# Best Static Application Security Testing (SAST) Software - Page 2 *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Static application security testing (SAST) software inspects and analyzes an application’s code to discover security vulnerabilities without actually executing code. These tools are frequently used by companies with [continuous delivery](https://www.g2.com/categories/continuous-delivery) practices to identify flaws prior to deployment. SAST tools provide vulnerability information and remediation suggestions for development teams to resolve. There is relation and overlap between SAST tools and [static code analysis](https://www.g2.com/categories/static-code-analysis) software, but SAST products are more focused on security testing. Static code analysis products, on the other hand, combine a number of analytical practices, test management, and team collaboration features. [SAST vs DAST](https://research.g2.com/blog/sast-vs-dast) — Learn the difference To qualify for inclusion in the Static Application Security Testing (SAST) category, a product must: - Test applications to identify vulnerabilities - Not execute code during testing, or have the ability to run static tests - Provide information on relative vulnerabilities and exploits ## How Many Static Application Security Testing (SAST) Software Products Does G2 Track? **Total Products under this Category:** 109 ## How Does G2 Rank Static Application Security Testing (SAST) Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 5,100+ Authentic Reviews - 109+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Which Static Application Security Testing (SAST) Software Is Best for Your Use Case? - **Leader:** [GitHub](https://www.g2.com/products/github/reviews) - **Highest Performer:** [DryRun Security](https://www.g2.com/products/dryrun-security/reviews) - **Easiest to Use:** [GitGuardian](https://www.g2.com/products/gitguardian/reviews) - **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Best Free Software:** [GitHub](https://www.g2.com/products/github/reviews) --- **Sponsored** ### Endor Labs Endor Labs helps you build and ship secure software fast, whether it's written by humans and AI. While conventional code scanning tools drown teams in false positives, Endor Labs zeroes in on real risks, empowering developers without slowing them down. Trusted by OpenAI, Snowflake, Peloton, Robinhood, Dropbox, Rubrik, and more, Endor Labs is transforming AppSec. • 92% less alerts: Unify code scanning (SAST, SCA, container, secrets, malware, AI models) and automate security code reviews with AI. Pinpoint real vulnerabilities with function-level reachability, filtering out unreachable risks and letting developers fix what matters as they code. • 6X faster fixes: Skip the guesswork. Endor Labs guides developers towards safe OSS upgrades, and backports fixes for hard-to-update libraries. • Guardrails for AI coding assistants: Endor Labs natively integrates into AI coding assistants to help them produce code securely by default. Additionally, Endor Labs has built multiple agents to review the AI and human generated code for architecture and business-logic issues. • Compliance, streamlined: FedRAMP, PCI, NIST, and SLSA compliance is simplified with artifact signing, SBOM, VEX, and more—accelerating your path to secure, compliant code. Learn more at: www.endorlabs.com/demo-request [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=paid_promo&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=1520&secure%5Bmedium%5D=sponsored&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1317430&secure%5Bresource_id%5D=1520&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fstatic-application-security-testing-sast%3Fpage%3D2&secure%5Btoken%5D=2cf225acb8b15732ffa31dd17b7c1df63c97e4958fdae9adb67477f29e2dbed3&secure%5Burl%5D=https%3A%2F%2Fwww.endorlabs.com%2Fplatform&secure%5Burl_type%5D=paid_promos) --- ## What Are the Top-Rated Static Application Security Testing (SAST) Software Products in 2026? ### 1. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews) Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats. **Average Rating:** 4.5/5.0 **Total Reviews:** 49 **How Do G2 Users Rate Contrast Security?** - **Test Automation:** 8.3/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.1/10) - **Quality of Support:** 9.3/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 9.0/10 (Category avg: 8.2/10) **Who Is the Company Behind Contrast Security?** - **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security) - **Company Website:** https://contrastsecurity.com - **Year Founded:** 2014 - **HQ Location:** Pleasanton, CA - **Twitter:** @contrastsec (5,479 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (224 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Insurance, Information Technology and Services - **Company Size:** 67% Enterprise, 20% Mid-Market #### What Are Contrast Security's Pros and Cons? **Pros:** - Accuracy of Findings (2 reviews) - Accuracy of Results (2 reviews) - Vulnerability Detection (2 reviews) - Automated Scanning (1 reviews) - Automation (1 reviews) **Cons:** - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Performance Issues (1 reviews) - Problematic Updates (1 reviews) - Setup Complexity (1 reviews) ### 2. [Klocwork](https://www.g2.com/products/klocwork/reviews) Perforce Klocwork is an enterprise grade SAST solution for C, C++, C#, Rust (support coming March 2026), Java, JavaScript, Python, and Kotlin. It helps development teams detect security vulnerabilities, quality issues, and reliability defects early, while supporting compliance with industry and regulatory standards. Klocwork is purpose built to analyze very large, complex codebases and scales to hundreds of millions of lines of code, well beyond the practical limits of many traditional SAST tools. This makes it especially suited for organizations developing long lived, safety critical, or security critical systems. Designed for DevOps and DevSecOps, Klocwork integrates with complex build systems, CI/CD pipelines, cloud and containerized environments, and common developer tools—enabling consistent security and quality enforcement without slowing development. Static Application Security Testing (SAST) Klocwork identifies a wide range of security vulnerabilities, including SQL injection, tainted data flows, buffer