Static Application Security Testing
Static Application Security Testing (SAST) tools for static code analysis that detect security vulnerabilities and coding flaws in source code during development.
Browse 193 static application security testing tools
FEATURED
RELATED TASKS
A library for forward compatibility with PHP password functions.
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
Find leaked credentials by scanning repositories for high entropy strings.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Argus-SAF is a static analysis framework for security vetting Android applications.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
A key and secret validation workflow tool built in Rust, supporting over 30 providers and exporting to JSON or CSV.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
ESLint plugin to prevent Trojan Source attacks.
A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
A security feature to prevent unexpected manipulation of fetched resources.
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
A secrets detection tool that scans GitHub, GitLab, and Bitbucket repositories to identify API keys, access tokens, and other sensitive information in source code.
A static analysis tool for Android apps that detects malware and other malicious code
A PHP 5.x polyfill for random_bytes() and random_int() created by Paragon Initiative Enterprises.
ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.
A library for generating random numbers and strings of various strengths, useful in security contexts.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets in git repos.
A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Static Application Security Testing Tools - FAQ
Common questions about Static Application Security Testing tools including selection guides, pricing, and comparisons.
Static Application Security Testing (SAST) tools for static code analysis that detect security vulnerabilities and coding flaws in source code during development.
