# Best tools for combining DAST with SAST - thoughts?

<p class="elv-tracking-normal elv-text-default elv-font-figtree elv-text-base elv-leading-base elv-font-normal" elv="true">Hey everyone,</p><p class="elv-tracking-normal elv-text-default elv-font-figtree elv-text-base elv-leading-base elv-font-normal" elv="true">I’ve been helping a few DevSecOps teams evaluate tools that <strong>combine DAST and SAST</strong> to cover both code-level and runtime vulnerabilities within one workflow. I pulled insights from G2’s <strong>Dynamic Application Security Testing (DAST)</strong> grid and cross-referenced them with platforms offering static code analysis to see which ones are best for integrated security testing.</p><p class="elv-tracking-normal elv-text-default elv-font-figtree elv-text-base elv-leading-base elv-font-normal" elv="true">Here are the top tools to look at: </p><ul>
<li>
<a class="a a--md" elv="true" href="https://www.g2.com/products/tenable-nessus/reviews"><strong>Tenable Nessus</strong></a><strong>:</strong> strong DAST foundation and integrates well with static analysis tools; ideal for teams building unified vulnerability workflows.</li>
<li>
<a class="a a--md" elv="true" href="https://www.g2.com/products/jit/reviews"><strong>Jit</strong></a><strong>:</strong> DevSecOps-first platform that combines continuous DAST with developer-centric SAST, giving a full picture of vulnerabilities across the SDLC.</li>
<li>
<a class="a a--md" elv="true" href="https://www.g2.com/products/aikido-security/reviews"><strong>Aikido Security</strong></a><strong>:</strong> newer but well-rated for blending SAST, SCA, and DAST into a single automated security workflow.</li>
<li>
<a class="a a--md" elv="true" href="https://www.g2.com/products/akto/reviews"><strong>Akto</strong></a><strong>:</strong> primarily API-focused, but integrates both DAST scanning and static rule checks for continuous validation.</li>
<li>
<a class="a a--md" elv="true" href="https://www.g2.com/products/astra-pentest/reviews"><strong>Astra Pentest</strong></a><strong>: </strong>supports both dynamic and static testing with automated scanning and manual validation options.</li>
</ul><p class="elv-tracking-normal elv-text-default elv-font-figtree elv-text-base elv-leading-base elv-font-normal" elv="true">I based this on <strong>G2 satisfaction and feature data</strong>, focusing on tools that bridge <strong>code security (SAST)</strong> and <strong>runtime security (DAST)</strong> for CI/CD environments.</p><p class="elv-tracking-normal elv-text-default elv-font-figtree elv-text-base elv-leading-base elv-font-normal" elv="true">Also hearing <strong>Checkmarx One</strong> and <strong>GitLab Ultimate</strong> mentioned frequently for combining static and dynamic testing — anyone here using those?</p>

##### Post Metadata
- Posted at: 7 months ago
- Author title: SaaS and Software Research
- Net upvotes: 1


## Comments
### Comment 1

&lt;p&gt;Which tools have actually helped your team run both DAST and SAST in one CI/CD pipeline without slowing development?&lt;/p&gt;

##### Comment Metadata
- Posted at: 7 months ago
- Author title: SaaS and Software Research





## Related discussions
- [How well does Trello scale into a larger team?](https://www.g2.com/discussions/1-how-well-does-trello-scale-into-a-larger-team)
  - Posted at: almost 13 years ago
  - Comments: 6
- [Can we please add a new section](https://www.g2.com/discussions/2-can-we-please-add-a-new-section)
  - Posted at: almost 13 years ago
  - Comments: 0
- [Quantifiable benefits from implementing your CRM](https://www.g2.com/discussions/quantifiable-benefits-from-implementing-your-crm)
  - Posted at: almost 13 years ago
  - Comments: 4