overflows, and other insecure coding practices. It also detects bugs and quality issues such as null pointer dereferences, memory and resource leaks, uncaught exceptions, and code smells. The solution supports compliance with internationally recognized standards including CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961. Automated CI/CD integrations make continuous security testing practical even for very large systems. AI Assisted Code Remediation with MCP Klocwork extends static analysis with AI assisted code remediation, designed to help developers resolve findings faster and with greater confidence. Using MCP based capabilities, Klocwork securely exposes rich static analysis context—defect data, rule knowledge, and precise fix guidance—to supported AI code assist tools directly within the IDE. Rather than relying on generic AI suggestions, Klocwork’s remediation feature combines deep static analysis insights with comprehensive documentation and exact fix instructions, enabling AI assistants to propose accurate, context aware corrections for security vulnerabilities, quality defects, and coding standard violations. Fixes are presented as clear diffs and require developer review and approval, making the approach suitable for safety and security critical environments. By integrating remediation into the developer workflow, Klocwork reduces time spent interpreting analysis results, researching fixes, and switching between tools. Developers stay in their IDE, receive guided remediation aligned with secure coding standards and project specific rules, and can immediately re analyze code to validate fixes. This completes the optimal shift left approach—helping teams not only find issues early, but fix them efficiently and consistently. Project Streams and Enterprise Scalability Klocwork’s Project Streams feature simplifies managing shared codebases with multiple variants or branches. A single rule configuration can be applied across streams, issues common to multiple variants stay synchronized, and stream specific findings are clearly identified for reporting and compliance. Developer Focused and Centralized Klocwork integrates directly into popular IDEs to deliver fast, contextual feedback as developers write code. Out of the box compiler support eliminates manual setup, while centralized dashboards provide visibility into trends, risk, and compliance across projects of any size. **Average Rating:** 4.4/5.0 **Total Reviews:** 22 **How Do G2 Users Rate Klocwork?** - **Has the product been a good partner in doing business?:** 8.1/10 (Category avg: 9.1/10) - **Quality of Support:** 8.5/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 10.0/10 (Category avg: 8.2/10) **Who Is the Company Behind Klocwork?** - **Seller:** [Perforce](https://www.g2.com/sellers/perforce) - **Year Founded:** 1995 - **HQ Location:** Minneapolis, MN - **Twitter:** @perforce (5,094 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/perforce/ (2,032 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 48% Mid-Market, 35% Small-Business ### 3. [Mend.io](https://www.g2.com/products/mend-io/reviews) Modern risk doesn't live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster. **Average Rating:** 4.3/5.0 **Total Reviews:** 105 **How Do G2 Users Rate Mend.io?** - **Test Automation:** 7.2/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.1/10) - **Quality of Support:** 8.7/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 8.3/10 (Category avg: 8.2/10) **Who Is the Company Behind Mend.io?** - **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b) - **Company Website:** https://mend.io - **Year Founded:** 2011 - **HQ Location:** Boston, Massachusetts - **Twitter:** @Mend_io (11,300 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (258 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 38% Small-Business, 34% Mid-Market #### What Are Mend.io's Pros and Cons? **Pros:** - Scanning Efficiency (8 reviews) - Ease of Use (7 reviews) - Easy Integrations (6 reviews) - Scanning Technology (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Integration Issues (6 reviews) - Limited Features (3 reviews) - Missing Features (3 reviews) - Complex Implementation (2 reviews) - Confusing Interface (2 reviews) ### 4. [CodeScan](https://www.g2.com/products/codescan/reviews) CodeScan Shield addresses code quality, security, and compliance liabilities with two automated modules: CodeScan and OrgScan. CodeScan provides static code analysis for total visibility into code health from the moment it’s written through production. OrgScan governs organizational policies by enforcing the security and compliance rules mandated for your Salesforce environment. Together, they ensure the code that makes up your Salesforce environment and the way the environment is being utilized will always meet high standards. The result is strengthened data security, streamlined DevSecOps processes, and an assurance of meeting compliance standards—avoiding potentially thousands of dollars in fines and lost opportunities. CodeScan Shield protects your Salesforce org from both the inside and outside. CodeScan provides dashboards and reports for consistent code visibility, while also alerting developers the moment new errors are introduced. OrgScan analyzes Salesforce policies to ensure the organization remains compliant with client-mandated specifications and guidelines. Violations are flagged and recorded in an interactive dashboard. Progress is tracked for policy reviews. Collectively, these features ensure admins maintain governance control within their organization. CodeScan Shield is part of AutoRABIT’s complete DevSecOps platform. Enabling Salesforce DevOps teams with CodeScan Shield’s powerful technology produces high-quality, secure applications and updates at speed. **Average Rating:** 4.6/5.0 **Total Reviews:** 30 **How Do G2 Users Rate CodeScan?** - **Test Automation:** 7.3/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.1/10) - **Quality of Support:** 9.0/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 8.3/10 (Category avg: 8.2/10) **Who Is the Company Behind CodeScan?