---
description: Compare the best Static Application Security Testing (SAST) Software in Canada. Capterra offers software reviews from verified users, pricing, and features. Find the top rated software for your business.
image: https://gdm-localsites-assets-gfprod.imgix.net/images/capterra/og_logo-e5a8c001ed0bd1bb922639230fcea71a.png?auto=format%2Cenhance%2Ccompress
title: Static Application Security Testing (SAST) Software - Prices & Reviews - Capterra Canada 2026
---

Breadcrumb: [Home](/) > [Static Application Security Testing (SAST) Software](https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software)

# Static Application Security Testing (SAST) Software

Canonical: https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software

Page: 1 / 3\
Next: [Next page](https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software?page=2)

> Static Application Security Testing (SAST) automatically scans coding environments for security vulnerabilities during the application development process.

-----

## Products

1. [JFrog Advanced Security](https://www.capterra.ca/software/1084389/JFrog-Advanced-Security) (0 reviews) — JFrog Advanced Security is a software supply chain tool that analyzes vulnerabilities, scans code, and detects exposures.
2. [Aikido Security](https://www.capterra.ca/software/1060185/aikido) — 4.7/5 (6 reviews) — Security-first SAST with zero distractions. Scan your code for quality and vulnerabilities \& get alerts only for real security risks.
3. [Flawnter](https://www.capterra.ca/software/1021648/appsonar) (0 reviews) — Static code analysis software to find security and quality flaws faster. Trusted by many organizations worldwide.
4. [GitHub](https://www.capterra.ca/software/129067/github) — 4.8/5 (6155 reviews) — Find vulnerabilities in custom code using static analysis. Prevent new vulnerabilities from being introduced by scanning every PR.
5. [GitLab](https://www.capterra.ca/software/159806/gitlab) — 4.6/5 (1215 reviews) — GitLab unifies planning, CI/CD, security, and agentic AI, eliminating the tool handoffs that slow software delivery. Learn more today.
6. [Dynatrace](https://www.capterra.ca/software/81932/dynatrace) — 4.5/5 (82 reviews) — Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.
7. [SonarQube](https://www.capterra.ca/software/210481/sonarqube) — 4.5/5 (66 reviews) — SonarQube helps developers control code security by detecting Vulnerabilities and Security Hotspots early in the workflow.
8. [Kiuwan](https://www.capterra.ca/software/160729/kiuwan-code-security) — 4.4/5 (35 reviews) — Kiuwan | Code Scanning That’s Built for Developers and Trusted by Security Teams
9. [Acunetix](https://www.capterra.ca/software/171379/acunetix) — 4.4/5 (35 reviews) — Acunetix is web app and API security software that automates testing, finds vulnerabilities, and integrates into development.
10. [SiteLock](https://www.capterra.ca/software/143471/sitelock) — 3.3/5 (27 reviews) — Cloud-based solution that enables businesses to detect \& prevent cyber threats with website scanning, malware removal and more.
11. [Invicti](https://www.capterra.ca/software/171539/netsparker-web-application-security-scanner) — 4.7/5 (26 reviews) — Invicti, formerly Netsparker, is a DAST-first AppSec platform proving real risks, cutting noise, and securing everything at scale.
12. [Snyk](https://www.capterra.ca/software/172252/snyk) — 4.6/5 (21 reviews) — Snyk's Developer Security Platform puts security expertise in the toolbox of every developer.
13. [Artifactory](https://www.capterra.ca/software/148994/artifactory) — 4.6/5 (19 reviews) — The universal repository manager for DevOps \& AI. Securely manage, store \& distribute binaries across your entire software supply chain
14. [Sigrid](https://www.capterra.ca/software/219140/sigrid) — 4.1/5 (16 reviews) — Sigrid delivers a holistic SAST solution that empowers organizations to proactively manage software security risks.
15. [CodeScan](https://www.capterra.ca/software/204478/codescan) — 4.8/5 (14 reviews) — CodeScan offers static code analysis and automated scans of Salesforce policies to strengthen code quality and data security.
16. [BuildPiper](https://www.capterra.ca/software/212815/buildpiper) — 4.2/5 (13 reviews) — BuildPiper: The Most Powerful Microservice Delivery Platform
17. [CodeScene](https://www.capterra.ca/software/193379/codescene) — 4.7/5 (11 reviews) — CodeScene is a code analysis, visualization, and reporting tool. Reduce technical debt and deliver better code quality.
18. [DeepSource](https://www.capterra.ca/software/199025/deepsource) — 4.8/5 (10 reviews) — The all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software.
19. [Klocwork](https://www.capterra.ca/software/136486/klocwork) — 4.6/5 (8 reviews) — Klocwork is a static code analysis tool that identifies issues to enforce standards compliance for multiple programming languages.
20. [Radware Alteon](https://www.capterra.ca/software/140411/Radware-Alteon) — 4.9/5 (8 reviews) — Load balancing platform that helps businesses monitor application performances, detect anomalies, analyze root causes, and more.
21. [SonarQube Cloud](https://www.capterra.ca/software/182747/sonarcloud) — 4.3/5 (7 reviews) — SonarQube is an automated code review solution, serving as the verification layer to review AI code for quality and security.
22. [SonarLint](https://www.capterra.ca/software/1014000/sonarlint) — 4.7/5 (7 reviews) — SonarQube for IDE is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time.
23. [Bytesafe](https://www.capterra.ca/software/1019115/bytesafe) — 4.6/5 (7 reviews) — Manage Open Source supply chain threats intelligently with Bytesafe's cloud-native security platform.
24. [Checkmarx One](https://www.capterra.ca/software/1067244/Checkmarx-One) — 3.9/5 (7 reviews) — Checkmarx One is an enterprise cloud-native application security platform that helps teams cut through the noise fix what matters most.
25. [Coverity](https://www.capterra.ca/software/163552/coverity-static-code-analysis) — 3.5/5 (6 reviews) — A SAST solution designed to help businesses manage risks across the application portfolio and address quality defects in the SDLC.

