Static Application Security Testing Tools
Static Application Security Testing (SAST) tools for static code analysis that detect security vulnerabilities and coding flaws in source code during development.
Browse 161 static application security testing tools
FEATURED
USE CASES
App security testing platform with SAST, SCA, secrets detection, and IaC scanning
Smart contract security audit service for DeFi blockchain platforms
Unified engine correlating static & runtime analysis for app security
AI-powered code cleanup tool that automatically fixes security and quality issues
Scans code repositories and runtime environments for exposed secrets and credentials
SAST tool for identifying security vulnerabilities in source code
Code security platform with SAST, SCA, IAST, and IaC security capabilities
SAST tool that identifies security and quality issues in source code
AI-powered code review tool providing automated PR feedback and quality analysis
Scans code for exposed API keys, credentials, and tokens in repos and CI/CD.
IaC scanner for Terraform, CloudFormation, and Helm misconfigurations
IaC security scanner detecting vulnerabilities and misconfigurations in templates
Detects hardcoded secrets in code repos, commits, and containers
AI-powered AppSec platform with agentic agents for vulnerability prevention & fix
SAST tool that scans code for vulnerabilities in 30+ languages with CI/CD integration
Detects and prevents secrets leakage across the software development lifecycle
SAST tool that detects vulnerabilities and malicious code in custom source code
AI-powered reverse engineering tool for analyzing compiled binaries
IDE plugin for SAST and SCA scanning with real-time vulnerability detection
AI-powered code analysis platform for security, quality, and developer insights
Automated app security testing platform for Salesforce and B2C Commerce
AI-native AppSec platform for code security analysis and vulnerability detection
An application security platform that combines multiple security scanners including SAST, SCA, container security, and compliance reporting with CI/CD integration capabilities.
DevSecOps platform for vulnerability detection and developer security training
Articles About Static Application Security Testing
Tool roundups, buying guides, and strategic analysis from the CybersecTools resource library.
Static Application Security Testing Tools FAQ
Common questions about Static Application Security Testing tools, selection guides, pricing, and comparisons.
Reduce false positives by: tuning rules to your technology stack and coding patterns, using incremental scanning (only scan changed code), establishing a baseline and triaging existing findings, integrating SAST results with IAST or DAST to validate findings at runtime, and configuring suppressions for known safe patterns specific to your codebase.