** - **Seller:** [AutoRABIT](https://www.g2.com/sellers/autorabit) - **Year Founded:** 2015 - **HQ Location:** San Francisco, US - **Twitter:** @autorabit (1,240 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/6592119/ (268 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 44% Enterprise, 38% Mid-Market ### 5. [DeepSource](https://www.g2.com/products/deepsource/reviews) DeepSource is an all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle. - Guaranteed below 5% false-positive rate with highly accurate and fast static analyzers - Automated issue remediation with Autofix™️ - Code Issue and security reporting: OWASP Top 10, SANS Top 25, Code Coverage, and more - Self-hosted option with one-click installation and upgrades **Average Rating:** 4.6/5.0 **Total Reviews:** 22 **How Do G2 Users Rate DeepSource?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.1/10) - **Quality of Support:** 9.5/10 (Category avg: 9.2/10) **Who Is the Company Behind DeepSource?** - **Seller:** [DeepSource](https://www.g2.com/sellers/deepsource) - **Year Founded:** 2018 - **HQ Location:** San Francisco, California - **LinkedIn® Page:** https://www.linkedin.com/company/deepsourcelabs/ (19 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 82% Small-Business, 9% Enterprise ### 6. [Embold](https://www.g2.com/products/embold/reviews) Embold supports developers and development teams by finding critical code issues before they become roadblocks. It is the perfect tool to analyze, diagnose, transform, and sustain your software efficiently. With the use of A.I. and machine learning technologies, Embold can immediately prioritize issues, suggest ways to best solve them, and re-factor software where necessary. Run it within your current Dev-Ops stack, on premise or in the cloud privately or publicly. **Average Rating:** 4.7/5.0 **Total Reviews:** 15 **How Do G2 Users Rate Embold?** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.1/10) - **Quality of Support:** 9.4/10 (Category avg: 9.2/10) **Who Is the Company Behind Embold?** - **Seller:** [Embold Technologies](https://www.g2.com/sellers/embold-technologies) - **Year Founded:** 2009 - **HQ Location:** Frankfurt am Main, Hesse - **Twitter:** @embold_io (1,058 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1727876/ (12 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 56% Small-Business, 28% Mid-Market ### 7. [AttackFlow](https://www.g2.com/products/attackflow/reviews) AttackFlow is a solution helps find security and quality weaknesses in software by analyzing the code. **Average Rating:** 4.2/5.0 **Total Reviews:** 11 **How Do G2 Users Rate AttackFlow?** - **Test Automation:** 8.8/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 7.1/10 (Category avg: 9.1/10) - **Quality of Support:** 8.7/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 8.3/10 (Category avg: 8.2/10) **Who Is the Company Behind AttackFlow?** - **Seller:** [AttackFlow](https://www.g2.com/sellers/attackflow) - **HQ Location:** San Francisco, CA - **Twitter:** @attackflow (1,329 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10886615/ (1 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 45% Mid-Market, 45% Enterprise ### 8. [Cyclopt Companion](https://www.g2.com/products/cyclopt-companion/reviews) Cyclopt Companion is a sophisticated software solution designed to assist developers in writing better, more secure, and maintainable code. Whether you are a junior developer, a seasoned freelancer, a full-stack engineer, or a QA lead, Cyclopt Companion provides the tools necessary to validate every line of code before deployment. This product aims to reduce technical debt and enhance the overall quality of software development, ensuring that users can deliver reliable applications with confidence. The Cyclopt Companion stands out in the realm of code quality evaluation by employing the ISO 25010:2023 methodology. This framework allows for a comprehensive assessment of maintainability, security, and code quality. By analyzing critical factors such as complexity, coupling, cohesion, and documentation, Cyclopt Companion offers a data-driven approach to identifying potential vulnerabilities and coding violations. This is particularly valuable in an era where AI tools can generate code rapidly, but may inadvertently introduce risks and technical debt. One of the key features of Cyclopt Companion is its ability to provide instant insights into your codebase. Upon each commit, users receive an updated status report that highlights significant issues, including coding violations, vulnerabilities, code duplication, and maintainability concerns. This proactive approach enables developers to address problems early in the development cycle, ultimately leading to higher quality code and a more efficient workflow. Additionally, Cyclopt Profile allows developers to showcase their skills and track their growth across eight distinct categories. By performing a deep analysis of individual developer characteristics, users can create and share a personalized profile page that highlights their unique software development capabilities. As developers progress and improve their skills, they can earn badges, providing a tangible representation of their achievements. Cyclopt Companion is designed to integrate seamlessly with existing development tools, ensuring that teams can continue their workflows without disruption. It supports popular platforms such as GitHub, GitLab, Bitbucket, and Azure DevOps, as well as communication tools like Slack, Teams, and Discord. This flexibility makes it an ideal choice for engineering teams, DevOps professionals, and software leaders who prioritize reliability, transparency, and continuous improvement in their codebases. By streamlining development processes and enhancing code quality, Cyclopt Companion empowers users to ship secure software faster. **Average Rating:** 4.6/5.0 **Total Reviews:** 13 **How Do G2 Users Rate Cyclopt Companion?** - **Test Automation:** 10.0/10 (Category avg: 8.6/10) - **Quality of Support:** 9.6/10 (Category avg: 9.2/10) **Who Is the Company Behind Cyclopt Companion?