-----

Page: 1 / 3\
Next: [Next page](https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software?page=2)

## Related Categories

- [Cloud Security Software](https://www.capterra.ca/directory/31344/cloud-security/software)
- [Source Code Management Software](https://www.capterra.ca/directory/31420/source-code-management/software)
- [Vulnerability Management Software](https://www.capterra.ca/directory/31062/vulnerability-management/software)
- [DevOps Software](https://www.capterra.ca/directory/31120/devops/software)
- [Continuous Integration Software](https://www.capterra.ca/directory/31119/continuous-integration/software)

## Links

- [View on Capterra](https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software)
- [All Categories](https://www.capterra.ca/directory)

## This page is available in the following languages

| Locale | URL |
| de | <https://www.capterra.com.de/directory/32818/static-application-security-testing-%28sast%29/software> |
| de-AT | <https://www.capterra.at/directory/32818/static-application-security-testing-%28sast%29/software> |
| de-CH | <https://www.capterra.ch/directory/32818/static-application-security-testing-%28sast%29/software> |
| en | <https://www.capterra.com/sast-software/> |
| en-AE | <https://www.capterra.ae/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-AU | <https://www.capterra.com.au/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-CA | <https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-GB | <https://www.capterra.co.uk/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-IE | <https://www.capterra.ie/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-IL | <https://www.capterra.co.il/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-IN | <https://www.capterra.in/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-NZ | <https://www.capterra.co.nz/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-SG | <https://www.capterra.com.sg/directory/32818/static-application-security-testing-%28sast%29/software> |
| en-ZA | <https://www.capterra.co.za/directory/32818/static-application-security-testing-%28sast%29/software> |
| es | <https://www.capterra.es/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-AR | <https://www.capterra.com.ar/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-CL | <https://www.capterra.cl/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-CO | <https://www.capterra.co/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-CR | <https://www.capterra.co.cr/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-DO | <https://www.capterra.do/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-EC | <https://www.capterra.ec/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-MX | <https://www.capterra.mx/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-PA | <https://www.capterra.com.pa/directory/32818/static-application-security-testing-%28sast%29/software> |
| es-PE | <https://www.capterra.pe/directory/32818/static-application-security-testing-%28sast%29/software> |
| fr | <https://www.capterra.fr/directory/32818/static-application-security-testing-%28sast%29/software> |
| fr-BE | <https://fr.capterra.be/directory/32818/static-application-security-testing-%28sast%29/software> |
| fr-CA | <https://fr.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software> |
| fr-LU | <https://www.capterra.lu/directory/32818/static-application-security-testing-%28sast%29/software> |
| it | <https://www.capterra.it/directory/32818/static-application-security-testing-%28sast%29/software> |
| ja | <https://www.capterra.jp/directory/32818/static-application-security-testing-%28sast%29/software> |
| ko | <https://www.capterra.co.kr/directory/32818/static-application-security-testing-%28sast%29/software> |
| nb | <https://www.capterra.no/directory/32818/static-application-security-testing-%28sast%29/software> |
| nl | <https://www.capterra.nl/directory/32818/static-application-security-testing-%28sast%29/software> |
| nl-BE | <https://www.capterra.be/directory/32818/static-application-security-testing-%28sast%29/software> |
| pl | <https://www.capterra.pl/directory/32818/static-application-security-testing-%28sast%29/software> |
| pt | <https://www.capterra.com.br/directory/32818/static-application-security-testing-%28sast%29/software> |
| pt-PT | <https://www.capterra.pt/directory/32818/static-application-security-testing-%28sast%29/software> |
| sv | <https://www.capterra.se/directory/32818/static-application-security-testing-%28sast%29/software> |
| tr | <https://www.capterra.web.tr/directory/32818/static-application-security-testing-%28sast%29/software> |

