Top Free Static Application Security Testing (SAST) Software

Check out our list of free Static Application Security Testing (SAST) Software. Products featured on this list are the ones that offer a free trial version. As with most free versions, there are limitations, typically time or features.

If you'd like to see more products and to evaluate additional feature options, compare all Static Application Security Testing (SAST) Software to ensure you get the right product.

View Free Static Application Security Testing (SAST) Software

G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
41 Static Application Security Testing (SAST) Products Available
View all Static Application Security Testing (SAST) Software
View all Static Application Security Testing (SAST) Software

GitHub

(2,342)4.7 out of 5
Entry Level Price:Free
3rd Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for GitHub
OverviewUser Satisfaction
Product Description

GitHub is where the world builds software. Millions of individuals, organizations and businesses around the world use GitHub to discover, share, and contribute software. Developers at startups to Fort

Users: Software Engineer, Senior Software Engineer · Industries: Computer Software, Information Technology and Services · Market Segment: 46% Small-Business, 31% Mid-Market
User SatisfactionWhat G2 Users Think
GitHub features and usability ratings that predict user satisfaction
8.4
Test Automation
Average: 8.6
8.9
Has the product been a good partner in doing business?
Average: 9.1
8.7
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Adarsh K.
AK
It is powerful collaboration and version control features. It makes code management, pull reques, issue tracking, and team collaboration very... Read review
Javier C.
JC
You can submit code easier and with out problems Read review
Seller Details
Year Founded
2008
HQ Location
San Francisco, CA
Company Website
https://github.com
Twitter
@github
LinkedIn® Page
https://www.linkedin.com/company/1418841/

GitLab

(889)4.5 out of 5
5th Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for GitLab
OverviewUser Satisfaction
Product Description

GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab

Users: Software Engineer, Senior Software Engineer · Industries: Computer Software, Information Technology and Services · Market Segment: 37% Mid-Market, 37% Small-Business
User SatisfactionWhat G2 Users Think
GitLab features and usability ratings that predict user satisfaction
9.2
Test Automation
Average: 8.6
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.5
Quality of Support
Average: 9.2
8.8
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Verified User in Marketing and Advertising
UM
The ability to self-host is a big plus. Although it lacks some features, it still provides cost savings and gives us additional control. CI/CD... Read review
Claudio G.
CG
GitLab is an all-in-one DevOps platform that truly stands out. Having version control, CI/CD pipelines, issue tracking, container registry, and... Read review
Seller Details
Year Founded
2014
HQ Location
San Francisco, California
Company Website
https://about.gitlab.com/
Twitter
@gitlab
LinkedIn® Page
https://www.linkedin.com/company/5101804/
G2 Advertising
Sponsored
G2 Advertising
Get 2x conversion than Google Ads with G2 Advertising!
G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.

GitGuardian

(259)4.8 out of 5
Entry Level Price:Free
1st Easiest To Use in Static Application Security Testing (SAST) software
OverviewUser Satisfaction
Product Description

GitGuardian is an end-to-end NHI security platform designed to help organizations strengthen their Non-Human Identity (NHI) security posture and address compliance standards and regulations. As attack

Users: Software Engineer, Software Developer · Industries: Computer Software, Information Technology and Services · Market Segment: 84% Small-Business, 12% Mid-Market
User SatisfactionWhat G2 Users Think
GitGuardian features and usability ratings that predict user satisfaction
8.3
Test Automation
Average: 8.6
8.9
Has the product been a good partner in doing business?
Average: 9.1
9.2
Quality of Support
Average: 9.2
9.0
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Ahmed L.
AL
It really saved me a ton you maybe think exposing .env secret environmental variable could never happens to me I'm a great developer but really it... Read review
Rudy S.
RS
Alerts. GitGuardian has been saving my careless self from incurring unsolicited cost on APIs. Alerts when secrets are leaked are timely and provide... Read review
Seller Details
Year Founded
2017
HQ Location
Paris, Île-de-France
Company Website
https://www.gitguardian.com/
Twitter
@GitGuardian
LinkedIn® Page
https://www.linkedin.com/company/gitguardian

Aikido Security

(141)4.6 out of 5
Entry Level Price:Free
2nd Easiest To Use in Static Application Security Testing (SAST) software
OverviewUser Satisfaction
Product Description

Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido hel

Users: CTO, Founder · Industries: Computer Software, Information Technology and Services · Market Segment: 70% Small-Business, 18% Mid-Market
User SatisfactionWhat G2 Users Think
Aikido Security features and usability ratings that predict user satisfaction
8.1
Test Automation
Average: 8.6
9.4
Has the product been a good partner in doing business?
Average: 9.1
9.3
Quality of Support
Average: 9.2
8.2
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Sibil M.
SM
I find Aikido Security to have a very intuitive UI with good context around the issues, making navigation and prioritization easy. The generous... Read review
Richard P.
RP
It gives a lot of insights into issues and the AI takes care of an initial review saving a lot of time while providing evidence and in a lot of... Read review
Seller Details
Year Founded
2022
HQ Location
Ghent, Belgium
Company Website
https://aikido.dev
Twitter
@AikidoSecurity
LinkedIn® Page
https://www.linkedin.com/company/aikido-security/

SonarQube

(139)4.4 out of 5
Entry Level Price:Free
12th Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for SonarQube
OverviewUser Satisfaction
Product Description

Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verificat

Users: DevOps Engineer, Software Engineer · Industries: Information Technology and Services, Computer Software · Market Segment: 42% Enterprise, 39% Mid-Market
User SatisfactionWhat G2 Users Think
SonarQube features and usability ratings that predict user satisfaction
6.0
Test Automation
Average: 8.6
8.3
Has the product been a good partner in doing business?
Average: 9.1
8.1
Quality of Support
Average: 9.2
6.8
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
TG
they sell that is good , i don't have a change to fully test Read review
Mukesh K. R.
MR
Simple deployment. Very easy installing is practiced particularly on Kubernetes using YAML formats. Moreover, integration with GitHub by means of... Read review
Seller Details
Year Founded
2008
HQ Location
Geneva, Switzerland
Company Website
https://www.sonarsource.com
Twitter
@SonarSource
LinkedIn® Page
https://www.linkedin.com/company/sonarsource/

HCL AppScan

(76)4.1 out of 5
Entry Level Price:Free
OverviewUser Satisfaction
Product Description

HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint

Industries: Information Technology and Services, Computer & Network Security · Market Segment: 54% Enterprise, 28% Small-Business
User SatisfactionWhat G2 Users Think
HCL AppScan features and usability ratings that predict user satisfaction
8.4
Test Automation
Average: 8.6
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.5
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Banyu A.
BA
One of the best tools for app security. Easy to use and good documentation. Read review
Verified User in Computer & Network Security
AC
trustful assessment easy to use automatic scans Read review
Seller Details
Year Founded
1999
HQ Location
Noida, Uttar Pradesh
Company Website
https://hcl-software.com/
Twitter
@hcltech
LinkedIn® Page
https://www.linkedin.com/company/1756/
Ownership
NSE - National Stock Exchange of India

Mend.io

(112)4.3 out of 5
Entry Level Price:$250.00
OverviewUser Satisfaction
Product Description

Mend.io is the leading application security solution, helping organizations reduce application risk efficiently. Built for modern, AI-driven, and traditional development environments alike, Mend.io pr

Users: Software Engineer · Industries: Computer Software, Information Technology and Services · Market Segment: 38% Small-Business, 34% Mid-Market
User SatisfactionWhat G2 Users Think
Mend.io features and usability ratings that predict user satisfaction
7.2
Test Automation
Average: 8.6
8.8
Has the product been a good partner in doing business?
Average: 9.1
8.7
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Vivek Kumar S.
VS
Interface and flow of the application.Also the simplicity Read review
Meer T.
MT
The best thing is the security and easy to use. The mend bot offers couple of qualities to protect your projects against several security protocols... Read review
Seller Details
Year Founded
2011
HQ Location
Boston, Massachusetts
Company Website
https://mend.io
Twitter
@Mend_io
LinkedIn® Page
https://www.linkedin.com/company/2440656/

Appknox

(43)4.5 out of 5
11th Easiest To Use in Static Application Security Testing (SAST) software
OverviewUser Satisfaction
Product Description

Appknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite. We have been successfully reducing

