Top Free Static Application Security Testing (SAST) Software

Check out our list of free Static Application Security Testing (SAST) Software. Products featured on this list are the ones that offer a free trial version. As with most free versions, there are limitations, typically time or features.

If you'd like to see more products and to evaluate additional feature options, compare all Static Application Security Testing (SAST) Software to ensure you get the right product.

(290)4.4 out of 5

GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process costs and decrease time to market while increasing developer productivity.

We can use ssh-key feature in gitlab for working in team and one can clone, pushing the project without using credentials again and again Read review
Kamrul H.
I like this version control platform because it provides much features in free version too. It has many more function which are going to move to... Read review
(38)4.5 out of 5
Optimized for quick response

Appknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite. We have been successfully reducing delivery timelines, manpower costs & mitigating security threats for Global Banks and Enterprises in 10 + countries.

Prashant V.
They were very professional - gave us time-lines beforehand, and stuck to them. Communication was clear and crisp Their team is very knowledgeable,... Read review
(29)4.6 out of 5
Optimized for quick response
Entry Level Price:$250 a month

CodeScan is the leading end-to-end static code analysis solution. Our solutions are Lightning ready and are used exclusively for Salesforce, Salesforce teams, and DevOps team. We have the largest Salesforce ruleset, more than 21B line checks, and service over 150 customers around the world. Our analysis tools empower all levels of Salesforce DevOps teams with the ability to develop faster, better, cleaner, and more efficient code, while offering continuous inspection of code security and quali

The UX is pretty straightforward. The capabilities and the Rules library is the best I have seen at the moment. The best are the reports and... Read review
It finds the right bugs , it does the job well with less average cost. With regular updates on new features makes it more adaptive and easy to use... Read review
(22)4.4 out of 5
Entry Level Price:From $599

Build secure applications from the start with Kiuwan Code Security, a SAST solution. Scan your application source code to detect and eliminate vulnerabilities using over 4000 constantly-updated rules based on 25 security standards, including CWE/SANS 25, OWASP Top 10, PCI DSS, HIPPA, and more. Kiuwan Code Security covers major programming languages and integrates with leading IDEs and DevOps tools. Advanced analytics provide remediation action plans for product managers and security teams with "

Kiuwan is a very versatile tool, it allows you to review different programming languages, and what I like most is the ability to establish an... Read review
We have integrated Kiuwan in our DevOps chain without issues, using TFS and other tools in this chain. We have already found a good bunch of... Read review
(2)3.5 out of 5

Platform for detecting security vulnerabilities in applications by analyzing the source code. bugScout® is the most complete and versatile SAST platform on the market for detecting application security vulnerabilities through source code analysis. Designed by ethical hackers and reputable security auditors, bugScout® follows international security rules and standards and is at the forefront of cybercrime techniques to keep customer applications safe and secure. It is multiplatform, offered On

at price the tool does what its supposed to. Read review
(3)5.0 out of 5

PT Application Inspector™ (PT AI™) is a comprehensive source code analysis tool that offers protection for web applications of any scale. Its holistic approach combines the advantages of static, dynamic, and interactive analysis to maintain application security throughout every stage of development—from the very first line of code to the go-live.

We found the best price in the market and got good scan results. This is the only solution we found on the market which able to build exploit... Read review
(1)5.0 out of 5
Entry Level Price:$0

Xanitizer is the essential tool for security auditors. It specializes in security analysis of web applications and also considers the behavior of the applied web frameworks. Xanitizer investigates the code of an application for security vulnerabilities and also checks the server configuration files for misconfigurations. Xanitizer can easily be integrated into the CI/CD process, automatically and regularly checking the application code to prevent that security vulnerabilities are introduced int

Bernhard H.
For me, Xanitizer is my must-have to do source code analysis for Java applications. The taint analysis, based on a data flow analysis. Besides of... Read review

PVS-Studio is a tool for detecting bugs and security weaknesses in the source code of programs, written in C, C++, C# and Java. It works under 64-bit systems in Windows, Linux and macOS environments, and can analyze source code intended for 32-bit, 64-bit and embedded ARM platforms.

0 ratings

Focused on development teams, reshift is source code analysis tool that automates finding vulnerabilities in source code, and reduces the efforts to re-mediate them.

0 ratings

YAGAAN is a french startup established in 2017 and located in the Brittany Cyber Valley. In the SAST landscape, the YAG-Suite offers unique features to auditors and developers that only machine learning can bring on top of static analysis : - Smart detection of vulnerabilities - Automated qualification and hierarchization of the warnings raised by SAST, based on their likeliness to be true positives and their criticallity (individual CVSS score) - Advanced diagnostics of the detected vulnerabi

Top 10 Free Static Application Security Testing (SAST) Software in 2021

  • GitLab
  • Appknox
  • CodeScan
  • Kiuwan Code Security & Insights
  • bugScout