-----

## Structured Data

<script type="application/ld+json">
  {"@context":"https://schema.org","@graph":[{"name":"Capterra Canada","address":{"@type":"PostalAddress","addressLocality":"Toronto","addressRegion":"ON","postalCode":"M2N 7E9","streetAddress":"5000 Yonge Street 14th Floor, Suite 1402 Toronto ON M2N 7E9"},"description":"Capterra Canada helps millions of people find the best business software. With software reviews, ratings, infographics and a comprehensive list of business software.","email":"info@capterra.ca","url":"https://www.capterra.ca/","logo":"https://dm-localsites-assets-prod.imgix.net/images/capterra/logo-a9b3b18653bd44e574e5108c22ab4d3c.svg","@type":"Organization","@id":"https://www.capterra.ca/#organization","parentOrganization":"Gartner, Inc.","sameAs":["https://twitter.com/Capterra","https://www.facebook.com/Capterra/","https://www.linkedin.com/company/capterra/","https://www.instagram.com/capterra/","https://www.youtube.com/channel/UCyUw9-HIkKiYcTqcFDUcxPA"]},{"name":"Capterra Canada","url":"https://www.capterra.ca/","@type":"WebSite","@id":"https://www.capterra.ca/#website","publisher":{"@id":"https://www.capterra.ca/#organization"},"potentialAction":{"query":"required","target":"https://www.capterra.ca/search/?q={search_term_string}","@type":"SearchAction","query-input":"required name=search_term_string"}},{"name":"Static Application Security Testing (SAST) Software","description":"Compare the best Static Application Security Testing (SAST) Software in Canada. Capterra offers software reviews from verified users, pricing, and features. Find the top rated software for your business.","url":"https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software","about":{"@id":"https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software#itemlist"},"breadcrumb":{"@id":"https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software#breadcrumblist"},"@type":["WebPage","CollectionPage"],"@id":"https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software#webpage","mainEntity":{"@id":"https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software#itemlist"},"isPartOf":{"@id":"https://www.capterra.ca/#website"},"inLanguage":"en-CA","publisher":{"@id":"https://www.capterra.ca/#organization"}},{"@type":"BreadcrumbList","itemListElement":[{"name":"Home","position":1,"item":"/","@type":"ListItem"},{"name":"Static Application Security Testing (SAST) Software","position":2,"item":"https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software","@type":"ListItem"}],"@id":"https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software#breadcrumblist"}]}
</script><script type="application/ld+json">
  {"name":"Static Application Security Testing (SAST) Software - Prices &amp; Reviews - Capterra Canada 2026","@context":"https://schema.org","@type":"ItemList","itemListElement":[{"name":"JFrog Advanced Security","position":1,"description":"JFrog Advanced Security is an application security testing solution that goes beyond traditional SCA scanning to deliver deeper vulnerability insights and prioritization. It features vulnerability contextual analysis, source code scanning (SAST), and security exposure scanning for both source code and binaries. Leveraging data from JFrog's Security Research Team, it helps teams understand CVE impacts, prioritize threats, and reduce false positives. The integrated SAST capability enables developers to write trusted code while minimizing zero-day risks. It detects exposed secrets in code and binaries to prevent credential leakage and includes Infrastructure as Code security to address cloud deployment issues before production. Misconfiguration detection identifies security risks in open-source libraries and services. Seamlessly integrating into DevOps workflows, JFrog Advanced Security enhances software supply chain security throughout development.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/4cb45e41-d60a-476b-87e1-192472ea7bad.jpeg","url":"https://www.capterra.ca/software/1084389/JFrog-Advanced-Security","@type":"ListItem"},{"name":"Aikido Security","position":2,"description":"Aikido scans your code for quality issues and security vulnerabilities such as SQL injection, XSS, buffer overflows, and other security risks. Checks against popular CVE databases. It works out-of-the-box and supports all major languages.