Industries: Information Technology and Services, Financial Services · Market Segment: 40% Small-Business, 37% Mid-Market
User SatisfactionWhat G2 Users Think
Appknox features and usability ratings that predict user satisfaction
8.6
Test Automation
Average: 8.6
9.8
Has the product been a good partner in doing business?
Average: 9.1
9.2
Quality of Support
Average: 9.2
9.2
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Verified User in Human Resources
AH
Great customer service and responsive and communicative account manager and testing team Read review
Verified User in Chemicals
IC
Easy to learn. Easy to use, especially within non-technical teams. Read review
Seller Details
Year Founded
2014
HQ Location
Singapore, Singapore
Company Website
https://appknox.com
Twitter
@appknox
LinkedIn® Page
https://www.linkedin.com/company/3771872/

OX Security

(51)4.8 out of 5
8th Easiest To Use in Static Application Security Testing (SAST) software
OverviewUser Satisfaction
Product Description

OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform.

Users: Security Engineer · Industries: Financial Services, Information Technology and Services · Market Segment: 63% Mid-Market, 25% Enterprise
User SatisfactionWhat G2 Users Think
OX Security features and usability ratings that predict user satisfaction
7.3
Test Automation
Average: 8.6
9.7
Has the product been a good partner in doing business?
Average: 9.1
9.6
Quality of Support
Average: 9.2
7.7
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Verified User in Automotive
EA
As one of OX Security's first customers, I was searching for an effective solution to upscale Upstream Security's application security stack. I... Read review
Verified User in Information Technology and Services
UI
Best Free Solution for private users who want to check their repos. Read review
Seller Details
Year Founded
2021
HQ Location
New York, USA
Company Website
https://www.ox.security/
LinkedIn® Page
https://www.linkedin.com/company/ox-security/

Semgrep

(55)4.6 out of 5
Entry Level Price:Starting at $40.00
4th Easiest To Use in Static Application Security Testing (SAST) software
View top Consulting Services for Semgrep
OverviewUser Satisfaction
Product Description

Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysi

Industries: Information Technology and Services, Computer Software · Market Segment: 45% Enterprise, 42% Mid-Market
User SatisfactionWhat G2 Users Think
Semgrep features and usability ratings that predict user satisfaction
9.2
Test Automation
Average: 8.6
9.6
Has the product been a good partner in doing business?
Average: 9.1
8.8
Quality of Support
Average: 9.2
7.5
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Verified User in Financial Services
AF
Easy to add custom rules (e.g. by using the online rule editor). Also, Semgrep App has some nice, convenient features (like private rule repository). Read review
Verified User in Information Technology and Services
AI
The Semgrep supply chain is a boon for application and product security teams. Backed by the already solid Semgrep engine, it can quickly surface... Read review
Seller Details
Year Founded
2017
HQ Location
San Francisco, US
Company Website
https://semgrep.dev
Twitter
@semgrep
LinkedIn® Page
https://www.linkedin.com/company/returntocorp

Checkmarx

(36)4.2 out of 5
View top Consulting Services for Checkmarx
OverviewUser Satisfaction
Product Description

Checkmarx is a type of application security solution designed to help organizations safeguard their software development processes while enhancing efficiency and reducing costs. The Checkmarx One plat

Industries: Information Technology and Services, Computer Software · Market Segment: 58% Enterprise, 25% Mid-Market
User SatisfactionWhat G2 Users Think
Checkmarx features and usability ratings that predict user satisfaction
8.3
Test Automation
Average: 8.6
8.3
Has the product been a good partner in doing business?
Average: 9.1
8.3
Quality of Support
Average: 9.2
5.6
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Verified User in Renewables & Environment
AR
Static analysis & Apex Overview of unpackaged code Read review
Hatim B.
HB
Our choice of Checkmarx as a static code audit tool was done after a long reflection. the richness in terms of languages and the customization of... Read review
Seller Details
Year Founded
2006
HQ Location
Paramus, NJ
Company Website
https://www.checkmarx.com
Twitter
@Checkmarx
LinkedIn® Page
https://www.linkedin.com/company/checkmarx

Codacy

(29)4.6 out of 5
Entry Level Price:Free
10th Easiest To Use in Static Application Security Testing (SAST) software
OverviewUser Satisfaction
Product Description

Codacy is the only DevSecOps platform that delivers plug-and-play code health and security scanning for AI and human generated code. Future-proof your software – from source code to runtime – without

