Static Application Security Testing Tools
Static Application Security Testing (SAST) tools for static code analysis that detect security vulnerabilities and coding flaws in source code during development.
Browse 161 static application security testing tools
FEATURED
USE CASES
A library for forward compatibility with PHP password functions.
A library for generating random numbers and strings of various strengths, useful in security contexts.
Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.
JSON.parse() drop-in replacement with prototype poisoning protection.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
A static analysis tool that detects Common Weakness Enumerations (CWEs) in ELF binaries across multiple CPU architectures using Ghidra-based disassembly and various analysis techniques.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
A Node.js library for validating environment variables and providing immutable access to configuration values in applications.
A key and secret validation workflow tool built in Rust, supporting over 30 providers and exporting to JSON or CSV.
A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
Articles About Static Application Security Testing
Tool roundups, buying guides, and strategic analysis from the CybersecTools resource library.
Static Application Security Testing Tools FAQ
Common questions about Static Application Security Testing tools, selection guides, pricing, and comparisons.
Reduce false positives by: tuning rules to your technology stack and coding patterns, using incremental scanning (only scan changed code), establishing a baseline and triaging existing findings, integrating SAST results with IAST or DAST to validate findings at runtime, and configuring suppressions for known safe patterns specific to your codebase.