** - **Seller:** [Cyclopt](https://www.g2.com/sellers/cyclopt) - **Company Website:** https://www.cyclopt.com/ - **Year Founded:** 2017 - **HQ Location:** Pylaia, GR - **LinkedIn® Page:** https://www.linkedin.com/company/cyclopt (11 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 100% Small-Business #### What Are Cyclopt Companion's Pros and Cons? **Pros:** - Features (4 reviews) - Security (4 reviews) - Code Quality (3 reviews) - Issue Identification (3 reviews) - Alert Notifications (2 reviews) **Cons:** - Difficult Learning (3 reviews) - Learning Difficulty (2 reviews) - Difficult Navigation (1 reviews) - Difficulty for Beginners (1 reviews) - Metrics Issues (1 reviews) ### 9. [Visual Expert](https://www.g2.com/products/visual-expert/reviews) Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Leverage hundreds of features to improve the quality, performance, and security of your applications. Find Cross References Identify code dependencies to estimate the impact of a change and modify your code without breaking your application. Detect Security Vulnerabilities Automatically scan your code to detect and fix security issues. Generate Code Inspection Report to clean it up, streamline maintenance efforts and avoid unexpected behavior. Review CRUD Operations Automatically generate a CRUD matrix showing which programs access your data. Generate Diagrams from your code to visualize objects and dependencies: Call graphs, Data Models, impact analysis diagrams… Automatically generate comprehensive HTML documentation of your source code. Analyze and Improve Code Performance Find the slow pieces of code, analyze processes, and remove bottlenecks. Compare two versions of your application or sets of code. Filter changes and save snapshots of your code to compare them anytime in the future. **Average Rating:** 4.6/5.0 **Total Reviews:** 12 **How Do G2 Users Rate Visual Expert?** - **Test Automation:** 8.3/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.1/10) - **Quality of Support:** 9.4/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 5.8/10 (Category avg: 8.2/10) **Who Is the Company Behind Visual Expert?** - **Seller:** [Novalys](https://www.g2.com/sellers/novalys) - **Year Founded:** 1998 - **HQ Location:** Boulogne-Billancourt, Ile-de-France - **Twitter:** @PowerBuilderTV (615 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10014166/ (30 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 67% Mid-Market, 17% Small-Business #### What Are Visual Expert's Pros and Cons? **Pros:** - Easy Setup (1 reviews) - Features (1 reviews) - Security (1 reviews) **Cons:** - Confusing Interface (1 reviews) - Difficulty for Beginners (1 reviews) - Limited Features (1 reviews) - Slow Performance (1 reviews) ### 10. [Whitespots Security Portal](https://www.g2.com/products/whitespots-security-portal/reviews) Vulnerability management tool on steroids 📈 Measure and control your application security state; 🔎 Scan your code, containers, web and mobile applications using ANY tool; 🔥 Remove duplicates, validate results, comment merge requests and create Jira tasks in seconds; 🕜 Save your engineers time and automate your processes; ✅ Self-hosted **Average Rating:** 5.0/5.0 **Total Reviews:** 10 **How Do G2 Users Rate Whitespots Security Portal?** - **Test Automation:** 10.0/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.1/10) - **Quality of Support:** 9.6/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 8.1/10 (Category avg: 8.2/10) **Who Is the Company Behind Whitespots Security Portal?** - **Seller:** [Whitespots](https://www.g2.com/sellers/whitespots) - **Year Founded:** 2020 - **HQ Location:** Tallinn, EE - **LinkedIn® Page:** https://www.linkedin.com/company/whitespots/ (16 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 60% Mid-Market, 20% Enterprise #### What Are Whitespots Security Portal's Pros and Cons? **Pros:** - Easy Setup (4 reviews) - Features (4 reviews) - Speed (4 reviews) - User Interface (4 reviews) - Vulnerability Detection (4 reviews) **Cons:** - Poor Analytics (1 reviews) - Poor Documentation (1 reviews) - UX Improvement (1 reviews) ### 11. [DerScanner](https://www.g2.com/products/derscanner/reviews) DerScanner is a complete application security testing solution to eliminate known and unknown code threats across Software Development Lifecycle. DerScanner static code analysis offers developers the support for 43 programming languages ensuring thorough security coverage for almost any application. DerScanner's SAST uniquely analyzes both source and binary files, revealing hidden vulnerabilities that are often missed in standard scans. This is especially crucial for legacy applications or when source code access is limited. DerScanner’s DAST feature mimics an external attacker, similar to penetration testing. This is vital for finding vulnerabilities that only appear when the application is operational. DAST in DerScanner enriches SAST findings by cross-checking and correlating vulnerabilities detected by both methods. With DerScanner Software Composition Analysis you can gain critical insights into open-source components and dependencies in your projects. It helps identify vulnerabilities early and ensures compliance with licensing terms, reducing legal risks. DerScanner's Supply Chain Security continuously monitors public repositories, evaluating the security posture of each package. This allows you to make informed decisions about using open-source components in your applications. **Average Rating:** 5.0/5.0 **Total Reviews:** 8 **How Do G2 Users Rate DerScanner?** - **Test Automation:** 9.2/10 (Category avg: 8.6/10) - **Quality of Support:** 10.0/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 10.0/10 (Category avg: 8.2/10) **Who Is the Company Behind DerScanner?** - **Seller:** [DerSecur](https://www.g2.com/sellers/dersecur) - **Year Founded:** 2011 - **HQ Location:** Dubai - **LinkedIn® Page:** https://www.linkedin.com/company/dersecur/ (16 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 88% Small-Business, 63% Mid-Market ### 12. [Parasoft Jtest](https://www.g2.com/products/parasoft-jtest/reviews) Parasoft Jtest is an integrated Java testing tool for Application Software Development. Develop high-quality code within an Agile workflow. Jtest’s comprehensive set of Java testing tools ensures high code coverage through every stage of software development. Parasoft Jtest integrates tightly into your development ecosystem and CI/CD pipeline for real-time, intelligent feedback on your testing and compliance progress. Jtest highlights code coverage and code quality, leverages AI for JUnit test creation, and identifies security and reliability issues so stakeholders can understand the quality of the deliverables and make informed decisions about risk of release. **Average Rating:** 4.6/5.0 **Total Reviews:** 13 **How Do G2 Users Rate Parasoft Jtest?