1. Fortify Static Code Analyzer Build secure software and find security issues at the speed of DevOps — with deep taint analysis covering the widest range of languages and frameworks in the industry.
2. Reshift Helps teams gain security discipline cumulatively while moderating the balance between security rigour and the speed of software development in CI/CD pipelines.
3. Checkmarx Ensures applications are not leaking sensitive details and are processing untrusted input correctly — with comprehensive SAST, SCA, and IAST capabilities in one platform.
4. Veracode Offers a holistic, scalable way to manage security risk across an entire application portfolio — with policy-driven scanning integrated into the developer workflow.
5. Rapid7 Web Application Security Testing products spanning DAST, vulnerability management, and cloud risk — helping teams detect, prioritize, and respond to application threats.
6. Coverity Scan Find and fix defects in Java, C/C++, C#, JavaScript, Ruby, or Python — with Synopsys's industry-standard static analysis engine trusted by thousands of open source projects.
7. Sentinel Source (WhiteHat Security) High-speed and accurate Static Application Security Testing that continuously analyses source code to identify exploitable vulnerabilities throughout the SDLC.
8. Kiuwan Scans source code for vulnerabilities and delivers results instantly — covering OWASP Top 10, CWE/SANS, and custom rule sets across 30+ programming languages.
9. Brakeman A Ruby on Rails Static Analysis Security Tool that scans source code at any stage of development and reports security warnings without requiring a running application.
10. CAST Automates the production of actionable insights into the structural condition of software — measuring software health, technical debt, and architecture risk at scale.
11. SonarQube Empowers all developers to write cleaner and safer code — with continuous inspection of code quality and security across branches and pull requests in your pipeline.
12. HCL AppScan Fast, accurate, and agile security testing for web, mobile, and open source — enabling DevSecOps teams to shift security left and reduce remediation costs.
13. ThunderScan Performs deep SAST scans on application source code to detect security vulnerabilities, coding errors, and compliance issues — supporting a broad range of languages.
14. ShiftLeft Next-generation code analysis that secures every pull request — using code property graphs to detect vulnerabilities with precision and near-zero false positives.
15. beSOURCE (Beyond Security) Static Code Security Analysis that automatically identifies security vulnerabilities in source code — with broad language support and clear remediation guidance.
16. CodePatrol (Claranet) Performs powerful SAST scans on project source code and identifies security flaws — delivering actionable, prioritized vulnerability reports for development teams.
17. Parasoft Automated software testing tool for prevention, detection, and remediation of defects — with SAST, unit testing, and compliance reporting for safety-critical industries.
18. JSHint A tool that helps detect errors and potential problems in JavaScript code — providing configurable linting rules to enforce coding standards and catch common bugs early.
19. Burp Suite (PortSwigger) A widely adopted software solution for web security testing — combining manual and automated DAST capabilities trusted by security professionals worldwide.
20. nodejsscan A Static Security Code Scanner (SAST) for Node.js applications — detecting security misconfigurations and vulnerabilities in server-side JavaScript codebases.
21. Solar appScreener Detects vulnerabilities and backdoors in both binary and source code — delivering a fully customised security threat report in just a few clicks.
22. AttackFlow Provides just-in-time, flow-sensitive, and precise static source code scanning solutions that find security vulnerabilities by tracing attacker-controlled data flows through code.