Learn why Software Advice is free

Static Application Security Testing (SAST) Software

Acunetix (by Invicti) is a cloud-based digital security solution that assist security analysts with data protection, manual testing and compliance reporting. It is primarily designed to scan websites and identify vulnerabilities... Learn more

GitLab is a cloud-based project management platform that allows software developers to develop and manage codes collaboratively. The platform can be deployed either on-premise or in the cloud. GitLab helps developers manage the... Learn more

Kiuwan is a powerful, end-to-end application security platform designed to identify and remediate vulnerabilities within source code throughout the software development lifecycle (SDLC). Supporting 30+ programming languages... Learn more

Invicti, formerly Netsparker, is a cloud-based and on-premise solution designed to help businesses manage the entire application security lifecycle through automated vulnerability assessments. Key features include maintenance... Learn more

GitHub is a project management and code sharing platform that allows users to share their codes with others and create/iterate using collective intelligence. The software can be used for different kinds of coding assignments... Learn more

SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline,... Learn more

Dynatrace is an AIOps solution designed to help businesses automate multi-cloud processes and streamline collaboration across multiple teams through purpose-built use cases. Its filtering capabilities enable supervisors to search... Learn more

SiteLock is a cloud-based security platform, which helps accelerate website performance, conversions and protects the online business against hackers. Designed for all industries, the platform provides solutions for vulnerability... Learn more

Snyk is an application security and testing platform designed to help businesses find, prioritize and remediate vulnerabilities across open source libraries, codes and containers. The platform enables developers to scan and... Learn more

Sigrid is a data-driven intelligence platform that helps users analyze and manage applications' source code. By using advanced analysis techniques, it provides users with objective insights into the software's technical and... Learn more

AutoRABIT is the only complete DevSecOps platform for Salesforce developers. Incorporate static code analysis, data security, and CI/CD capabilities to increase the security, release velocity, and quality of your Salesforce code... Learn more

BuildPiper is a microservices and Kubernetes delivery platform. It helps businesses with the entire software delivery process, starting right from the developer's workstation to the final product release. With BuildPiper,... Learn more

CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and... Learn more

DeepSource is the code health solution, providing organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle. Most organizations use many... Learn more

Klocwork is a web-based static application security testing (SAST software designed to help businesses identify and fix software security issues in compliance with security standards such as OWASP, CWE, PCI DSS, CERT and ISO/IEC... Learn more

SonarLint, a core component of the Sonar solution, is a free and open-source IDE plugin, that is a developer's first line of defense to find and fix coding issues in real time. SonarLint resolves issues in code and provides rich... Learn more

SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as... Learn more

Bytesafe is a cloud-native security platform reduces risk and protects revenue - without slowing down developers. In today’s insecure world, security attacks are increasingly targeting the software supply chain and simply... Learn more

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security... Learn more