Free Static Application Security Testing (SAST) Software
GetApp offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links.
Learn more
Here's our list of apps for Static Application Security Testing (SAST) Software. Filters help you narrow down the results to find exactly what you’re looking for.
Filter by
Pricing model
Devices supported
Business size
Countries available
Countries where the product is available. Note: Customer support may not be accessible in that country.
Languages
Languages that the product is available in.
Sort by
34 Software options
GitHub is a place to share code with friends, co-workers, classmates, and complete strangers, helping individuals and teams to write faster, better code
Read more about GitHub
GitLab is an integrated, open source DevOps lifecycle management platform for software development teams to plan, code, test, deploy & monitor product changes
Read more about GitLab
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines.
Read more about SonarQube
Dynatrace Ruixt is an all-in-one application performance monitoring
Read more about Dynatrace
Kiuwan is an end-to-end application security platform supporting 30+ languages with SAST, SCA, & QA. Kiuwan integrates with IDEs for direct analysis, offers tailored reports, and meets NIST, CWE, & OWASP standards.
Manage open source components and secure your projects confidently with Kiuwan.
Read more about Kiuwan
Acunetix (by Invicti) is a cyber security solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites to detect vulnerabilities such as XSS, SQL Injection, and more.
Read more about Acunetix
Invicti, formerly Netsparker, web application security scanning solution automatically identifies XSS, SQL Injection and other vulnerabilities in websites, web applications and web services and lets enterprise-class businesses automate and scale their web security program.
Read more about Invicti
JFrog Artifactory is a binary repository management SaaS solution that provides software development and DevOps teams with a single source of truth for sourcing, storing, sharing, and deploying software components. Release your software with security and ease.
Read more about Artifactory
Snyk is a cloud-based application security and testing platform, which helps enterprises discover and fix vulnerabilities across open source libraries, containers, or codes throughout the development process. Features include runtime monitoring, reporting, exploitability indicators, alerts, and prioritization.
Read more about Snyk
For Salesforce DevOps teams, CodeScan helps businesses scan and analyze Salesforce codes, define quality and security standards, and ensure compliance with statutory guidelines across code development projects. We have 350+ rules and support all Salesforce languages and Metadata.
Read more about CodeScan
BuildPiper is a product by OpsTree Labs, which is an end-to-end Kubernetes and microservices Delivery Platform. It is a hybrid cloud-enabled system that facilitates the deployment of dockerized code across multiple environments.
Read more about BuildPiper
CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality.
Read more about CodeScene
DeepSource is the code health platform that all tools needed to write maintainable and secure code to improve software's stability and increase developer velocity.
Read more about DeepSource
Klocwork is a web-based static code analysis software designed to help businesses identify and manage software security and quality in compliance with regulatory guidelines. It lets DevOps teams detect various security vulnerabilities including tainted data, SQL injection, vulnerable coding practices, buffer overflow, and more.
Read more about Klocwork
Alteon is a cloud-based application delivery and security solution that helps businesses of all sizes manage application traffic across cloud and data center locations, optimizing application performance. It integrates various application protection services and generates analytics to monitor service level agreements (SLAs) and threats.
Read more about Radware Alteon
Bytesafe is a firewall for dependencies. Using the source code and vulnerability management platform, businesses can protect applications, stay in control and keep unwanted dependencies out of the organization.
Read more about Bytesafe
SonarLint is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time.
Read more about SonarLint
SonarCloud is a cloud based (SaaS) static code analysis solution that can be used by dev teams to ensure code quality and security.
Read more about SonarCloud
Aikido Security secures your source code by combining different scanning capabilities. SAST, DAST, IAC, SCA, SCPM, Container Scanning, Dependencies Scanning & Secrets detection, all in one tool.
Read more about Aikido Security
With GuardRails, you can finally feel safe on every level of your security. The platform enhances development processes and gives developers control via its layered approach that shields them from code to the cloud for complete protection against attackers.
Read more about GuardRails
Nexus Lifecycle by Sonatype is an application security and dependency management solution designed to help organizations manage open-source governance and automatically find and fix vulnerabilities across the entire software development lifecycle (SDLC). The platform enables developers to monitor security standards in the development process and...
Read more about Nexus Lifecycle
Apiiro is re-inventing the secure development lifecycle for agile and cloud-native development. It helps businesses transform application security into multidimensional application risk.
Read more about Apiiro
Xygeni offers complete visibility, enabling a systematic process for assessing the risks associated with the SSC, identifying and prioritizing the most critical components, evaluating and improving their global and detailed security posture at an effective and efficient effort, time and cost.
Read more about Xygeni Security
OX Security is a cloud security platform that helps small to large businesses in technology, banking, financial services, and other sectors protect their organization from advanced cyber threats. The platform provides real-time threat detection and response capabilities, giving administrators the ability to gain insights into their network so they...
Read more about OX Security
esChecker is a powerful tool that automatically test that the security implemented in the mobile application responds perfectly to the attacks it may suffer. The big highlight of esChecker comes from all the dynamic tests (DAST) that are offered.
Read more about esChecker