** - **Test Automation:** 8.3/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.1/10) - **Quality of Support:** 9.1/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 8.9/10 (Category avg: 8.2/10) **Who Is the Company Behind Parasoft Jtest?** - **Seller:** [Parasoft](https://www.g2.com/sellers/parasoft) - **Year Founded:** 1987 - **HQ Location:** Monrovia, CA - **Twitter:** @Parasoft (2,597 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/parasoft/ (303 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 38% Enterprise, 31% Mid-Market ### 13. [BugProve](https://www.g2.com/products/bugprove/reviews) As former security researchers, we founded BugProve to deliver the level of security that IoT deserves! Experience peace of mind by leveraging our automated firmware analysis platform: Swift Results: Upload your firmware image and receive first results in just 5 minutes. - Supply Chain Risk Management and Compliance: Identify components and known vulnerabilities, and opt for continuous CVE monitoring for compliance assurance. - Zero-day detection: Our built-in zero-day detection engine, PRIS, detects memory corruption vulnerabilities before they can be exploited. - All-in-One Hub: Seamlessly access product security reevaluations, comparisons, and updates, presented in an easily digestible format. - Effortless Sharing: Share findings via live links or export them as PDFs for convenient reporting. Involve your product development team with AI-assisted remediation recommendations. - Accelerated Testing: Save weeks in the pentesting process, enabling you to focus on in-depth discoveries and launch more secure products, without security bottlenecks. - IoT specific, detailed scans: BugProve runs checks directly on firmware, no source code needed. We run advanced static and dynamic analysis, unique multi-binary taint analysis, cryptographic analysis, and security configuration checks. No long-term contracts, commitments, and hidden fees. What’s more, we believe you should test the platform to see what it can do, so we offer a Free Plan. Sign up, and start scanning! **Average Rating:** 4.9/5.0 **Total Reviews:** 20 **How Do G2 Users Rate BugProve?** - **Test Automation:** 10.0/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.1/10) - **Quality of Support:** 9.6/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 9.0/10 (Category avg: 8.2/10) **Who Is the Company Behind BugProve?** - **Seller:** [BugProve](https://www.g2.com/sellers/bugprove) - **Year Founded:** 2021 - **HQ Location:** Budapest, HU - **Twitter:** @Bugprove (147 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/bugprove (3 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer & Network Security - **Company Size:** 90% Small-Business, 10% Enterprise ### 14. [CodeSonar](https://www.g2.com/products/codesonar/reviews) As a leading provider of static application security testing (SAST) solutions, CodeSecure helps software developers solve challenging issues throughout the software development life cycle (SDLC) to protect mission-critical software and devices from failure and cyberattack. By enabling developers to shift security testing left, CodeSecure CodeSonar seamlessly integrates into CI/CD and DevSecOps tools to assist developers in designing, developing, and deploying trusted software applications – meeting standards, minimizing risk and accelerating projects to gain a competitive advantage. CodeSecure CodeSonar is a multi-language static application security testing (SAST) solution supporting C, C++, C# and Java. CodeSonar provides deep static analysis to quickly find and fix defects impacting code quality, safety and security. With seamless integrations into developer tools such as GitHub, GitLab, Jenkins, Visual Studio and others, CodeSonar is easily adopted into developer workflows to efficiently and continuously test code to create higher quality, safer and more secure software.   **Average Rating:** 4.3/5.0 **Total Reviews:** 13 **How Do G2 Users Rate CodeSonar?** - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.1/10) - **Quality of Support:** 8.8/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 6.7/10 (Category avg: 8.2/10) **Who Is the Company Behind CodeSonar?** - **Seller:** [CodeSecure](https://www.g2.com/sellers/codesecure) - **Year Founded:** 1988 - **HQ Location:** Ithaca, NY - **Twitter:** @GrammaTech (687 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/82321 (50 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 38% Mid-Market, 31% Small-Business ### 15. [CoreOS Clair](https://www.g2.com/products/coreos-clair/reviews) Open-source container vulnerability analysis service. **Average Rating:** 4.5/5.0 **Total Reviews:** 5 **How Do G2 Users Rate CoreOS Clair?** - **Has the product been a good partner in doing business?:** 6.7/10 (Category avg: 9.1/10) - **Quality of Support:** 7.7/10 (Category avg: 9.2/10) **Who Is the Company Behind CoreOS Clair?** - **Seller:** [Red Hat](https://www.g2.com/sellers/red-hat) - **Year Founded:** 1993 - **HQ Location:** Raleigh, NC - **Twitter:** @RedHat (300,137 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/3545/ (19,305 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 60% Enterprise, 40% Small-Business ### 16. [Hubbl Diagnostics](https://www.g2.com/products/hubbl-diagnostics-hubbl-diagnostics/reviews) Hubbl Diagnostics is setting the standard for Salesforce success through secure, automated, AI-driven org intelligence. - Monitor health and performance: Instantly gain a holistic view of your org. - Improve security: Pinpoint security and compliance risks. - Unlock ecosystem insights: Benchmark against industry standards. - Take action: Identify and fix your high priority issues—fast. - Streamline processes: Optimize your business process, inside Salesforce. Our solution provides the C-suite, Salesforce admins, architects, and consultants with the broadest and most actionable insights into any Salesforce org. Tackle technical debt, redundant automation, and ever-expanding org complexity to get the best return on your Salesforce investment, faster. **Average Rating:** 4.8/5.0 **Total Reviews:** 18 **How Do G2 Users Rate Hubbl Diagnostics?