|| products.size
Researched and written by Lauren WorthShow LessShow More
2,612,256 Twitter followers
6,177 Twitter followers
445,038 Twitter followers
1,087 Twitter followers
503 Twitter followers
19,654 Twitter followers
2,568 Twitter followers
7,213 Twitter followers
167,723 Twitter followers
10,279 Twitter followers
22,849 Twitter followers
22,567 Twitter followers
3,487 Twitter followers
Best Static Application Security Testing (SAST) Software
LW
Static application security testing (SAST) software inspects and analyzes an application’s code to discover security vulnerabilities without actually executing code. These tools are frequently used by companies with continuous delivery practices to identify flaws prior to deployment. SAST tools provide vulnerability information and remediation suggestions for development teams to resolve. There is relation and overlap between SAST tools and static code analysis software, but SAST products are more focused on security testing. Static code analysis products, on the other hand, combine a number of analytical practices, test management, and team collaboration features.
SAST vs DAST — Learn the difference
To qualify for inclusion in the Static Application Security Testing (SAST) category, a product must:
Test applications to identify vulnerabilities
Not execute code during testing, or have the ability to run static tests
Provide information on relative vulnerabilities and exploits
Best Static Application Security Testing (SAST) Software At A Glance
Best for Small Businesses:
Best for Mid-Market:
Best for Enterprise:
Highest User Satisfaction:
Best Free Software:
G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
By GitHub
(2,194)4.7 out of 5
2nd Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for GitHub
Entry Level Price:Free
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
GitHub is where the world builds software. Millions of individuals, organizations and businesses around the world use GitHub to discover, share, and contribute software. Developers at startups to Fort
Users
- Software Engineer
- Senior Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 46% Small-Business
- 31% Mid-Market
GitHub Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Features
135
Ease of Use
121
Collaboration
112
Team Collaboration
108
Version Control
96
Cons
Learning Curve
43
Learning Difficulty
38
Complexity
36
Difficulty for Beginners
33
Limited Features
31
GitHub features and usability ratings that predict user satisfaction
8.2
Test Automation
Average: 8.7
8.9
Has the product been a good partner in doing business?
Average: 9.1
8.7
Quality of Support
Average: 9.2
8.0
Black-Box Scanning
Average: 8.2
Seller Details
Twitter
@github2,612,256 Twitter followers
By GitGuardian
(211)4.8 out of 5
1st Easiest To Use in Static Application Security Testing (SAST) software
Entry Level Price:Free
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
The new ways of building software create the necessity to support new vulnerabilities and new remediation workflows. These needs have emerged so abruptly that they have given rise to a young and highl
Users
- Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 83% Small-Business
- 12% Mid-Market
GitGuardian Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Security
65
Alert Notifications
55
Vulnerability Detection
42
Git Integration
31
Ease of Use
29
Cons
False Positives
18
Inefficient Notifications
10
Poor Interface
10
Poor User Interface
8
Excessive Notifications
7
GitGuardian features and usability ratings that predict user satisfaction
8.3
Test Automation
Average: 8.7
8.8
Has the product been a good partner in doing business?
Average: 9.1
9.2
Quality of Support
Average: 9.2
9.0
Black-Box Scanning
Average: 8.2
Seller Details
Twitter
@GitGuardian6,177 Twitter followers
(76)4.1 out of 5
11th Easiest To Use in Static Application Security Testing (SAST) software
Entry Level Price:Free
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint
Users
No information available
Industries
- Information Technology and Services
- Computer & Network Security
Market Segment
- 54% Enterprise
- 28% Small-Business
HCL AppScan Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Ease of Use
13
Scanning Efficiency
13
Security
12
Vulnerability Detection
11
Accuracy of Findings
8
Cons
Expensive
8
Scanning Issues
6
Complexity
5
Slow Scanning
4
Difficult Setup
3
HCL AppScan features and usability ratings that predict user satisfaction
8.4
Test Automation
Average: 8.7
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.5
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
Seller Details
Twitter
@hcltech445,038 Twitter followers
Ownership
NSE - National Stock Exchange of India
By OX Security
(48)4.8 out of 5
3rd Easiest To Use in Static Application Security Testing (SAST) software
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Security should be an integral part of the software development process, not an afterthought. Founded by Neatsun Ziv and Lion Arzi, two former Check Point executives, OX is the first and only Active A
Users
- Security Engineer
Industries
- Financial Services
- Information Technology and Services
Market Segment
- 63% Mid-Market
- 27% Enterprise
OX Security Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Features
26
Ease of Use
23
Customer Support
21
Integration Support
21
Security
21
Cons
Missing Features
10
Limited Features
7
Integration Issues
6
Complexity
5
Inadequate Reporting
5
OX Security features and usability ratings that predict user satisfaction
7.3
Test Automation
Average: 8.7
9.7
Has the product been a good partner in doing business?