Industries: Computer Software · Market Segment: 59% Small-Business, 24% Mid-Market
User SatisfactionWhat G2 Users Think
Codacy features and usability ratings that predict user satisfaction
0.0
No information available
9.1
Has the product been a good partner in doing business?
Average: 9.1
9.1
Quality of Support
Average: 9.2
0.0
No information available
What G2 Users ThinkSeller Details
Michael P.
MP
Codacy is fantastic! I absolutely love the UI/UX. The great amount of customizations around rules for code review. Great language support. Love the... Read review
Verified User in Computer Software
UC
Codacy had great git and github integration for projects and even user accounts, simple and really easy to use web interface with no clutter and... Read review
Seller Details
Year Founded
2012
HQ Location
Lisbon, Lisboa
Company Website
https://www.codacy.com
Twitter
@codacy
LinkedIn® Page
https://www.linkedin.com/company/3310124/

Kiuwan Code Security & Insights

(34)4.5 out of 5
Entry Level Price:From $599
14th Easiest To Use in Static Application Security Testing (SAST) software
OverviewUser Satisfaction
Product Description

Fast, Flexible Code Security! Kiuwan is a robust, end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Secu

Industries: Information Technology and Services, Banking · Market Segment: 41% Enterprise, 35% Mid-Market
User SatisfactionWhat G2 Users Think
Kiuwan Code Security & Insights features and usability ratings that predict user satisfaction
9.4
Test Automation
Average: 8.6
8.9
Has the product been a good partner in doing business?
Average: 9.1
8.9
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
CK
We have integrated Kiuwan in our DevOps chain without issues, using TFS and other tools in this chain. We have already found a good bunch of... Read review
Óscar G.
ÓG
Kiuwan is a powerful tool that help our developers to create secure software. Also, the code quality component is very good. It provides a lot of... Read review
Seller Details
Year Founded
1999
HQ Location
Houston, TX
Company Website
https://www.idera.com/
Twitter
@MigrationWiz
LinkedIn® Page
https://www.linkedin.com/company/bittitan

CodeScan

(34)4.6 out of 5
OverviewUser Satisfaction
Product Description

CodeScan Shield addresses code quality, security, and compliance liabilities with two automated modules: CodeScan and OrgScan. CodeScan provides static code analysis for total visibility into code h

Industries: Information Technology and Services, Computer Software · Market Segment: 44% Enterprise, 38% Mid-Market
User SatisfactionWhat G2 Users Think
CodeScan features and usability ratings that predict user satisfaction
7.3
Test Automation
Average: 8.6
9.2
Has the product been a good partner in doing business?
Average: 9.1
9.0
Quality of Support
Average: 9.2
8.3
Black-Box Scanning
Average: 8.2
What G2 Users ThinkSeller Details
Verified User in Computer Software
CC
It finds the right bugs , it does the job well with less average cost. With regular updates on new features makes it more adaptive and easy to use... Read review
Mendy K.
MK
It's reducing potential bugs and other issues and make monitoring much easier, you should make your developers work with this tool and you catch... Read review
Seller Details
Year Founded
2015
HQ Location
San Francisco, US
Company Website
https://www.autorabit.com/
Twitter
@autorabit
LinkedIn® Page
https://www.linkedin.com/company/6592119/

DryRun Security

(20)4.9 out of 5
OverviewUser Satisfaction
Product Description

Security leaders face a paradox: ship faster and enable agentic development while staying secure and keeping developers productive. DryRun Security resolves this by securing every pull request and rep

Industries: Computer & Network Security · Market Segment: 40% Small-Business, 30% Mid-Market
User SatisfactionWhat G2 Users Think
DryRun Security features and usability ratings that predict user satisfaction
10.0
Test Automation
Average: 8.6
10.0
Has the product been a good partner in doing business?
Average: 9.1
10.0
Quality of Support
Average: 9.2
0.0
No information available
What G2 Users ThinkSeller Details
John P.
JP
DryRun Security runs and provides feedback where we do our work: GitHub. Feedback is provided quickly within the context of the Pull request. This... Read review
Seller Details
Year Founded
2023
HQ Location
Austin, US
Company Website
https://dryrun.security
LinkedIn® Page
https://www.linkedin.com/company/dryrun-security/