Introducing G2.ai, the future of software buying.Try now
Top Free Static Application Security Testing (SAST) Software
Check out our list of free Static Application Security Testing (SAST) Software. Products featured on this list are the ones that offer a free trial version. As with most free versions, there are limitations, typically time or features.
If you'd like to see more products and to evaluate additional feature options, compare all Static Application Security Testing (SAST) Software to ensure you get the right product.
View Free Static Application Security Testing (SAST) Software
G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
40 Static Application Security Testing (SAST) Products Available
(2,293)4.7 out of 5
3rd Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for GitHub
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
GitHub is where the world builds software. Millions of individuals, organizations and businesses around the world use GitHub to discover, share, and contribute software. Developers at startups to Fort
Users
- Software Engineer
- Senior Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 46% Small-Business
- 30% Mid-Market
GitHub features and usability ratings that predict user satisfaction
8.8
Test Automation
Average: 8.6
8.9
Has the product been a good partner in doing business?
Average: 9.1
8.8
Quality of Support
Average: 9.2
8.8
Black-Box Scanning
Average: 8.2
BN
1) Seamless Collaboration – Pull requests, code reviews, and discussions make teamwork easy and transparent.
2) Version Control with Git –... Read review
JP
As a developer is my lifeline with tracking every changes with my code, exceptional repository, seamless collaboration and best there is with... Read review
Seller Details
Twitter
@github2,605,422 Twitter followers
(870)4.5 out of 5
Optimized for quick response
5th Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for GitLab
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab
Users
- Software Engineer
- Senior Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 37% Mid-Market
- 37% Small-Business
GitLab features and usability ratings that predict user satisfaction
9.1
Test Automation
Average: 8.6
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.5
Quality of Support
Average: 9.2
8.8
Black-Box Scanning
Average: 8.2
VP
Easy to build and deploy code, highly secure environment Read review
KK
1. Seamlessly store code online with versioning, building code running various CI/CD pipelines.
2. Ease of access due to clean User interface.
3.... Read review
Seller Details
HQ Location
San Francisco, CaliforniaTwitter
@gitlab169,255 Twitter followers
Sponsored
G2 Advertising
Get 2x conversion than Google Ads with G2 Advertising!
G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.
(248)4.8 out of 5
2nd Easiest To Use in Static Application Security Testing (SAST) software
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
GitGuardian is an end-to-end NHI security platform designed to help organizations strengthen their Non-Human Identity (NHI) security posture and address compliance standards and regulations. As attack
Users
- Software Engineer
- Student
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 84% Small-Business
- 12% Mid-Market
GitGuardian features and usability ratings that predict user satisfaction
8.3
Test Automation
Average: 8.6
8.9
Has the product been a good partner in doing business?
Average: 9.1
9.2
Quality of Support
Average: 9.2
9.0
Black-Box Scanning
Average: 8.2
AL
It really saved me a ton you maybe think exposing .env secret environmental variable could never happens to me I'm a great developer but really it... Read review
RS
Alerts. GitGuardian has been saving my careless self from incurring unsolicited cost on APIs. Alerts when secrets are leaked are timely and provide... Read review
Seller Details
HQ Location
Paris, Île-de-FranceTwitter
@GitGuardian6,052 Twitter followers
(122)4.6 out of 5
Optimized for quick response
1st Easiest To Use in Static Application Security Testing (SAST) software
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido hel
Users
- CTO
- Founder
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 75% Small-Business
- 18% Mid-Market
Aikido Security features and usability ratings that predict user satisfaction
8.1
Test Automation
Average: 8.6
9.4
Has the product been a good partner in doing business?
Average: 9.1
9.4
Quality of Support
Average: 9.2
8.2
Black-Box Scanning
Average: 8.2
LJ
low noise, work done, nice UI, decent pricing ! :) Read review
UC
Automatic code checks that look for vulnerabilities and provide suggestions for changes. Read review
Seller Details
HQ Location
Ghent, BelgiumTwitter
@AikidoSecurity4,163 Twitter followers
(126)4.5 out of 5
10th Easiest To Use in Static Application Security Testing (SAST) software
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
SonarQube is the industry leader in automated code review, serving as the verification layer for code quality and security in the AI-powered SDLC. SonarQube ensures all code—whether written by develop
Users
- Software Engineer
- DevOps Engineer
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 42% Enterprise
- 40% Mid-Market
SonarQube features and usability ratings that predict user satisfaction
6.0
Test Automation
Average: 8.5
8.4
Has the product been a good partner in doing business?