Average: 9.1
9.6
Quality of Support
Average: 9.2
7.9
Black-Box Scanning
Average: 8.2
Seller Details
Seller
OX SecurityYear Founded
2021HQ Location
New York, USA
(41)4.7 out of 5
Optimized for quick response
5th Easiest To Use in Static Application Security Testing (SAST) software
Entry Level Price:Free
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Aikido is an application security (AppSec) platform specifically designed for developers who prioritize their coding tasks over managing security alerts. Our innovative solution consolidates nine esse
Users
No information available
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 76% Small-Business
- 24% Mid-Market
Aikido Security Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Ease of Use
28
Security
25
Easy Integrations
19
Easy Setup
17
Customer Support
15
Cons
Missing Features
8
Improvement Needed
6
Lacking Features
6
Lack of Information
6
Limited Features
6
Aikido Security features and usability ratings that predict user satisfaction
8.3
Test Automation
Average: 8.7
9.6
Has the product been a good partner in doing business?
Average: 9.1
9.6
Quality of Support
Average: 9.2
9.6
Black-Box Scanning
Average: 8.2
Seller Details
HQ Location
Ghent, BelgiumTwitter
@AikidoSecurity1,087 Twitter followers
By jit
(29)4.6 out of 5
Optimized for quick response
6th Easiest To Use in Static Application Security Testing (SAST) software
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Jit's Open ASPM Platform is the easiest way to secure your code and cloud, providing full application and cloud security coverage in minutes. Tailor a developer security toolchain to your use case and
Users
No information available
Industries
- Computer Software
Market Segment
- 59% Mid-Market
- 41% Small-Business
Jit Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Ease of Use
19
Security
14
Integration Support
13
Customer Support
12
Easy Integrations
10
Cons
Poor User Interface
5
Integration Issues
4
Limited Cloud Integration
4
False Positives
3
Lacking Features
3
Jit features and usability ratings that predict user satisfaction
9.1
Test Automation
Average: 8.7
9.8
Has the product been a good partner in doing business?
Average: 9.1
9.6
Quality of Support
Average: 9.2
8.5
Black-Box Scanning
Average: 8.2
Seller Details
HQ Location
Boston, MATwitter
@jit_io503 Twitter followers
Entry Level Price:Free
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer securit
Users
- Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 42% Mid-Market
- 38% Small-Business
Snyk Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Easy Integrations
6
Integration Support
4
Ease of Use
3
Git Integration
3
Integrations
3
Cons
False Positives
3
Pricing Issues
3
Complex Configuration
2
Dashboard Issues
2
Expensive
2
Snyk features and usability ratings that predict user satisfaction
7.9
Test Automation
Average: 8.7
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.6
Quality of Support
Average: 9.2
6.4
Black-Box Scanning
Average: 8.2
Seller Details
Seller
SnykHQ Location
Boston, MassachusettsTwitter
@snyksec19,654 Twitter followers
(59)4.6 out of 5
Optimized for quick response
4th Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for Invicti (formerly Netsparker)
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Invicti is an automated application and API security testing solution that allows enterprise organizations to secure thousands of websites, web apps, and APIs and dramatically reduce the risk of attac
Users
No information available
Industries
- Financial Services
- Information Technology and Services
Market Segment
- 49% Enterprise
- 25% Small-Business
Invicti (formerly Netsparker) Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Customer Support
4
Ease of Use
4
Vulnerability Detection
4
Vulnerability Identification
4
Accuracy of Results
3
Cons
API Issues
1
Inadequate Testing
1
Limited Testing Capabilities
1
Scanning Issues
1
Slow Performance
1
Invicti (formerly Netsparker) features and usability ratings that predict user satisfaction
0.0
No information available
9.7
Has the product been a good partner in doing business?
Average: 9.1
9.2
Quality of Support
Average: 9.2
0.0
No information available
Seller Details
HQ Location
Austin, TexasTwitter
@InvictiSecurity2,568 Twitter followers
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Checkmarx is constantly pushing the boundaries of Application Security (AppSec) Testing to make security seamless and simple for the world’s developers while giving CISOs the confidence and control th
Users
No information available
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 57% Enterprise
- 26% Mid-Market
Checkmarx Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Features
3
CD Integration
2
CI
2
Ease of Use
2
User Interface
2
Cons
Difficult Customization
1
Expensive
1
False Positives
1
Poor Customer Support
1
Poor Navigation
1
Checkmarx features and usability ratings that predict user satisfaction
8.3
Test Automation
Average: 8.7
8.3
Has the product been a good partner in doing business?
Average: 9.1
8.3
Quality of Support
Average: 9.2
5.6
Black-Box Scanning
Average: 8.2
Seller Details
Twitter
@Checkmarx7,213 Twitter followers
By GitLab Inc.
