Top Free Static Application Security Testing (SAST) Software

GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process costs and decrease time to market while increasing developer productivity.

II

We can use ssh-key feature in gitlab for working in team and one can clone, pushing the project without using credentials again and again Read review

KH

I like this version control platform because it provides much features in free version too. It has many more function which are going to move to... Read review

Appknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite. We have been successfully reducing delivery timelines, manpower costs & mitigating security threats for Global Banks and Enterprises in 10 + countries.

PV

They were very professional - gave us time-lines beforehand, and stuck to them. Communication was clear and crisp Their team is very knowledgeable,... Read review

CodeScan is the leading end-to-end static code analysis solution. Our solutions are Lightning ready and are used exclusively for Salesforce, Salesforce teams, and DevOps team. We have the largest Salesforce ruleset, more than 21B line checks, and service over 150 customers around the world. Our analysis tools empower all levels of Salesforce DevOps teams with the ability to develop faster, better, cleaner, and more efficient code, while offering continuous inspection of code security and quali

Build secure applications from the start with Kiuwan Code Security, a SAST solution. Scan your application source code to detect and eliminate vulnerabilities using over 4000 constantly-updated rules based on 25 security standards, including CWE/SANS 25, OWASP Top 10, PCI DSS, HIPPA, and more. Kiuwan Code Security covers major programming languages and integrates with leading IDEs and DevOps tools. Advanced analytics provide remediation action plans for product managers and security teams with "

Platform for detecting security vulnerabilities in applications by analyzing the source code. bugScout® is the most complete and versatile SAST platform on the market for detecting application security vulnerabilities through source code analysis. Designed by ethical hackers and reputable security auditors, bugScout® follows international security rules and standards and is at the forefront of cybercrime techniques to keep customer applications safe and secure. It is multiplatform, offered On

PT Application Inspector™ (PT AI™) is a comprehensive source code analysis tool that offers protection for web applications of any scale. Its holistic approach combines the advantages of static, dynamic, and interactive analysis to maintain application security throughout every stage of development—from the very first line of code to the go-live.

Xanitizer is the essential tool for security auditors. It specializes in security analysis of web applications and also considers the behavior of the applied web frameworks. Xanitizer investigates the code of an application for security vulnerabilities and also checks the server configuration files for misconfigurations. Xanitizer can easily be integrated into the CI/CD process, automatically and regularly checking the application code to prevent that security vulnerabilities are introduced int

BH

For me, Xanitizer is my must-have to do source code analysis for Java applications. The taint analysis, based on a data flow analysis. Besides of... Read review

PVS-Studio is a tool for detecting bugs and security weaknesses in the source code of programs, written in C, C++, C# and Java. It works under 64-bit systems in Windows, Linux and macOS environments, and can analyze source code intended for 32-bit, 64-bit and embedded ARM platforms.

Focused on development teams, reshift is source code analysis tool that automates finding vulnerabilities in source code, and reduces the efforts to re-mediate them.

YAGAAN is a french startup established in 2017 and located in the Brittany Cyber Valley. In the SAST landscape, the YAG-Suite offers unique features to auditors and developers that only machine learning can bring on top of static analysis : - Smart detection of vulnerabilities - Automated qualification and hierarchization of the warnings raised by SAST, based on their likeliness to be true positives and their criticallity (individual CVSS score) - Advanced diagnostics of the detected vulnerabi