** - **Test Automation:** 10.0/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.1/10) - **Quality of Support:** 9.7/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 10.0/10 (Category avg: 8.2/10) **Who Is the Company Behind Hubbl Diagnostics?** - **Seller:** [Hubbl Diagnostics](https://www.g2.com/sellers/hubbl-diagnostics) - **Year Founded:** 2022 - **HQ Location:** Vancouver - **Twitter:** @HubblTech (5 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/hubbl-diagnostics/ (26 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Consulting, Non-Profit Organization Management - **Company Size:** 56% Mid-Market, 22% Small-Business #### What Are Hubbl Diagnostics's Pros and Cons? **Pros:** - Ease of Use (3 reviews) - Data Accuracy (2 reviews) - Efficiency (2 reviews) - Issue Identification (2 reviews) - Salesforce Integration (2 reviews) **Cons:** - Data Management (1 reviews) - Limitations (1 reviews) - Software Bugs (1 reviews) ### 17. [AppSecure Security](https://www.g2.com/products/appsecure-security/reviews) AppSecure Security is a CREST-accredited offensive security company specializing in Red Teaming, Penetration Testing (Pentesting), and Vulnerability Assessment and Penetration Testing (VAPT). We deliver hacker-focused security assessments to help businesses understand their security posture and protect against real-world cyber threats. Our expert team employs cutting-edge, real-world hacking techniques to evaluate your organization’s security posture, identify critical security vulnerabilities, and work with your team to remediate them effectively. Backed by elite security researchers with proven expertise in leading bug bounty programs like PayPal, Reddit, LinkedIn, Instacart, and more, AppSecure Security is your trusted partner in safeguarding your business from evolving cyber threats. **Average Rating:** 4.9/5.0 **Total Reviews:** 7 **How Do G2 Users Rate AppSecure Security?** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.1/10) - **Quality of Support:** 9.2/10 (Category avg: 9.2/10) **Who Is the Company Behind AppSecure Security?** - **Seller:** [AppSecure](https://www.g2.com/sellers/appsecure) - **Year Founded:** 2015 - **HQ Location:** Bengaluru, India - **Twitter:** @AppSecure (347 Twitter followers) - **LinkedIn® Page:** https://in.linkedin.com/company/appsecure-security (14 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 63% Mid-Market, 38% Small-Business #### What Are AppSecure Security's Pros and Cons? **Pros:** - Clear Interface (1 reviews) - Comprehensive Solutions (1 reviews) - Customizability (1 reviews) - Real-time Monitoring (1 reviews) - Reporting (1 reviews) **Cons:** - Complex Setup (1 reviews) - Difficulty for Beginners (1 reviews) - High Learning Curve (1 reviews) - Setup Difficulty (1 reviews) ### 18. [Endor Labs](https://www.g2.com/products/endor-labs/reviews) Endor Labs helps you build and ship secure software fast, whether it's written by humans and AI. While conventional code scanning tools drown teams in false positives, Endor Labs zeroes in on real risks, empowering developers without slowing them down. Trusted by OpenAI, Snowflake, Peloton, Robinhood, Dropbox, Rubrik, and more, Endor Labs is transforming AppSec. • 92% less alerts: Unify code scanning (SAST, SCA, container, secrets, malware, AI models) and automate security code reviews with AI. Pinpoint real vulnerabilities with function-level reachability, filtering out unreachable risks and letting developers fix what matters as they code. • 6X faster fixes: Skip the guesswork. Endor Labs guides developers towards safe OSS upgrades, and backports fixes for hard-to-update libraries. • Guardrails for AI coding assistants: Endor Labs natively integrates into AI coding assistants to help them produce code securely by default. Additionally, Endor Labs has built multiple agents to review the AI and human generated code for architecture and business-logic issues. • Compliance, streamlined: FedRAMP, PCI, NIST, and SLSA compliance is simplified with artifact signing, SBOM, VEX, and more—accelerating your path to secure, compliant code. Learn more at: www.endorlabs.com/demo-request **Average Rating:** 4.8/5.0 **Total Reviews:** 9 **How Do G2 Users Rate Endor Labs?** - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.1/10) - **Quality of Support:** 9.8/10 (Category avg: 9.2/10) **Who Is the Company Behind Endor Labs?** - **Seller:** [Endor Labs](https://www.g2.com/sellers/endor-labs) - **Company Website:** https://www.endorlabs.com/ - **Year Founded:** 2021 - **HQ Location:** Palo Alto, California, United States - **Twitter:** @EndorLabs (563 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/endorlabs (200 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 78% Mid-Market, 22% Enterprise #### What Are Endor Labs's Pros and Cons? **Pros:** - Features (5 reviews) - Ease of Use (4 reviews) - Accuracy of Findings (3 reviews) - Customer Support (3 reviews) - Integration Support (3 reviews) **Cons:** - UX Improvement (3 reviews) - API Limitations (1 reviews) - Difficult Setup (1 reviews) - Integration Issues (1 reviews) - Missing Features (1 reviews) ### 19. [Steampunk Spotter](https://www.g2.com/products/steampunk-spotter/reviews) Spotter helps users create and maintain Ansible Playbooks with ease while ensuring they are always up-to-date and secure. With its comprehensive analytics and reporting capabilities, Spotter offers valuable insights into automation, enabling users to identify bottlenecks, monitor performance, and make data-driven decisions. Designed to maximize automation and drive operational excellence, Spotter has gained the trust of users worldwide. With Spotter, teams can focus on strategic initiatives and achieve superior business outcomes. **Average Rating:** 4.6/5.0 **Total Reviews:** 6 **How Do G2 Users Rate Steampunk Spotter?** - **Test Automation:** 9.2/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.1/10) - **Quality of Support:** 9.2/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 8.3/10 (Category avg: 8.2/10) **Who Is the Company Behind Steampunk Spotter?