Average: 9.1
8.2
Quality of Support
Average: 9.2
6.8
Black-Box Scanning
Average: 8.2
AH
- We are using a self hosted SonarQube server - hosting and upgrading our instance is a relatively painless process. The online documentation is... Read review
MT
I use SonarQube mainly for analyzing C, C++ and Python programming languages, and that's why I need a SonarQube developer license. The $160 I spent... Read review
Seller Details
HQ Location
Geneva, SwitzerlandTwitter
@SonarSource10,883 Twitter followers
(76)4.1 out of 5
14th Easiest To Use in Static Application Security Testing (SAST) software
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint
Users
No information available
Industries
- Information Technology and Services
- Computer & Network Security
Market Segment
- 54% Enterprise
- 28% Small-Business
HCL AppScan features and usability ratings that predict user satisfaction
8.4
Test Automation
Average: 8.5
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.5
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
BA
One of the best tools for app security. Easy to use and good documentation. Read review
AC
trustful assessment
easy to use
automatic scans Read review
Seller Details
Twitter
@hcltech426,136 Twitter followers
Ownership
NSE - National Stock Exchange of India
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Mend.io offers the first AI native application security platform, empowering organizations to build and run a proactive AppSec program tuned for AI powered development. The unified platform secures AI
Users
- Software Engineer
Industries
- Computer Software
- Information Technology and Services
Market Segment
- 38% Small-Business
- 34% Mid-Market
Mend.io features and usability ratings that predict user satisfaction
7.2
Test Automation
Average: 8.5
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.7
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
VS
Interface and flow of the application.Also the simplicity Read review
MT
The best thing is the security and easy to use. The mend bot offers couple of qualities to protect your projects against several security protocols... Read review
Seller Details
HQ Location
Boston, MassachusettsTwitter
@Mend_io11,355 Twitter followers
(43)4.5 out of 5
12th Easiest To Use in Static Application Security Testing (SAST) software
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Appknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite. We have been successfully reducing
Users
No information available
Industries
- Information Technology and Services
- Financial Services
Market Segment
- 40% Small-Business
- 37% Mid-Market
Appknox features and usability ratings that predict user satisfaction
8.6
Test Automation
Average: 8.5
9.8
Has the product been a good partner in doing business?
Average: 9.1
9.2
Quality of Support
Average: 9.2
9.2
Black-Box Scanning
Average: 8.2
AH
Great customer service and responsive and communicative account manager and testing team Read review
IC
Easy to learn. Easy to use, especially within non-technical teams. Read review
Seller Details
Twitter
@appknox3,077 Twitter followers
(51)4.8 out of 5
8th Easiest To Use in Static Application Security Testing (SAST) software
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform.
Users
- Security Engineer
Industries
- Financial Services
- Information Technology and Services
Market Segment
- 63% Mid-Market
- 25% Enterprise
OX Security features and usability ratings that predict user satisfaction
7.3
Test Automation
Average: 8.5
9.7
Has the product been a good partner in doing business?
Average: 9.1
9.6
Quality of Support
Average: 9.2
7.7
Black-Box Scanning
Average: 8.2
EA
As one of OX Security's first customers, I was searching for an effective solution to upscale Upstream Security's application security stack. I... Read review
UI
Best Free Solution for private users who want to check their repos. Read review
Seller Details
Seller
OX SecurityYear Founded
2021HQ Location
New York, USA
(54)4.6 out of 5
4th Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for Semgrep
Entry Level Price:Starting at $40.00
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysi
Users
No information available
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 46% Enterprise
- 41% Mid-Market
Semgrep features and usability ratings that predict user satisfaction
9.2
Test Automation
Average: 8.5
9.6
Has the product been a good partner in doing business?
