# Best Static Application Security Testing (SAST) Software - Page 2 Researched and written by [Lauren Worth](https://research.g2.com/insights/author/lauren-worth) Static application security testing (SAST) software inspects and analyzes an application’s code to discover security vulnerabilities without actually executing code. These tools are frequently used by companies with [continuous delivery](https://www.g2.com/categories/continuous-delivery) practices to identify flaws prior to deployment. SAST tools provide vulnerability information and remediation suggestions for development teams to resolve. There is relation and overlap between SAST tools and [static code analysis](https://www.g2.com/categories/static-code-analysis) software, but SAST products are more focused on security testing. Static code analysis products, on the other hand, combine a number of analytical practices, test management, and team collaboration features. [SAST vs DAST](https://research.g2.com/blog/sast-vs-dast) — Learn the difference To qualify for inclusion in the Static Application Security Testing (SAST) category, a product must: - Test applications to identify vulnerabilities - Not execute code during testing, or have the ability to run static tests - Provide information on relative vulnerabilities and exploits ## How Many Static Application Security Testing (SAST) Software Products Does G2 Track? **Total Products under this Category:** 111 ### Category Stats (Jun 2026) - **Average Rating:** 4.54/5 (↑0.01 vs May 2026) The average rating of products in this category, based on all submitted ratings - **Top Trending Product:** Veracode Application Security Platform (+0.74%) - Among all products in this category, Veracode Application Security Platform recorded the largest rating increase compared to last month _Last updated: June 18, 2026_ ## How Does G2 Rank Static Application Security Testing (SAST) Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 5,200+ Authentic Reviews - 111+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Static Application Security Testing (SAST) Software At A Glance **Leader:** [GitHub](https://www.g2.com/products/github/reviews) **Highest Performer:** [DryRun Security](https://www.g2.com/products/dryrun-security/reviews) **Easiest to Use:** [GitGuardian](https://www.g2.com/products/gitguardian/reviews) **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) **Best Free Software:** [GitHub](https://www.g2.com/products/github/reviews) ### [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) [By VERACODE](https://www.g2.com/sellers/veracode) [ (26)3.8 out of 5 ](https://www.g2.com/products/veracode-application-security-platform/reviews#reviews "Read Veracode Application Security Platform Reviews") Product Description Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a **Industries:** Information Technology and Services · **Market Segment:** 69% Enterprise, 31% Mid-Market ProsSecurity, Vulnerability Detection, Automated Scanning, Detection, Ease of Use ConsExpensive, Lack of Information, Licensing Issues, Poor Customer Support, Pricing Issues Year Founded 2006 HQ Location Burlington, MA Company Website https://veracode.com Twitter @Veracode LinkedIn® Page https://www.linkedin.com/company/27845/ ### [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) [By Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92) [ (69)4.6 out of 5 ](https://www.g2.com/products/invicti-formerly-netsparker/reviews#reviews "Read Invicti (formerly Netsparker) Reviews") Product Description Invicti (formerly known as Netsparker) is an enterprise application and API security testing platform that helps organizations secure thousands of web applications and APIs at scale while dramatically **Industries:** Computer Software, Information Technology and Services · **Market Segment:** 46% Enterprise, 28% Mid-Market ProsEase of Use, Scanning Technology, Features, Reporting Quality, Vulnerability Detection ConsPoor Customer Support, Slow Performance, Slow Scanning, API Issues, Complex Setup Year Founded 2018 HQ Location Austin, Texas Company Website https://www.invicti.com/ Twitter @InvictiSecurity LinkedIn® Page https://www.linkedin.com/company/invicti-security/people/ [![G2 Advertising](/assets/my-g2-logo-41632af6f81a240a0a9886638f412b2ac9a29f4001534f8c83be89a58ef9d45d.svg "G2 Advertising")](https://sell.g2.com/case-studies/how-aisdr-uses-g2-ads-to-turn-g2-into-top-5-traffic-source) Sponsored G2 Advertising Get 2x conversion than Google Ads with G2 Advertising! G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments. [ Learn More ](https://sell.g2.com/case-studies/how-aisdr-uses-g2-ads-to-turn-g2-into-top-5-traffic-source) ### [NowSecure](https://www.g2.com/products/nowsecure/reviews) [By NowSecure](https://www.g2.com/sellers/nowsecure) [ (27)4.6 out of 5 ](https://www.g2.com/products/nowsecure/reviews#reviews "Read NowSecure Reviews") Product Description NowSecure Inc., based in Oak Park, Illinois, was formed in 2009 with a mission to advance mobile security worldwide. We help secure mobile devices, enterprises and mobile apps. **Market Segment:** 41% Mid-Market, 37% Enterprise Year Founded 2009 HQ Location Chicago, Illinois Company Website https://www.nowsecure.com Twitter @nowsecuremobile LinkedIn® Page https://www.linkedin.com/company/nowsecure ### [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews) [By HCL Technologies](https://www.g2.com/sellers/hcl-technologies) [ (76)4.1 out of 5 ](https://www.g2.com/products/hcl-appscan/reviews#reviews "Read HCL AppScan Reviews") Product Description HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint **Industries:** Information Technology and Services, Computer & Network Security · **Market Segment:** 54% Enterprise, 28% Small-Business Year Founded 1999 HQ Location Noida, Uttar Pradesh Company Website https://hcl-software.com/ Twitter @hcltech LinkedIn® Page https://www.linkedin.com/company/1756/ Ownership NSE - National Stock Exchange of India ### [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews) [By JFrog Ltd](https://www.g2.com/sellers/jfrog-ltd) [ (140)4.2 out of 5 ](https://www.g2.com/products/jfrog-2024-03-28/reviews#reviews "Read JFrog Reviews") Product Description JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps, DevGovOps and MLOps platform, is on a mission to create a world of software delivered without friction from development to pro **Users:** Software Engineer, DevOps Engineer · **Industries:** Information Technology and Services, Computer Software · **Market Segment:** 51% Enterprise, 31% Mid-Market ProsFeatures, Repository Management, Deployment, Integrations, Easy Integrations ConsComplexity, Expensive, Learning Curve, Difficult Learning, Learning Difficulty Year Founded 2008 HQ Location Sunnyvale, CA Company Website https://jfrog.com Twitter @jfrog LinkedIn® Page https://www.linkedin.com/company/jfrog-ltd/ Ownership NASDAQ: FROG ### [Codacy](https://www.g2.com/products/codacy/reviews) [By Codacy](https://www.g2.com/sellers/codacy) [ (29)4.6 out of 5 ](https://www.g2.com/products/codacy/reviews#reviews "Read Codacy Reviews") Product Description Codacy is the code quality and security platform for AI-assisted engineering teams. AI is now embedded through the engineering workflow, which has made teams faster, but also adds risk to everything **Industries:** Computer Software · **Market Segment:** 59% Small-Business, 24% Mid-Market ProsSecurity, Automation, Automation Testing, Code Quality, Customer Support ConsExpensive Year Founded 2012 HQ Location Lisbon, Lisboa Company Website https://www.codacy.com Twitter @codacy LinkedIn® Page https://www.linkedin.com/company/3310124/ ### [GuardRails](https://www.g2.com/products/guardrails-guardrails/reviews) [By GuardRails](https://www.g2.com/sellers/guardrails) [ (29)4.3 out of 5 ](https://www.g2.com/products/guardrails-guardrails/reviews#reviews "Read GuardRails Reviews") Product Description GuardRails is an end-to-end security platform that makes AppSec easier for both security and development teams. We scan, detect, and provide real-time guidance to fix vulnerabilities early. Trusted b **Industries:** Information Technology and Services, Financial Services · **Market Segment:** 52% Small-Business, 48% Mid-Market ProsSecurity, Vulnerability Detection, Ease of Use, Error Reduction, Threat Detection ConsMissing Features, Time Management, Bug Issues, Dashboard Issues, False Positives Year Founded 2017 HQ Location Singapore, Singapore Company Website https://www.guardrails.io Twitter @guardrailsio LinkedIn® Page https://www.linkedin.com/company/13599521 ### [ZeroPath](https://www.g2.com/products/zeropath/reviews) [By ZeroPath](https://www.g2.com/sellers/zeropath) [ (11)4.5 out of 5 ](https://www.g2.com/products/zeropath/reviews#reviews "Read ZeroPath Reviews") Product Description ZeroPath (YC S24) is the first AI-native application security platform that fundamentally reimagines how organizations find and fix vulnerabilities. Unlike deterministic SAST tools that bolt AI onto l **Market Segment:** 36% Small-Business, 27% Mid-Market ProsAccuracy, Accuracy of Findings, Security, Vulnerability Detection, Vulnerability Identification ConsBug Issues, Bugs, Software Bugs, Cost Issues, Dashboard Issues Year Founded 2024 HQ Location San Francisco, US Company Website https://zeropath.com LinkedIn® Page https://www.linkedin.com/company/zeropathai/ ### [Appknox](https://www.g2.com/products/appknox/reviews) [By Appknox](https://www.g2.com/sellers/appknox) [ (43)4.5 out of 5 ](https://www.g2.com/products/appknox/reviews#reviews "Read Appknox Reviews") Product Description Appknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite. We have been successfully reducing **Industries:** Information Technology and Services, Financial Services · **Market Segment:** 40% Small-Business, 37% Mid-Market Year Founded 2014 HQ Location Singapore, Singapore Company Website https://appknox.com Twitter @appknox LinkedIn® Page https://www.linkedin.com/company/3771872/ ### [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews) [By Contrast Security](https://www.g2.com/sellers/contrast-security) [ (49)4.5 out of 5 ](https://www.g2.com/products/contrast-security-contrast-security/reviews#reviews "Read Contrast Security Reviews") Product Description Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented thr **Industries:** Insurance, Information Technology and Services · **Market Segment:** 67% Enterprise, 20% Mid-Market ProsAccuracy of Findings, Accuracy of Results, Vulnerability Detection, Automated Scanning, Automation ConsComplex Setup, Difficult