Check out our list of free Static Application Security Testing (SAST) Software. Products featured on this list are the ones that offer a free trial version. As with most free versions, there are limitations, typically time or features.
If you'd like to see more products and to evaluate additional feature options, compare all Static Application Security Testing (SAST) Software to ensure you get the right product.
GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process costs and decrease time to market while increasing developer productivity.
Appknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite. We have been successfully reducing delivery timelines, manpower costs & mitigating security threats for Global Banks and Enterprises in 10 + countries.
CodeScan is the leading end-to-end static code analysis solution. Our solutions are Lightning ready and are used exclusively for Salesforce, Salesforce teams, and DevOps team. We have the largest Salesforce ruleset, more than 21B line checks, and service over 150 customers around the world. Our analysis tools empower all levels of Salesforce DevOps teams with the ability to develop faster, better, cleaner, and more efficient code, while offering continuous inspection of code security and quali
Build secure applications from the start with Kiuwan Code Security, a SAST solution. Scan your application source code to detect and eliminate vulnerabilities using over 4000 constantly-updated rules based on 25 security standards, including CWE/SANS 25, OWASP Top 10, PCI DSS, HIPPA, and more. Kiuwan Code Security covers major programming languages and integrates with leading IDEs and DevOps tools. Advanced analytics provide remediation action plans for product managers and security teams with "
Platform for detecting security vulnerabilities in applications by analyzing the source code. bugScout® is the most complete and versatile SAST platform on the market for detecting application security vulnerabilities through source code analysis. Designed by ethical hackers and reputable security auditors, bugScout® follows international security rules and standards and is at the forefront of cybercrime techniques to keep customer applications safe and secure. It is multiplatform, offered On
PT Application Inspector™ (PT AI™) is a comprehensive source code analysis tool that offers protection for web applications of any scale. Its holistic approach combines the advantages of static, dynamic, and interactive analysis to maintain application security throughout every stage of development—from the very first line of code to the go-live.
Xanitizer is the essential tool for security auditors. It specializes in security analysis of web applications and also considers the behavior of the applied web frameworks. Xanitizer investigates the code of an application for security vulnerabilities and also checks the server configuration files for misconfigurations. Xanitizer can easily be integrated into the CI/CD process, automatically and regularly checking the application code to prevent that security vulnerabilities are introduced int
PVS-Studio is a tool for detecting bugs and security weaknesses in the source code of programs, written in C, C++, C# and Java. It works under 64-bit systems in Windows, Linux and macOS environments, and can analyze source code intended for 32-bit, 64-bit and embedded ARM platforms.
YAGAAN is a french startup established in 2017 and located in the Brittany Cyber Valley. In the SAST landscape, the YAG-Suite offers unique features to auditors and developers that only machine learning can bring on top of static analysis : - Smart detection of vulnerabilities - Automated qualification and hierarchization of the warnings raised by SAST, based on their likeliness to be true positives and their criticallity (individual CVSS score) - Advanced diagnostics of the detected vulnerabi