\n\nAikido combines scanning capabilities like SAST, IaC, DAST, Container Scanning, SCA, CSPM & Secrets Detection, all in one platform.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/3a6ac642-6836-44e8-9489-54089fc64a58.png","url":"https://www.capterra.ca/software/1060185/aikido","@type":"ListItem"},{"name":"Flawnter","position":3,"description":"Flawnter Static Code Analyzer Helps Improve the Security and Quality of Your Application Code. Automate static application security testing to find hidden security and quality flaws faster. Over thousands of rules and over 25 programming language support. Based on industry standards.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/6f1659d4-a23d-472b-8fce-fca3bbce94b7.png","url":"https://www.capterra.ca/software/1021648/appsonar","@type":"ListItem"},{"name":"GitHub","position":4,"description":"Find vulnerabilities in custom code using static analysis. Prevent new vulnerabilities from being introduced by scanning every pull request. We have security tools for every level of user - Dependency Graph is a map of the code libraries and repos your project relies on. Dependabot alerts you when these libraries were updated. These are available to every user. When you use GitHub Enterprise, you can add Token, Secret and Code Scanning to your repos for automatic security updates.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/d0cfa614-0cde-454f-b5f0-aed4c83f6a76.png","url":"https://www.capterra.ca/software/129067/github","@type":"ListItem"},{"name":"GitLab","position":5,"description":"GitLab is a unified platform for the full software development lifecycle, consolidating planning, source code management, CI/CD, security, and deployment in a single application. Teams eliminate context switching and manual handoffs, maintaining continuous flow from idea to production.\n\nBuilt-in CI/CD includes code testing, artifact management, environment management, and feature flags. Security runs continuously throughout development: SAST, DAST, dependency scanning, secret detection, container scanning, and IaC scanning.\n\nGitLab Duo Agent Platform brings team-level agentic AI to the entire lifecycle: code generation, automated code review, issue-to-merge-request flows, pipeline remediation, and vulnerability triage. Multiple agents work in parallel while developers steer.\n\nGitLab supports flexible deployment: SaaS, self-managed, dedicated single-tenant, and FedRAMP-compliant environments for government.\n\nContact us to learn more today.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/0a4c64d3-570d-43a0-9ab9-725c546efdf4.png","url":"https://www.capterra.ca/software/159806/gitlab","@type":"ListItem"},{"name":"Dynatrace","position":6,"description":"Dynatrace is an application performance and lifecycle management solution designed to help retail businesses, financial markets, transportation companies, emergency services, and government bodies monitor and analyze the performance of applications on a unified dashboard. Key features of the platform include anomaly detection, root cause determination, network process monitoring, log entry analysis, cross-team collaboration, AI-assistance, and more among others.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/68183a9d-ab05-4850-890c-50d319013242.png","url":"https://www.capterra.ca/software/81932/dynatrace","@type":"ListItem"},{"name":"SonarQube","position":7,"description":"SonarQube enables your team to systematically deliver code that meets high-quality standards, for every project, at every step of the workflow. Covering over 30 programming languages, while pairing up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues, and for teams overall to deliver better and safer software.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/f45c49bb-a722-495f-8c4c-b1b8bb5009fe.png","url":"https://www.capterra.ca/software/210481/sonarqube","@type":"ListItem"},{"name":"Kiuwan","position":8,"description":"Know your application's vulnerabilities. Add Kiuwan Static Application Security Testing (SAST) and Software Composition Analysis (SCA) to your source code management. It's easy to set up and use. Scan your code locally, then share results in the cloud. Tailored reports with industry standard security ratings help you reduce technical debt and mitigate risk. Kiuwan provides comprehensive language coverage, integrates with leading IDEs, and fits seamlessly into your CI/CD/DevSecOps process.