Average: 9.1
8.8
Quality of Support
Average: 9.2
7.5
Black-Box Scanning
Average: 8.2
AF
Easy to add custom rules (e.g. by using the online rule editor). Also, Semgrep App has some nice, convenient features (like private rule repository). Read review
AI
The Semgrep supply chain is a boon for application and product security teams. Backed by the already solid Semgrep engine, it can quickly surface... Read review
Seller Details
HQ Location
San Francisco, USTwitter
@semgrep4,138 Twitter followers
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Checkmarx is the leader in agentic application security, delivering enterprise-grade protection while lowering engineering costs and accelerating development velocity. The Checkmarx One platform scans
Users
No information available
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 58% Enterprise
- 25% Mid-Market
Checkmarx features and usability ratings that predict user satisfaction
8.3
Test Automation
Average: 8.5
8.3
Has the product been a good partner in doing business?
Average: 9.1
8.3
Quality of Support
Average: 9.2
5.6
Black-Box Scanning
Average: 8.2
AR
Static analysis & Apex Overview of unpackaged code Read review
HB
Our choice of Checkmarx as a static code audit tool was done after a long reflection. the richness in terms of languages and the customization of... Read review
Seller Details
Twitter
@Checkmarx7,194 Twitter followers
(28)4.6 out of 5
13th Easiest To Use in Static Application Security Testing (SAST) software
Entry Level Price:Free
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Codacy is the only DevSecOps platform that delivers plug-and-play code health and security scanning for AI and human generated code. Future-proof your software – from source code to runtime – without
Users
No information available
Industries
- Computer Software
Market Segment
- 61% Small-Business
- 21% Mid-Market
Codacy features and usability ratings that predict user satisfaction
0.0
No information available
9.1
Has the product been a good partner in doing business?
Average: 9.1
9.2
Quality of Support
Average: 9.2
0.0
No information available
MP
Codacy is fantastic! I absolutely love the UI/UX. The great amount of customizations around rules for code review. Great language support. Love the... Read review
UC
Codacy had great git and github integration for projects and even user accounts, simple and really easy to use web interface with no clutter and... Read review
Seller Details
Twitter
@codacy5,046 Twitter followers
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
CodeScan Shield addresses code quality, security, and compliance liabilities with two automated modules: CodeScan and OrgScan. CodeScan provides static code analysis for total visibility into code h
Users
No information available
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 44% Enterprise
- 38% Mid-Market
CodeScan features and usability ratings that predict user satisfaction
7.3
Test Automation
Average: 8.5
9.2
Has the product been a good partner in doing business?
Average: 9.1
9.0
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
CC
It finds the right bugs , it does the job well with less average cost.
With regular updates on new features makes it more adaptive and easy to use... Read review
MK
It's reducing potential bugs and other issues and make monitoring much easier, you should make your developers work with this tool and you catch... Read review
Seller Details
Twitter
@autorabit1,244 Twitter followers
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented thr
Users
No information available
Industries
- Insurance
- Information Technology and Services
Market Segment
- 67% Enterprise
- 20% Mid-Market
Contrast Security features and usability ratings that predict user satisfaction
8.3
Test Automation
Average: 8.5
9.0
Has the product been a good partner in doing business?
Average: 9.1
9.3
Quality of Support
Average: 9.2
9.0
Black-Box Scanning
Average: 8.2
EI
Contrast delivers easy and fast vulnerability data about our applications (IDE environments) that continues through production with the RASP... Read review
DK
It's free to some extent
Fast then most security scanners Read review
Seller Details
HQ Location
Pleasanton, CATwitter
@contrastsec5,509 Twitter followers
Entry Level Price:Starting at $150.00
- Overview
- User Satisfaction
- What G2 Users Think
- Seller Details
Product Description
How are these determined?
This description is provided by the seller.
JFrog Ltd. (Nasdaq: FROG) is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain P
Users
- Software Engineer
- DevOps Engineer
Industries
- Information Technology and Services
- Computer Software
Market Segment
- 56% Enterprise
- 35% Mid-Market
JFrog features and usability ratings that predict user satisfaction
0.0
No information available
8.5
Has the product been a good partner in doing business?
Average: 9.1
8.4
Quality of Support
Average: 9.2
0.0
No information available
PK
I have used both JFrog and Nexus, plus a couple of other ones as artifactory-store. Jfrog offers more than an artifactory, and includes Docker... Read review
VS
Today supporting Docker and Helm for your Kubernetes deployments.
Use it as your Docker registry to easily manage and deploy your Docker... Read review
Seller Details
HQ Location
Sunnyvale, CATwitter
@jfrog23,141 Twitter followers
Hunting for software insights?
With over 3 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