** - **Seller:** [XLAB Steampunk](https://www.g2.com/sellers/xlab-steampunk) - **Year Founded:** 2018 - **HQ Location:** Pot za Brdom 100, SI - **Twitter:** @xlab_steampunk (70 Twitter followers) - **LinkedIn® Page:** http://www.linkedin.com/company/xlab-steampunk (2 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 67% Small-Business, 17% Enterprise ### 20. [Arnica](https://www.g2.com/products/arnica/reviews) Arnica simplifies and effectively automates source code security, while maintaining or improving development velocity. Arnica uses rich tooling integration, deep learning, and behavioral analytics to empower organizations with the tools to be proactive in building a secure software supply chain. **Average Rating:** 4.9/5.0 **Total Reviews:** 5 **How Do G2 Users Rate Arnica?** - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.1/10) - **Quality of Support:** 10.0/10 (Category avg: 9.2/10) **Who Is the Company Behind Arnica?** - **Seller:** [Arnica](https://www.g2.com/sellers/arnica) - **Year Founded:** 2021 - **HQ Location:** Alpharetta, Georgia - **Twitter:** @arnicaio (126 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/arnica-io/about (54 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 60% Enterprise, 20% Mid-Market #### What Are Arnica's Pros and Cons? **Pros:** - Accuracy of Findings (1 reviews) - Actionable Recommendations (1 reviews) - Ease of Use (1 reviews) - Easy Setup (1 reviews) - Remediation Solutions (1 reviews) **Cons:** - Paid Features (1 reviews) ### 21. [CodePeer](https://www.g2.com/products/codepeer/reviews) CodePeer is an Ada source code analyzer that detects run-time and logic errors. It assesses potential bugs before program execution, serving as an automated peer reviewer, helping to find errors easily at any stage of the development life-cycle. CodePeer helps you improve the quality of your code and makes it easier for you to perform safety and/or security analysis. **Average Rating:** 4.7/5.0 **Total Reviews:** 3 **How Do G2 Users Rate CodePeer?** - **Test Automation:** 10.0/10 (Category avg: 8.6/10) - **Quality of Support:** 8.9/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 9.4/10 (Category avg: 8.2/10) **Who Is the Company Behind CodePeer?** - **Seller:** [Adacore](https://www.g2.com/sellers/adacore) - **Year Founded:** 1994 - **HQ Location:** Paris, Île-de-France, France - **Twitter:** @AdaCoreCompany (2,011 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/adacore (150 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 100% Enterprise ### 22. [ImmuniWeb AI Platform](https://www.g2.com/products/immuniweb-ai-platform/reviews) Attack surface management and Dark Web Monitoring. ImmuniWeb® Discovery leverages OSINT and our award-winning AI technology to illuminate attack surface and Dark Web exposure of a company. The non-intrusive and production-safe discovery is a perfect fit both for continuous self-assessment and vendor risk scoring to prevent supply chain attacks. **Average Rating:** 4.7/5.0 **Total Reviews:** 11 **How Do G2 Users Rate ImmuniWeb AI Platform?** - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.1/10) - **Quality of Support:** 10.0/10 (Category avg: 9.2/10) **Who Is the Company Behind ImmuniWeb AI Platform?** - **Seller:** [ImmuniWeb](https://www.g2.com/sellers/immuniweb-8be8a6d5-dde6-41c6-b289-3ad6257f0258) - **Year Founded:** 2019 - **HQ Location:** Geneva, CH - **Twitter:** @immuniweb (8,487 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/immuniweb/ (33 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 92% Mid-Market, 8% Small-Business #### What Are ImmuniWeb AI Platform's Pros and Cons? **Pros:** - Monitoring (2 reviews) - Monitoring Efficiency (2 reviews) - Alert Notifications (1 reviews) - Customer Support (1 reviews) - Dark Web Monitoring (1 reviews) **Cons:** - Integration Issues (1 reviews) - Lack of Integration (1 reviews) - Limited Features (1 reviews) - Limited Flexibility (1 reviews) - Limited Reporting (1 reviews) ### 23. [Qwiet AI](https://www.g2.com/products/qwiet-ai/reviews) Qwiet AI delivers comprehensive application security by combining agentic AI with advanced code analysis. In a single scan, the platform provides uniquely accurate SAST, SCA, SBOM, secrets detection, and container analysis that helps dev and security teams find and fix vulnerabilities faster. With its proprietary Code Property Graph (CPG) technology and AI/ML models, Qwiet AI achieves up to 95% reduction in false positives compared to traditional tools, while offering contextual AutoFix that understands the unique context of your code, even across complex enterprise applications. Q: What makes Qwiet AI different from other AppSec solutions? A: Qwiet AI stands out through its agentic AI approach, which enables autonomous vulnerability detection and remediation. The platform's Code Property Graph technology allows for deeper code analysis and more accurate vulnerability detection, resulting in dramatically fewer false positives than traditional tools. This advanced technology enables the platform to understand code relationships and context at a deeper level, leading to precise vuln detection and contextually appropriate fixes. Q: What security capabilities does the platform include? A: The platform provides comprehensive security coverage including: - Static Application Security Testing (SAST) using a patented CPG-based approach, for vuln detection that is objectively the fastest and most accurate available per the OWASP benchmark - Software Composition Analysis (SCA) for third-party dependency scanning and vulnerability detection in open source components - Automated SBOM generation for supply chain transparency and compliance requirements - Advanced secrets detection to prevent credential exposure and secure sensitive information - Container security analysis built in - AI-powered AutoFix for automated vulnerability remediation with contextually aware patches, powered by the CPG and a custom AI/ML engine with its own LLM - Custom rule creation capabilities for organization-specific security requirements Q: How does Qwiet AI improve development workflows? A: Qwiet AI integrates seamlessly into existing CI/CD pipelines and developer workflows. The platform's speed (up to 40x faster than traditional scanners) and accuracy mean developers spend less time investigating false positives and more time coding. The AutoFix capability helps developers resolve issues quickly with AI-generated patches that are contextually aware and tailored to your codebase. Additionally, the platform provides IDE integrations and pull request analysis to catch vulnerabilities early in the development process. Q: What do customers think? A: Qwiet AI provides enterprise-grade support with dedicated customer success representatives and technical account managers. The platform consistently receives high marks for customer support, with a 97% "would recommend" rate in Gartner's Voice of the Customer. Customers receive comprehensive onboarding assistance, ongoing technical support, and regular check-ins to ensure successful implementation and adoption. Q: How can I get started with Qwiet AI? A: Qwiet AI offers self-service access, self-guided demos, and AE-guided demos, depending on your needs. You can request a personalized demo through the company website at qwiet.ai to see how the platform addresses their specific security challenges. You can also sign up for self-service access through the web site, or access documentation and integration guides there. **Average Rating:** 4.8/5.0 **Total Reviews:** 3 **How Do G2 Users Rate Qwiet AI?