Static Application Security Testing (SAST) Tools Overview
Application Security Testing is a key element of ensuring that web applications remain secure. Various tools and managed services exist to provide continuous testing, besides application security platforms that include app testing as part of their functionality. Static Application Security Tests (SAST) examine applications while they are not running, searching source code for errors and security vulnerabilities.
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process co…
SonarQube (formerly Sonar) is an open source application security solution.
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, C…
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
Micro Focus Fortify on Demand (formerly HP Fortify on Demand) is an application security and testing platform acquired by Micro Focus from Hewlett-Packard Enterprise. The security as a service supplies dynamic (DAST) and static (SAST) application testing, as well as source code analysis powered by S…
Parasoft's Development Testing Solutions (formerly represented as the DTP platform) includes static code analyses solutions for C/C++, Java, and .NET, as well as security oriented testing solutions (SAST).
Static application security testing (SAST) used to be divorced from Code quality reviews, resulting in limited impact and value. So Beyond Security offers beSOURCE, which they state addresses the code security quality of applications and thus integrates SecOps into DevOps.
Synopsys offers the Coverity static application security testing (SAST) solution, to help users build software that’s more secure, higher-quality, and compliant with standards.
CodePatrol from Claranet headquartered in London performs SAST scans on project source code to identify security flaws early. The solution is powered by Claranet and Checkmarx.
Reshift is a lightweight source code security solution designed to automate the detection of over 100 classes of vulnerabilities in source code, as well as automate vulnerability remediation to save developers time and putting security on autopilot.
Brakeman is a free static analysis security tool for Ruby on Rails, boasting zero-setup security scans for Rails applications based on source code analysis.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code …
Micro Focus offers the Fortify Static Code Analyzer, providing a SAST solution designed to allow developers to find and fix security defects in real-time during the coding process, with integrations to IDEs.