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/a8dcb3c0-541d-479f-a555-bed59bc42274.png","url":"https://www.capterra.ca/software/160729/kiuwan-code-security","@type":"ListItem"},{"name":"Acunetix","position":9,"description":"Acunetix is web application and API security software designed to automate security testing and vulnerability management. It features a vulnerability scanner capable of detecting vulnerabilities, including zero-day threats, across web applications and APIs. A standout feature is its ability to discover and crawl an organization's entire web attack surface, scanning areas like single-page applications and script-heavy sites. Acunetix's Predictive Risk Scoring uses machine learning to assess risk levels, helping prioritize critical vulnerabilities. It integrates with tools such as issue trackers and CI/CD pipelines, promoting a shared security responsibility. Continuous security capabilities allow for regular scans, ensuring new vulnerabilities are swiftly addressed. Acunetix streamlines application security efforts, reducing risk and enhancing the security of web-based assets.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/9a1f201e-3bde-45b3-a0e2-bfe0c3a29b9e.png","url":"https://www.capterra.ca/software/171379/acunetix","@type":"ListItem"},{"name":"SiteLock","position":10,"description":"SiteLock, the global leader in website security solutions, is the only provider to offer complete, cloud-based website protection. Its 360-degree monitoring detects and fixes threats, prevents future attacks, accelerates website performance, and meets PCI compliance standards for businesses of all sizes. Founded in 2008, the company protects over 12 million websites worldwide.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/6dc6f5dd-7237-4f5c-a5cf-b4098df41023.png","url":"https://www.capterra.ca/software/143471/sitelock","@type":"ListItem"},{"name":"Invicti","position":11,"description":"Invicti Security, formerly Netsparker, delivers application security with zero noise through a DAST-first approach that focuses on real, exploitable vulnerabilities in your running applications. The platform combines enterprise-grade dynamic application security testing (DAST), API security, web asset and API discovery, IAST, and dynamic SCA with static application security testing (SAST), static software composition analysis (SCA), and container security—all within a single, scalable solution. With proof-based scanning, Invicti automatically confirms exploitable vulnerabilities, to reduce false positives and speed remediation. Teams can prioritize real risk, reduce alert fatigue, and confidently secure their entire attack surface. Invicti integrates into modern development pipelines for continuous scanning and actionable insights across the SDLC. Trusted by leading enterprises, Invicti empowers security and DevOps teams to fix what matters most—quickly, accurately, and at scale.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/d386ac3d-34c6-4fa7-a326-728dc8167276.png","url":"https://www.capterra.ca/software/171539/netsparker-web-application-security-scanner","@type":"ListItem"},{"name":"Snyk","position":12,"description":"Snyk is the leader in developer security. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/0b834ddb-8c1a-4529-9ac4-28e194ec2eaf.png","url":"https://www.capterra.ca/software/172252/snyk","@type":"ListItem"},{"name":"Artifactory","position":13,"description":"JFrog Artifactory is the world’s leading universal binary repository manager and the core of the JFrog Software Supply Chain Platform. Designed for modern DevOps, it provides a single source of truth for all software components, including binaries, packages, and AI/ML models. With native support for 40+ package types (Docker, Kubernetes, Maven, npm, PyPI, and Terraform), Artifactory eliminates silos and ensures consistent, reliable access across the SDLC.\n\nScale your global infrastructure with multi-site replication and high availability, while securing your supply chain through deep integration with JFrog Xray for vulnerability scanning. Artifactory powers cloud-native, hybrid, and on-premises environments, offering the \"Database of DevOps\" for enterprises prioritizing speed, security, and compliance. Automate releases with robust REST APIs and CLI tools to accelerate CI/CD pipelines and ensure every build is traceable, governed, and ready for production at scale.