by
Pricing model
Devices supported
Business size
Countries available
Countries where the product is available. Note: Customer support may not be accessible in that country.
Sort by
49 Software options
Aikido Security secures your source code by combining different scanning capabilities. SAST, DAST, IAC, SCA, SCPM, Container Scanning, Dependencies Scanning & Secrets detection, all in one tool.
Read more about Aikido Security
GitLab is an integrated, open source DevOps lifecycle management platform for software development teams to plan, code, test, deploy & monitor product changes
Read more about GitLab
Kiuwan is an end-to-end application security platform supporting 30+ languages with SAST, SCA, & QA. Kiuwan integrates with IDEs for direct analysis, offers tailored reports, and meets NIST, CWE, & OWASP standards.
Manage open source components and secure your projects confidently with Kiuwan.
Read more about Kiuwan
Invicti, formerly Netsparker, web application security scanning solution automatically identifies XSS, SQL Injection and other vulnerabilities in websites, web applications and web services and lets enterprise-class businesses automate and scale their web security program.
Read more about Invicti
GitHub is a place to share code with friends, co-workers, classmates, and complete strangers, helping individuals and teams to write faster, better code
Read more about GitHub
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines.
Read more about SonarQube
Dynatrace Ruixt is an all-in-one application performance monitoring
Read more about Dynatrace
Acunetix (by Invicti) is a cyber security solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites to detect vulnerabilities such as XSS, SQL Injection, and more.
Read more about Acunetix
SiteLock is a static application security testing (SAST) software designed to help businesses protect websites against malware and distributed denial-of-service (DDoS) attacks. Key features of the platform include threat detection, database scanning, bad bot blocking, automated plugin patching, security vulnerability repair, and website acceleratio...
Read more about SiteLock
JFrog Artifactory is a binary repository management SaaS solution that provides software development and DevOps teams with a single source of truth for sourcing, storing, sharing, and deploying software components. Release your software with security and ease.
Read more about Artifactory
Snyk is a cloud-based application security and testing platform, which helps enterprises discover and fix vulnerabilities across open source libraries, containers, or codes throughout the development process. Features include runtime monitoring, reporting, exploitability indicators, alerts, and prioritization.
Read more about Snyk
Sigrid delivers a holistic SAST solution that empowers organizations to manage software security risks. By offering actionable insights, Sigrid helps companies strengthen their security defenses, streamline compliance processes, and accelerate the deployment of secure software applications.
Read more about Sigrid
For Salesforce DevOps teams, CodeScan helps businesses scan and analyze Salesforce codes, define quality and security standards, and ensure compliance with statutory guidelines across code development projects. We have 350+ rules and support all Salesforce languages and Metadata.
Read more about CodeScan
BuildPiper is a product by OpsTree Labs, which is an end-to-end Kubernetes and microservices Delivery Platform. It is a hybrid cloud-enabled system that facilitates the deployment of dockerized code across multiple environments.
Read more about BuildPiper
CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality.
Read more about CodeScene
DeepSource is the code health platform that all tools needed to write maintainable and secure code to improve software's stability and increase developer velocity.
Read more about DeepSource
Klocwork is a web-based static code analysis software designed to help businesses identify and manage software security and quality in compliance with regulatory guidelines. It lets DevOps teams detect various security vulnerabilities including tainted data, SQL injection, vulnerable coding practices, buffer overflow, and more.
Read more about Klocwork
Bytesafe is a firewall for dependencies. Using the source code and vulnerability management platform, businesses can protect applications, stay in control and keep unwanted dependencies out of the organization.
Read more about Bytesafe
SonarLint is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time.
Read more about SonarLint
SonarCloud is a cloud based (SaaS) static code analysis solution that can be used by dev teams to ensure code quality and security.
Read more about SonarCloud
Checkmarx One is an enterprise cloud-native application security platform that helps teams cut through the noise fix what matters most.
Read more about Checkmarx One
Coverity is a static application security testing (SAST) solution designed to help businesses manage risks across the application portfolio, address quality defects in the software development life cycle, and maintain compliance with many coding and security standards.
Read more about Coverity
With GuardRails, you can finally feel safe on every level of your security. The platform enhances development processes and gives developers control via its layered approach that shields them from code to the cloud for complete protection against attackers.
Read more about GuardRails
Nexus Lifecycle by Sonatype is an application security and dependency management solution designed to help organizations manage open-source governance and automatically find and fix vulnerabilities across the entire software development lifecycle (SDLC). The platform enables developers to monitor security standards in the development process and...
Read more about Nexus Lifecycle
Apiiro is re-inventing the secure development lifecycle for agile and cloud-native development. It helps businesses transform application security into multidimensional application risk.
Read more about Apiiro