Dynamic Application Security Testing (DAST) Software Resources

Hey everyone,

I’ve been helping a few DevSecOps teams evaluate tools that combine DAST and SAST to cover both code-level and runtime vulnerabilities within one workflow. I pulled insights from G2’s Dynamic Application Security Testing (DAST) grid and cross-referenced them with platforms offering static code analysis to see which ones are best for integrated security testing.

Here are the top tools to look at:

• Tenable Nessus: strong DAST foundation and integrates well with static analysis tools; ideal for teams building unified vulnerability workflows.
• Jit: DevSecOps-first platform that combines continuous DAST with developer-centric SAST, giving a full picture of vulnerabilities across the SDLC.
• Aikido Security: newer but well-rated for blending SAST, SCA, and DAST into a single automated security workflow.
• Akto: primarily API-focused, but integrates both DAST scanning and static rule checks for continuous validation.
• Astra Pentest: supports both dynamic and static testing with automated scanning and manual validation options.

I based this on G2 satisfaction and feature data, focusing on tools that bridge code security (SAST) and runtime security (DAST) for CI/CD environments.

Also hearing Checkmarx One and GitLab Ultimate mentioned frequently for combining static and dynamic testing — anyone here using those?

Hey everyone,

I’ve been helping a few DevSecOps teams evaluate DAST (Dynamic Application Security Testing) tools that fit directly into CI/CD pipelines — automating security scans as part of continuous integration rather than after deployment. I looked into G2’s latest DAST Software Grid to see which tools rank highest for real-time integration, usability, and overall satisfaction.

Here are the top five (based on G2 score):

• Tenable Nessus: leading the pack with a strong market presence; reliable for vulnerability scanning across environments and integrates well into CI/CD pipelines.
• Jit: high satisfaction scores (89%) and designed for DevSecOps-first workflows; fits seamlessly into CI/CD for automated testing and continuous monitoring.
• Aikido Security: newer but gaining traction quickly; praised for simplicity and automated scanning within development workflows.
• Akto: developer-friendly API security testing with smooth integration into CI pipelines; good balance of accuracy and speed.
• Astra Pentest: ideal for teams that need automated and manual testing combined; integrates into CI/CD and provides detailed vulnerability reports.

I based this on G2 satisfaction and G2 score data, focusing on platforms with proven integrations for continuous security testing. If your team’s goal is to catch vulnerabilities earlier in the release cycle, these five stand out for balancing accuracy, automation, and developer experience. My ask to the community: Of these, which DAST tools have actually fit smoothly into your CI/CD pipelines without slowing down builds or flooding you with false positives? Would love to hear from you!

What is Checkmarx used for?