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/2f492671-8e3d-4523-9fdf-2fd3b4ec5487.png","url":"https://www.capterra.ca/software/148994/artifactory","@type":"ListItem"},{"name":"Sigrid","position":14,"description":"Sigrid is an advanced software security platform that specializes in Static Application Security Testing (SAST). \n\nThe platform offers comprehensive and continuous scanning capabilities, utilizing a range of best-in-class technologies to identify, classify, and prioritize vulnerabilities across your entire software portfolio. \n\nSigrid provides unified, risk-based, and actionable insights to help organizations secure their software from the code level up to the entire system. It simplifies complex security data into clear and prioritized recommendations, ensuring that even non-technical managers can make informed decisions about security risks.\n\nSigrid is designed to serve a broad range of roles within an organization, from developers who need to identify and address specific security issues in their code, to security specialists seeking a unified view of security threats, and managers and C-level stakeholders who require oversight without needing to delve into technical details.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/7fbb591b-986a-4cbd-812b-c8ee8870d591.png","url":"https://www.capterra.ca/software/219140/sigrid","@type":"ListItem"},{"name":"CodeScan","position":15,"description":"AutoRABIT's CodeScan offers powerful static code analysis designed specifically for Salesforce environments. By automating the detection of security vulnerabilities, code quality issues, and compliance risks, it integrates seamlessly into your CI/CD pipeline to support continuous monitoring. CodeScan helps teams ensure their Salesforce codebase remains secure, consistent, and aligned with best practices. This significantly reduces manual review efforts, accelerates deployment times, and improves the overall performance of Salesforce applications. With advanced reporting and actionable insights, CodeScan empowers development and security teams to maintain high standards of security, compliance, and application quality throughout the software development lifecycle.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/27625740-314b-462c-a10a-0d1f1f138f0c.png","url":"https://www.capterra.ca/software/204478/codescan","@type":"ListItem"},{"name":"BuildPiper","position":16,"description":"BuildPiper is an end-to-end Kubernetes & Microservices Application Delivery Platform that enables dockerized code to be deployed across environments and enables seamless management of Production operations with all the required observability, security, and compliance baked in. \nThe goal is to simplify and accelerate the 'microservices’ application journey for any organization & make it hugely rewarding.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/0420462b-3ca2-44f2-a95a-d2d68f7584ed.png","url":"https://www.capterra.ca/software/212815/buildpiper","@type":"ListItem"},{"name":"CodeScene","position":17,"description":"CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality.\n\nWe enable software development teams to make confident, data-driven decisions that fuel performance and developer productivity.\n\nSupporting 28+ programming languages, CodeScene also offers an automated integration with GitHub, BitBucket, Azure DevOps or GitLab pull requests to incorporate the analysis results into existing delivery workflows. Get early warnings and recommendations about complex code before merging it to the main branch, set quality gates to trigger in case your code health declines.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/9a5a497c-b29b-47e3-96a2-e490a5926b35.jpeg","url":"https://www.capterra.ca/software/193379/codescene","@type":"ListItem"},{"name":"DeepSource","position":18,"description":"DeepSource is an all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle.\n\nDevelopers and security engineers are empowered to discover and fix maintainability and security issues in the codebase during the earliest stages of software development. Organizations enable velocity without risking technical debt.