(823)4.5 out of 5
Optimized for quick response
10th Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for GitLab
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab
Users
- Software Engineer
- Senior Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 37% Small-Business
- 37% Mid-Market
GitLab Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Ease of Use
70
Features
64
Deployment
45
Version Control
45
Repository Management
44
Cons
Complexity
25
Confusing Interface
20
Learning Curve
20
Missing Features
20
Limited Features
19
GitLab features and usability ratings that predict user satisfaction
8.9
Test Automation
Average: 8.7
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.5
Quality of Support
Average: 9.2
8.6
Black-Box Scanning
Average: 8.2
Seller Details
HQ Location
San Francisco, CaliforniaTwitter
@gitlab167,723 Twitter followers
Entry Level Price:Free
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
SonarQube Server (formerly SonarQube) is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps
Users
- Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 44% Enterprise
- 36% Mid-Market
SonarQube Server (formerly SonarQube) Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Code Quality
19
Features
17
Ease of Use
12
Issue Identification
12
Integrations
10
Cons
Limited Features
10
Complex Configuration
7
Complex Setup
7
Expensive
7
Integration Issues
6
SonarQube Server (formerly SonarQube) features and usability ratings that predict user satisfaction
6.3
Test Automation
Average: 8.7
8.3
Has the product been a good partner in doing business?
Average: 9.1
8.0
Quality of Support
Average: 9.2
7.6
Black-Box Scanning
Average: 8.2
Seller Details
HQ Location
Geneva, SwitzerlandTwitter
@SonarSource10,279 Twitter followers
By Synopsys
(56)4.2 out of 5
15th Easiest To Use in Static Application Security Testing (SAST) software
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Coverity® is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life
Users
- Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 64% Enterprise
- 27% Mid-Market
Coverity Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Accuracy
1
Vulnerability Detection
1
Cons
Limited Features
1
Missing Features
1
Poor Customer Support
1
Coverity features and usability ratings that predict user satisfaction
8.5
Test Automation
Average: 8.7
8.1
Has the product been a good partner in doing business?
Average: 9.1
8.6
Quality of Support
Average: 9.2
8.8
Black-Box Scanning
Average: 8.2
Seller Details
Twitter
@synopsys22,849 Twitter followers
Ownership
NASDAQ:SNPS
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a
Users
No information available
Industries
- Information Technology and Services
Market Segment
- 75% Enterprise
- 29% Mid-Market
Veracode Application Security Platform Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Security
3
Vulnerability Detection
3
Accuracy of Findings
2
Detailed Information
2
Accuracy
1
Cons
Expensive
2
Lack of Information
2
Licensing Issues
2
Pricing Issues
2
Complexity
1
Veracode Application Security Platform features and usability ratings that predict user satisfaction
9.2
Test Automation
Average: 8.7
7.9
Has the product been a good partner in doing business?
Average: 9.1
8.0
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
Seller Details
Twitter
@Veracode22,567 Twitter followers
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
DerScanner is a complete application security testing solution to eliminate known and unknown code threats across Software Development Lifecycle. DerScanner static code analysis offers developers the
Users
No information available
Industries
- Information Technology and Services
Market Segment
- 58% Small-Business
- 42% Mid-Market
DerScanner Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Vulnerability Detection
8
Security
7
Accuracy of Results
5
Ease of Use
5
Detection Efficiency
4
Cons
Difficult Setup
2
Learning Difficulty
2
Overwhelming Interface
2
Complex Configuration
1
Complexity
1
DerScanner features and usability ratings that predict user satisfaction
9.4
Test Automation
Average: 8.7
0.0
No information available
10.0
Quality of Support
Average: 9.2
10.0
Black-Box Scanning
Average: 8.2
Seller Details
Seller
DerSecurYear Founded
2019HQ Location
Dubai, United Arab Emirates
Entry Level Price:$40.00
- Overview
- Pros and Cons
- User Satisfaction
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Semgrep is a highly customizable application security platform built for security engineers and developers. Semgrep scans first and third-party code to find security issues unique to an organization,
Users
No information available
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 58% Mid-Market
- 29% Enterprise
Semgrep Pros and Cons
How are these determined?
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Custom Rules
4
Features
4
Automated Scanning
3
Ease of Use
3
Easy Integrations
3
Cons
Scanning Issues
3
False Positives
2
Inaccuracy
2
Bug Issues
1
Dependency Issues
1
Semgrep features and usability ratings that predict user satisfaction
9.2
Test Automation
Average: 8.7
9.5
Has the product been a good partner in doing business?
Average: 9.1
9.2
Quality of Support
Average: 9.2
7.0
Black-Box Scanning
Average: 8.2
Seller Details
Twitter
@semgrep3,487 Twitter followers
Similar Categories
Hunting for software insights?
With over 2.5 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
or continue with
Gmail.com addresses not permitted. A business domain using Google is allowed.
By proceeding, you agree to our Terms of Use and Privacy Policy