Best Static Application Security Testing (SAST) Software - Page 8

Researched and written by Lauren Worth

Static application security testing (SAST) software inspects and analyzes an application’s code to discover security vulnerabilities without actually executing code. These tools are frequently used by companies with continuous delivery practices to identify flaws prior to deployment. SAST tools provide vulnerability information and remediation suggestions for development teams to resolve. There is relation and overlap between SAST tools and static code analysis software, but SAST products are more focused on security testing. Static code analysis products, on the other hand, combine a number of analytical practices, test management, and team collaboration features.

SAST vs DAST — Learn the difference

To qualify for inclusion in the Static Application Security Testing (SAST) category, a product must:

  • Test applications to identify vulnerabilities
  • Not execute code during testing, or have the ability to run static tests
  • Provide information on relative vulnerabilities and exploits

How Many Static Application Security Testing (SAST) Software Products Does G2 Track?

Total Products under this Category: 111

Category Stats (Jun 2026)

  • Average Rating: 4.54/5 (↑0.01 vs May 2026) The average rating of products in this category, based on all submitted ratings
  • New Reviews This Quarter: 45
  • Buyer Segments: Small-Business 42% │ Mid-Market 36% │ Enterprise 22% Represents the distribution of reviewers across all products in this category.
  • Top Trending Product: Veracode Application Security Platform (+0.74%) - Among all products in this category, Veracode Application Security Platform recorded the largest rating increase compared to last month

Last updated: June 18, 2026

How Does G2 Rank Static Application Security Testing (SAST) Software Products?

Why You Can Trust G2's Software Rankings:

  • 30 Analysts and Data Experts
  • 5,200+ Authentic Reviews
  • 111+ Products
  • Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.

Featured Static Application Security Testing (SAST) Software At A Glance

Free Plan Available:
OX Security
OX Security
Sponsored
You’re seeing this ad based on the product’s relevance to this page. Sponsored content does not receive preferential treatment in any of G2’s ratings.
Leader:
GitHub
Highest Performer:
DryRun Security
Easiest to Use:
GitGuardian
Top Trending:
Aikido Security
Best Free Software:
GitHub

ThunderScan

0 ratings
Product Description

DefenseCode ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of application source code. ThunderScan® is easy

HQ Location
N/A
Company Website
https://www.defensecode.com/
LinkedIn® Page
https://www.linkedin.com/company/No-Linkedin-Presence-Added-Intentionally-By-DataOps

TrueCode

0 ratings
Product Description

TrueCode is a static application security testing solution.

Year Founded
2008
HQ Location
Scottsdale, AZ
Company Website
https://www.sitelock.com
Twitter
@SiteLock
LinkedIn® Page
https://www.linkedin.com/company/2204357/
G2 Advertising
Sponsored
G2 Advertising
Get 2x conversion than Google Ads with G2 Advertising!
G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.

TruStacks

0 ratings
Product Description

TruStacks is a software delivery engine that offers standardized, efficient DevOps workflows to help teams ship products faster and more frequently.

Year Founded
2012
HQ Location
Wake Forest, US
Company Website
https://cornerstonets.io/
LinkedIn® Page
https://www.linkedin.com/company/cornerstone-technical-solutions-llc

we45

0 ratings
Product Description

AppSec Testing(AST) - Whatever your motivation, a proactive security push or a compliance compulsion, our AST service can help keep your application secure against external threats. Security Automati

Year Founded
2019
HQ Location
San Jose, US
Company Website
https://www.we45.com
LinkedIn® Page
https://www.linkedin.com/company/1155059

YAG-Suite

0 ratings
Product Description

YAGAAN is a french startup established in 2017 and located in the Brittany Cyber Valley. In the SAST landscape, the YAG-Suite offers unique features to auditors and developers that only machine learn

Year Founded
2010
HQ Location
Paris, FR
Company Website
https://yagaan.com/en/
LinkedIn® Page
https://linkedin.com/company/pradeo-security-systems

ZeroNorth

0 ratings
Product Description

Continuous security delivery fabric for modern enterprise infrastructure.

Year Founded
2015
HQ Location
Boston, US
Company Website
https://www.zeronorth.io
LinkedIn® Page
https://www.linkedin.com/company/10284735/admin/