Static Application Security Testing Tools
Static Application Security Testing (SAST) tools for static code analysis that detect security vulnerabilities and coding flaws in source code during development.
Browse 157 static application security testing tools
FEATURED
USE CASES
AI platform for automated code review, security risk detection across the SDLC.
AI-powered AppSec platform for code, supply chain, secrets & DAST.
Argus-SAF is a static analysis framework for security vetting Android applications.
A security feature to prevent unexpected manipulation of fetched resources.
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
A static analysis tool for Android apps that detects malware and other malicious code
Formal verification tools & services for C/Rust software security & safety.
Scans IaC templates for misconfigs and vulns before deployment.
SAST platform that runs scans and ingests SARIF results into a unified dashboard.
Open-source CLI tool for privacy code scanning and data flow analysis.
Automotive DevSecOps platform integrating TARA, SAST, SCA, and fuzz testing.
Static analysis tool enforcing OWASP Top 10 security rules for Rust code.
Automated C code analysis and repair tool benchmarked against NIST SAMATE.
IaC scanner detecting misconfigs, vulnerabilities & policy violations in templates.
Python3 code protection against reverse engineering via opcode obfuscation.
Exploit mitigation tool for C/C++ firmware on embedded systems.
Developer-first SAST tool for finding security & privacy vulns in code.
Static analysis tool for C/C++ and enterprise languages, now part of AdaCore
Hardware security verification platform for chip design lifecycle
Continuous secret scanning and leak detection tool with precommit checks
AI-driven automated vulnerability remediation for DevSecOps workflows
Detects exposed API keys and credentials across multiple cloud services
Credential verification service that validates leaked secrets for liveness
Analyzes leaked secrets to reveal ownership, access scope, and permissions
Static Application Security Testing Tools FAQ
Common questions about Static Application Security Testing tools, selection guides, pricing, and comparisons.
Reduce false positives by: tuning rules to your technology stack and coding patterns, using incremental scanning (only scan changed code), establishing a baseline and triaging existing findings, integrating SAST results with IAST or DAST to validate findings at runtime, and configuring suppressions for known safe patterns specific to your codebase.
