Static Application Security Testing (SAST) (Source Code Analysis) Tools

  • Fortify Static Code Analyzer - Build secure software, find security issues and fix at the speed of DevOps
  • Reshift helps gain security discipline cumulatively, while moderating security and the speed of software development
  • Checkmarx for ensuring applications are not leaking sensitive details and are processing untrusted input correctly
  • Veracode offers a holistic, scalable way to manage security risk across entire application portfolio
  • Rapid - Web Application Security Testing Products
  • Coverity Scan - Find and fix defects in your Java, C/C++, C#, JavaScript, Ruby, or Python
  • Sentinel Source - High-speed and Accurate Static Application Security Testing
  • Kiuwan - Scan source code for vulnerabilities and get results instantly
  • Brakeman - Ruby on Rails Static Analysis Security Tool
  • CAST - Automated production of actionable insights into the structural condition of software
  • SonarQube empowers all developers to write cleaner and safer code
  • HCL AppScan - Fast, Accurate, Agile Security Testing
  • ThunderScan Application Security
  • ShiftLeft - Nextgen Code Analysis to Secure Every Pull Request
  • beSOURCE - Static Code Security Analysis
  • CodePatrol performs powerful SAST scans on project source code and identifies security flaws
  • Parasoft - Automated software testing tool for prevention, detection & remediation of defects
  • JSHint, a tool that helps to detect errors and potential problems in JavaScript code
  • Burp Suite - a widely adopted software solution for web security testing
  • nodejsscan - Static security code scanner (SAST) for Node.js applications
  • Solar appScreener - Detect vulnerabilities and backdoors both in binary and source code. Get a fully customized security threat report in just a few clicks
  • AttackFlow provides just-in-time, flow-sensitive and precise static source code scanning solutions which find security vulnerabilities in your code.