15 years helping New Zealand businesses
choose better software

Static Application Security Testing (SAST) Software

Static Application Security Testing (SAST) automatically scans coding environments for security vulnerabilities during the application development process.

OX Security provides full visibility and end-to-end traceability over your entire software supply chain from code to cloud. Learn more about OX Security
OX Security provides full visibility and end-to-end traceability over your software supply chain, from code to cloud. OX helps minimize the attack surface by automatically blocking vulnerabilities introduced into your pipeline early in the SDLC, enabling DevSecOps to remediate risks based on contextualized prioritization - from a single pane of glass. Learn more about OX Security

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
GitLab DevSecOps is trusted by enterprises and loved by developers. Start your free trial. Learn more about GitLab
GitLab empowers your teams to balance speed and security by automating software delivery and securing your end-to-end software supply chain. Learn more about GitLab

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Find vulnerabilities in custom code using static analysis. Prevent new vulnerabilities from being introduced by scanning every PR.
Find vulnerabilities in custom code using static analysis. Prevent new vulnerabilities from being introduced by scanning every pull request. We have security tools for every level of user - Dependency Graph is a map of the code libraries and repos your project relies on. Dependabot alerts you when these libraries were updated. These are available to every user. When you use GitHub Enterprise, you can add Token, Secret and Code Scanning to your repos for automatic security updates. Learn more about GitHub

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
SonarQube helps developers control code security by detecting Vulnerabilities and Security Hotspots early in the workflow.
SonarQube enables your team to systematically deliver code that meets high-quality standards, for every project, at every step of the workflow. Covering over 30 programming languages, while pairing up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues, and for teams overall to deliver better and safer software. Learn more about SonarQube

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.
Dynatrace is an application performance and lifecycle management solution designed to help retail businesses, financial markets, transportation companies, emergency services, and government bodies monitor and analyze the performance of applications on a unified dashboard. Key features of the platform include anomaly detection, root cause determination, network process monitoring, log entry analysis, cross-team collaboration, AI-assistance, and more among others. Learn more about Dynatrace

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
DevSecOps platform with SAST and SCA, IDE integration and distributed analysis to shield your applications from external threats
Manage your application's vulnerabilities with Static Application Security Testing (SAST) and Software Composition Analysis (SCA) by Kiuwan. It's easy to set up and use. Scan your code locally, then share results in the cloud. Tailored reports with industry standard security ratings help you make informed decisions, reduce technical debt, and mitigate risk. Kiuwan provides comprehensive language coverage, integrates with leading IDEs, and fits seamlessly into your CI/CD/DevSecOps process. Learn more about Kiuwan

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
All-in-one security solution that scans your website, detects vulnerabilities and offers remediation, in three steps: Find-Fix-Prevent.
Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly in Learn more about Acunetix

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Cloud-based solution that enables businesses to detect & prevent cyber threats with website scanning, malware removal and more.
SiteLock, the global leader in website security solutions, is the only provider to offer complete, cloud-based website protection. Its 360-degree monitoring detects and fixes threats, prevents future attacks, accelerates website performance, and meets PCI compliance standards for businesses of all sizes. Founded in 2008, the company protects over 12 million websites worldwide. Learn more about SiteLock

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Artifactory- the world's only universal artifact repository manager supporting all major packaging formats, CI servers and build tools.
The core of the JFrog DevOps Platform, Artifactory provides a single source of truth for binaries, dependencies and build artifacts for release management. It’s a universal binary repository manager, supporting 30+ build packages, artifacts, and their corresponding metadata. DevOps teams can standardize on build bill-of-materials across the Dev, Test, Stage, and Prod steps for both continuous integration (CI) and continuous delivery (CD). Artifactory integrates with your preferred DevOps tools. Learn more about Artifactory

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Invicti, formerly Netsparker, is a comprehensive automated web vulnerability scanning solution.
Invicti, formerly Netsparker, is an automated application security testing tool that makes it possible for enterprise organizations to secure thousands of websites and dramatically reduce the risk of attack. By empowering security teams with the most unique DAST + IAST scanning capabilities on the market, Invicti allows organizations with complicated environments to automate their web security with confidence. Learn more about Invicti

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Snyk's Developer Security Platform puts security expertise in the toolbox of every developer.
Snyk is the leader in developer security. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST. Learn more about Snyk

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
CodeScan offers static code analysis and automated scans of Salesforce rules to strengthen code quality and data security.
CodeScan increases Salesforce code quality and reduces vulnerabilities through two automated modules. CodeScan is a static code analysis tool that alerts Salesforce developers the moment an error is introduced to the code repository. OrgScan provides automated scans of Salesforce rules and policies that verify adherence to essential considerations and processes. The result is strengthened data security, streamlined DevSecOps processes, and an assurance of meeting compliance standards. Learn more about CodeScan

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
BuildPiper: The Most Powerful Microservice Delivery Platform
BuildPiper is an end-to-end Kubernetes & Microservices Application Delivery Platform that enables dockerized code to be deployed across environments and enables seamless management of Production operations with all the required observability, security, and compliance baked in. The goal is to simplify and accelerate the 'microservices’ application journey for any organization & make it hugely rewarding. Learn more about BuildPiper

