Static Application Security Testing (SAST)
Top > Transversal > DevSecOps > Security and Quality > Static Application Security Testing (SAST)
- Amazon CodeGuru - Automated code reviews. Initially centred on Java. π
- Top > Transversal > Cloud > Cloud Platforms > AWS > AWS Services
- Checkmarkx Software Security Platform - An integrated security suite including SAST, SCA, and IAST capabilities. π
- Codacy - A static code analysis tool that supports more than 30 different languages and file formats. π
- CodeScan - An end-to-end static code analysis solution built exclusively to maintain quality and security for the Salesforce platform. π
- DeepCode - DeepCode is an advanced semantic code analyser (automated "code reviews") based on AI technology. It supports Java, JavaScript/TypeScript, and Python. π
- Fortify Static Code Analyzer - Fortify checks code written in most major languages (Java, C#, JavaScript, Swift, C, etc.) for security vulnerabilities. π
- Muse - A SAST solution that covers a range of bug categories including performance, reliability, security, and style/standards and is especially focused on finding deep inter-procedural bugs. π
- NextGen Code Analysis - ShiftLeft NextGen Static Analysis (NG SAST) is a solution based on the notion of a workflow that inserts into pull requests and enables developers to find and fix vulnerabilities without ever leaving their development environment. π
- Polaris - The Synopsis Polaris Software Integrity Platform is an end-to-end SDLC, DevSecOps solution which includes IDE plug-ins, SAST and IAST tools, and integration with popular CI/CD tools such as Jenkins, GitHub, etc. π
- Secure Code Warrior - A platform that trains and equips developers to think and act with a security mindset as they build and verify their skills, gain real-time advice and monitor skill development. This is different from the approach taken by SAST tools that apply only after the code is written. π
- Sigrid - A software assurance platform which uses code analysis based on ISO 25010. π
- SonarCloud - SonarCloud is SonarQube's SaaS version. π
- SonarQube - SonarQube checks code written in most major languages for code smells, bugs and security vulnerabilities. π
- Thunderscan - DefenseCode Thunderscan SAST is a solution that, in addition to static code analysis of the selected code base, it also scans dependencies for known vulnerabilities and associated CVE entries. It has a focus on compliance including PCI-DSS and HIPPA, among others. π
- Veracode - A platform that includes security feedback in the IDE as well as an end-to-end stack consisting of SAST, DAST, SCA, as well as manual penetration testing capabilities, all in one centralised view. π
- Xanitizer - A SAST solution that performs security analysis directly on oneβs GitHub repository provides the results on GitHubβs ecurity tab. π
Before You Leave
π€ Subscribe to my 100% spam-free newsletter!