** - **Test Automation:** 10.0/10 (Category avg: 8.6/10) - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.1/10) - **Quality of Support:** 10.0/10 (Category avg: 9.2/10) - **Black-Box Scanning:** 10.0/10 (Category avg: 8.2/10) **Who Is the Company Behind Qwiet AI?** - **Seller:** [Qwiet AI](https://www.g2.com/sellers/qwiet-ai) - **HQ Location:** San Jose, California, United States - **Twitter:** @ShiftLeftInc (1,167 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/qwiet (45 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 67% Enterprise, 33% Small-Business #### What Are Qwiet AI's Pros and Cons? **Pros:** - Collaboration (1 reviews) - Customer Support (1 reviews) - Easy Integrations (1 reviews) - Integration Support (1 reviews) - Team Collaboration (1 reviews) **Cons:** - Command Line Difficulty (1 reviews) - Limited Customization (1 reviews) - Limited Features (1 reviews) - UX Improvement (1 reviews) ### 24. [AquilaX AI](https://www.g2.com/products/aquilax-ai/reviews) What is AquilaX? AquilaX is an AI-powered application security platform built for DevSecOps teams. It automatically scans your codebase for vulnerabilities across multiple security domains—all in parallel. What it does: AquilaX runs 32 security scanners simultaneously, covering: SAST (static code analysis) SCA (dependency/CVE checking) DAST (dynamic runtime testing) Secrets detection (leaked credentials) PII exposure Container & IaC security API security & malware scanning Key differentiator: Their Securitron AI engine claims to eliminate ~93% of false positives by learning your codebase's patterns. It also auto-generates fix patches that can be applied as one-click pull requests. Speed: Full scans complete in under 60 seconds. Integrations: Works with GitHub, GitLab, BitBucket, Jenkins, Azure DevOps, and supports 17+ programming languages. Pricing: Free — Secrets, PII, compliance scanning (unlimited) Premium ($19/mo) — Adds SAST, SCA, DAST, container, IaC Ultimate ($99/mo) — Full suite with AI remediation & on-prem option Team: Founded by security veterans from Goldman Sachs and Revolut; backed by NVIDIA Inception and Microsoft for Startups. **Average Rating:** 5.0/5.0 **Total Reviews:** 2 **How Do G2 Users Rate AquilaX AI?** - **Quality of Support:** 10.0/10 (Category avg: 9.2/10) **Who Is the Company Behind AquilaX AI?** - **Seller:** [AquilaX](https://www.g2.com/sellers/aquilax) - **Year Founded:** 2023 - **HQ Location:** London, GB - **LinkedIn® Page:** https://www.linkedin.com/company/aquilax-ai/ (9 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 100% Small-Business ### 25. [bugScout](https://www.g2.com/products/bugscout/reviews) Platform for detecting security vulnerabilities in applications by analyzing the source code. bugScout® is the most complete and versatile SAST platform on the market for detecting application security vulnerabilities through source code analysis. Designed by ethical hackers and reputable security auditors, bugScout® follows international security rules and standards and is at the forefront of cybercrime techniques to keep customer applications safe and secure. It is multiplatform, offered On-Premise or Cloud, and made available in SaaS mode. The internationality of bugScout® allows you to work in 3 languages, easily selectable in the settings of the platform itself. bugScout® has the ability to perform complete application audits and, at the same time, integrate seamlessly into the DevOps lifecycle, facilitating continuous analysis of the source code, without any interference in the application development processes. The excellent results of bugScout® are the result of the development for the different programming languages, which allow to track all possible execution flows of the applications to be audited and cover each and every one of the execution paths, detecting security vulnerabilities and quality errors. bugScout® provides complete reports and reports of your activity, fully customizable through various filters, depending on the recipient and the information you want to view. The different formats of reports and reports allow to obtain final reports and exportable files to other management platforms, for integration in the Customer Information Systems. **Average Rating:** 3.5/5.0 **Total Reviews:** 2 **How Do G2 Users Rate bugScout?** - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.1/10) - **Quality of Support:** 9.2/10 (Category avg: 9.2/10) **Who Is the Company Behind bugScout?** - **Seller:** [NalbaTech](https://www.g2.com/sellers/nalbatech) - **Year Founded:** 2010 - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/bugscout-international (2 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 50% Enterprise, 50% Mid-Market ## What Is Static Application Security Testing (SAST) Software? [DevSecOps Software](https://www.g2.com/categories/devsecops) ## What Software Categories Are Similar to Static Application Security Testing (SAST) Software? - [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis) - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner) - [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) - [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) - [Secure Code Review Software](https://www.g2.com/categories/secure-code-review) - [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast) - [Software Supply Chain Security Solutions](https://www.g2.com/categories/software-supply-chain-security-tools)