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
CodeScene is a code analysis, visualization, and reporting tool. Reduce technical debt and deliver better code quality.
CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality. We enable software development teams to make confident, data-driven decisions that fuel performance and developer productivity. Supporting 28+ programming languages, CodeScene also offers an automated integration with GitHub, BitBucket, Azure DevOps or GitLab pull requests to incorporate the analysis results into existing delivery workflows. Get early warnings and recommendations about complex code before merging it to the main branch, set quality gates to trigger in case your code health declines. Learn more about CodeScene

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
The all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software.
DeepSource is an all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle. Developers and security engineers are empowered to discover and fix maintainability and security issues in the codebase during the earliest stages of software development. Organizations enable velocity without risking technical debt. Learn more about DeepSource

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Klocwork is a static code analysis tool that identifies issues to enforce standards compliance for multiple programming languages.
Klocwork is a static code analysis tool for C/C++, C#, Python, Kotlin, JavaScript, and Java. It identifies software security, quality, and reliability issues through static analysis to help enforce compliance with standards. Klocwork integrates with developer tools and provides enterprise-wide capabilities for control, collaboration, and reporting. Learn more about Klocwork

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Checkmarx is a provider of state-of-the-art web application security solution: static code analysis software.
Checkmarx is a provider of state-of-the-art web application security solution: static code analysis software, seamlessly integrated into development process. Checkmarx can be integrated at every step of the SDLC, which leads to less vulnerabilities, reduced fixes to older code, lower costs and, most importantly, far more secure applications. Allows to achieve PCI DSS Compliance. Free Demo available on web site. Learn more about CxSAST

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
SonarCloud is a cloud based (SaaS) static code analysis solution that can be used by dev teams to ensure code quality and security.
SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and is offered as a paid subscription for private projects, priced per lines of code. Learn more about SonarCloud

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
SonarLint is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time.
SonarLint, a core component of the Sonar solution, is a free and open-source IDE plugin, that is a developer's first line of defense to find and fix coding issues in real time. SonarLint resolves issues in code and provides rich contextual guidance to help developers improve their skills while enhancing their productivity. Supporting over 25 languages and the most popular IDEs, SonarLint leverages over 5,000 language-specific Clean Code rules to instantly highlight common coding issues that may lead to, bugs, and vulnerabilities. Learn more about SonarLint

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Manage Open Source supply chain threats intelligently with Bytesafe's cloud-native security platform.
Bytesafe allows enterprises to increase their software supply chain security posture with automated best practices - and a unified workflow for security and developer teams. The Dependency Firewall enables enterprises to enforce open source usage policies and avoid threats by effectively blocking open source vulnerabilities and non-compliant licenses. Learn more about Bytesafe

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
A SAST solution designed to help businesses manage risks across the application portfolio and address quality defects in the SDLC.
Coverity is an intelligent, highly scalable static analysis (SAST) solution that helps developers find and fix critical security and quality issues as they code with help from the CodeSight IDE plug-in. Coverity works with 22 different languages and integrates into your CI/CD pipeline, allowing teams to address security and quality defects early in the SDLC. Coverity provides detailed reporting and issue management dashboards, which helps ensure compliance with security and coding standards. Learn more about Coverity

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Static Application Security Testing platform that empowers developers to create secure applications by providing continuous security.
GuardRails provides the perfect customizable SAST security solution for organizations that need a flexible approach to their internal process. With thousands of possible coding vulnerabilities, you can stay ahead of threats and weaknesses in your organizations software by tracking which ones matter the most and need the most prior attention! Learn more about GuardRails

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Get your web app secured. See all your code & cloud security issues in one dashboard. We combine SAST, DAST, IAC, SCA, CSPM and more.
Aikido Security is a developer-first software security app. We scan your source code & cloud to show you which vulnerabilities are actually important to solve. We speed up triaging by massively reducing false-positives and making CVEs human-readable. Aikido makes it simple to keep your product secure and gives you back time to do what you do best: writing code. We combine scanning capabilities like SAST, IaC, DAST, Container Scanning, SCA, CSPM & Secrets Detection, all in one tool. Learn more about Aikido Security

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Pair Sonatype Lift with your favorite SAST tool to find and fix performance, reliability, and style issues deep in your code.
Sonatype's Nexus Platform scales open source security monitoring across the software supply chain and reclaims time spent fighting risks in the software development life cycle. Software developers, application security professionals, and DevSecOps experts are empowered with the highest quality Nexus vulnerability intelligence to drive faster releases, decrease false positives, and deliver in-depth, developer remediation guidance. Learn more about Nexus Lifecycle

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Apiiro helps organizations secure their Software Development Lifecycle (SDLC).
Apiiro performs deep code risk assessment across all source control systems and CI/CD pipelines and uses context across multiple data sources to remediate critical risks such as design flaws, misconfigurations, vulnerabilities, drifts & supply chain attacks before production. Learn more about Apiiro

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API