GitHub is a place to share code with friends, co-workers, classmates, and complete strangers, helping individuals and teams to write faster, better code
Read more about GitHub
GetApp offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links.
Learn more
Here's our list of apps for Static Application Security Testing (SAST) Software. Filters help you narrow down the results to find exactly what you’re looking for.
Filter by
Pricing model
Devices supported
Business size
Countries available
Countries where the product is available. Note: Customer support may not be accessible in that country.
Sort by
20 Software options
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines.
Read more about SonarQube
Dynatrace Ruixt is an all-in-one application performance monitoring
Read more about Dynatrace
Kiuwan is an end-to-end application security platform supporting 30+ languages with SAST, SCA, & QA. Kiuwan integrates with IDEs for direct analysis, offers tailored reports, and meets NIST, CWE, & OWASP standards.
Manage open source components and secure your projects confidently with Kiuwan.
Read more about Kiuwan
Acunetix (by Invicti) is a cyber security solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites to detect vulnerabilities such as XSS, SQL Injection, and more.
Read more about Acunetix
Invicti, formerly Netsparker, web application security scanning solution automatically identifies XSS, SQL Injection and other vulnerabilities in websites, web applications and web services and lets enterprise-class businesses automate and scale their web security program.
Read more about Invicti
JFrog Artifactory is a binary repository management SaaS solution that provides software development and DevOps teams with a single source of truth for sourcing, storing, sharing, and deploying software components. Release your software with security and ease.
Read more about Artifactory
Snyk is a cloud-based application security and testing platform, which helps enterprises discover and fix vulnerabilities across open source libraries, containers, or codes throughout the development process. Features include runtime monitoring, reporting, exploitability indicators, alerts, and prioritization.
Read more about Snyk
Sigrid delivers a holistic SAST solution that empowers organizations to manage software security risks. By offering actionable insights, Sigrid helps companies strengthen their security defenses, streamline compliance processes, and accelerate the deployment of secure software applications.
Read more about Sigrid
For Salesforce DevOps teams, CodeScan helps businesses scan and analyze Salesforce codes, define quality and security standards, and ensure compliance with statutory guidelines across code development projects. We have 350+ rules and support all Salesforce languages and Metadata.
Read more about CodeScan
CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality.
Read more about CodeScene
SonarLint is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time.
Read more about SonarLint
Coverity is a static application security testing (SAST) solution designed to help businesses manage risks across the application portfolio, address quality defects in the software development life cycle, and maintain compliance with many coding and security standards.
Read more about Coverity
With GuardRails, you can finally feel safe on every level of your security. The platform enhances development processes and gives developers control via its layered approach that shields them from code to the cloud for complete protection against attackers.
Read more about GuardRails
Nexus Lifecycle by Sonatype is an application security and dependency management solution designed to help organizations manage open-source governance and automatically find and fix vulnerabilities across the entire software development lifecycle (SDLC). The platform enables developers to monitor security standards in the development process and...
Read more about Nexus Lifecycle
Hex-Rays develops and supports the IDA disassembler. This famous software analysis tool, which is a de-facto standard in the software security industry, is an indispensable item in the toolbox of a software analyst, security expert, software developer, or software engineer.
Read more about IDA Pro
ThunderScan by DefenseCode is a Static Application Security Testing (SAST) software that allows businesses to perform deep and extensive security analysis of various application source codes. ThunderScan can be integrated with existing CI/CD pipelines and DevOps environment, offering a platform that requires almost no user input, easy to use, and...
Read more about ThunderScan
Flawnter helps automate static application security testing to find hidden security and quality flaws at the source. Unlimited code scanning and free extensions.
Read more about Flawnter
Akto is an industry-leading solution for API discovery, API security posture management, sensitive data exposure, API security testing.
Read more about Akto
Axivion Static Code Analysis by Qt QA enhances code quality via automated analysis for C/C++, compliance, and software longevity.
Read more about Axivion Static Code Analysis