Setup, Performance Issues, Problematic Updates, Setup Complexity Year Founded 2014 HQ Location Pleasanton, CA Company Website https://contrastsecurity.com Twitter @contrastsec LinkedIn® Page https://www.linkedin.com/company/contrast-security/ ### [Rainforest Application](https://www.g2.com/products/rainforest-technologies-rainforest-application/reviews) [By Rainforest Technologies](https://www.g2.com/sellers/rainforest-technologies) [ (12)4.9 out of 5 ](https://www.g2.com/products/rainforest-technologies-rainforest-application/reviews#reviews "Read Rainforest Application Reviews") Product Description Rainforest is the all-in-one cyber security platform with an end-to-end approach to simplify corporate reputation protection by using multiple intelligences and proactive observability, adding Applica **Market Segment:** 42% Mid-Market, 42% Small-Business HQ Location Wilmington, Delaware Company Website https://rainforest.tech LinkedIn® Page https://www.linkedin.com/company/80967943 ### [CodeScan](https://www.g2.com/products/codescan/reviews) [By AutoRABIT](https://www.g2.com/sellers/autorabit) [ (34)4.6 out of 5 ](https://www.g2.com/products/codescan/reviews#reviews "Read CodeScan Reviews") Product Description CodeScan Shield addresses code quality, security, and compliance liabilities with two automated modules: CodeScan and OrgScan. CodeScan provides static code analysis for total visibility into code h **Industries:** Information Technology and Services, Computer Software · **Market Segment:** 44% Enterprise, 38% Mid-Market Year Founded 2015 HQ Location San Francisco, US Company Website https://www.autorabit.com/ Twitter @autorabit LinkedIn® Page https://www.linkedin.com/company/6592119/ ### [Klocwork](https://www.g2.com/products/klocwork/reviews) [By Perforce](https://www.g2.com/sellers/perforce) [ (23)4.4 out of 5 ](https://www.g2.com/products/klocwork/reviews#reviews "Read Klocwork Reviews") Product Description Perforce Klocwork is an enterprise grade SAST solution for C, C++, C#, Rust (support coming March 2026), Java, JavaScript, Python, and Kotlin. It helps development teams detect security vulnerabilitie **Industries:** Information Technology and Services · **Market Segment:** 48% Mid-Market, 35% Small-Business Year Founded 1995 HQ Location Minneapolis, MN Company Website https://www.perforce.com/ Twitter @perforce LinkedIn® Page https://www.linkedin.com/company/perforce/ ### [Mend.io](https://www.g2.com/products/mend-io/reviews) [By Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b) [ (113)4.3 out of 5 ](https://www.g2.com/products/mend-io/reviews#reviews "Read Mend.io Reviews") Product Description Modern risk doesn't live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From disc **Users:** Software Engineer · **Industries:** Computer Software, Information Technology and Services · **Market Segment:** 38% Small-Business, 35% Mid-Market ProsScanning Efficiency, Ease of Use, Easy Integrations, Scanning Technology, Vulnerability Detection ConsIntegration Issues, Limited Features, Missing Features, Complex Implementation, Confusing Interface Year Founded 2011 HQ Location Boston, Massachusetts Company Website https://mend.io Twitter @Mend\_io LinkedIn® Page https://www.linkedin.com/company/2440656/ ### [DeepSource](https://www.g2.com/products/deepsource/reviews) [By DeepSource](https://www.g2.com/sellers/deepsource) [ (22)4.6 out of 5 ](https://www.g2.com/products/deepsource/reviews#reviews "Read DeepSource Reviews") Product Description DeepSource is an all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software while elevating the velocity of their software developmen **Industries:** Computer Software · **Market Segment:** 82% Small-Business, 9% Enterprise Year Founded 2018 HQ Location San Francisco, California Company Website https://deepsource.com LinkedIn® Page https://www.linkedin.com/company/deepsourcelabs/ Spotlight Categories [Customer Service Automation Software](https://www.g2.com/categories/customer-service-automation) [Low-Code Development Platforms](https://www.g2.com/categories/low-code-development-platforms) [Enterprise Risk Management (ERM) Software](https://www.g2.com/categories/enterprise-risk-management-erm) [Generative AI Infrastructure Software](https://www.g2.com/categories/generative-ai-infrastructure) [E-Signature Software](https://www.g2.com/categories/e-signature) Similar Categories - [Static Code Analysis](/categories/static-code-analysis) - [Container Security](/categories/container-security-tools) - [Dynamic Application Security Testing (DAST)](/categories/dynamic-application-security-testing-dast) - [Interactive Application Security Testing (IAST)](/categories/interactive-application-security-testing-iast) - [Log Analysis](/categories/log-analysis) - [Penetration Testing](/categories/penetration-testing-tools) - [Secure Code Review](/categories/secure-code-review) - [Software Bill of Materials (SBOM)](/categories/software-bill-of-materials-sbom) - [Software Composition Analysis](/categories/software-composition-analysis) - [Vulnerability Scanner](/categories/vulnerability-scanner) - [Web Application Firewall (WAF)](/categories/web-application-firewall-waf) [Browse Static Application Security Testing (SAST) Themes](/categories/static-application-security-testing-sast/themes)