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/43f2a0b4-91b7-494b-b8f4-4062b87276c4.png","url":"https://www.capterra.ca/software/199025/deepsource","@type":"ListItem"},{"name":"Klocwork","position":19,"description":"Klocwork is a static code analysis tool for C/C++, C#, Python, Kotlin, JavaScript, and Java. It identifies software security, quality, and reliability issues through static analysis to help enforce compliance with standards. Klocwork integrates with developer tools and provides enterprise-wide capabilities for control, collaboration, and reporting.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/5822c014-8788-40c1-b840-28d4ec210a35.jpeg","url":"https://www.capterra.ca/software/136486/klocwork","@type":"ListItem"},{"name":"Radware Alteon","position":20,"description":"Radware Alteon is an application delivery and security solution that manages application traffic across cloud and data center locations, optimizing availability and performance. It integrates multiple application protection services to provide protection against an array of cyberthreats. Lastly, Alteon’s analytics provides insightful visibility so that you can seamlessly manage application SLAs and stay ahead of cyberattacks.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/c1dd0c8d-65ac-47e2-a365-e9a457faa5d9.png","url":"https://www.capterra.ca/software/140411/Radware-Alteon","@type":"ListItem"},{"name":"SonarQube Cloud","position":21,"description":"SonarQube is the industry leader in automated code review, serving as the verification layer for code quality and security in the AI-powered SDLC. SonarQube reviews AI code and developer code, ensuring it is secure, reliable, and maintainable. Available through SaaS or self-managed deployment, SonarQube automatically analyzes pull and merge requests, providing developers with clear, actionable feedback and AI-driven fixes before code is merged. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at Snowflake, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/1685de1f-4afa-4374-95d8-31e70f2e8f0f.png","url":"https://www.capterra.ca/software/182747/sonarcloud","@type":"ListItem"},{"name":"SonarLint","position":22,"description":"SonarQube for IDE is a free IDE plugin for automated code review brought to you by Sonar. It’s your first line of defense, designed to detect coding issues in real-time for 3+0 languages, frameworks, and IaC platforms.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/34d17e79-84da-474e-a790-2a114c3d6dce.png","url":"https://www.capterra.ca/software/1014000/sonarlint","@type":"ListItem"},{"name":"Bytesafe","position":23,"description":"Bytesafe allows enterprises to increase their software supply chain security posture with automated best practices - and a unified workflow for security and developer teams. The Dependency Firewall enables enterprises to enforce open source usage policies and avoid threats by effectively blocking open source vulnerabilities and non-compliant licenses.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/27c22bec-6e47-479d-9856-efd5d3be4fba.jpeg","url":"https://www.capterra.ca/software/1019115/bytesafe","@type":"ListItem"},{"name":"Checkmarx One","position":24,"description":"Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources. \n\nCheckmarx One offers comprehensive application scanning across the SDLC: \n*Static Application Security Testing (SAST)  \n*Software Composition Analysis (SCA) \n*API security \n*Dynamic Application Security Testing (DAST) \n*Container security \n*IaC security \n*Correlation, prioritization and risk management \n*Codebashing secure code training \n*AI security \n*Tech partnerships extending AppSec into runtime analysis \n*Developer tool integrations including: CI/CD tools, \n  development frameworks, feedback tools, IDEs, \n  programming languages and SCMs\n\nCheckmarx One helps secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving toolset, Checkmarx One helps consolidate AppSec solutions and make better sense of results.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/62209003-738c-4e4e-854f-4f602f774154.png","url":"https://www.capterra.ca/software/1067244/Checkmarx-One","@type":"ListItem"},{"name":"Coverity","position":25,"description":"Coverity is an intelligent, highly scalable static analysis (SAST) solution that helps developers find and fix critical security and quality issues as they code with help from the CodeSight IDE plug-in. Coverity works with 22 different languages and integrates into your CI/CD pipeline, allowing teams to address security and quality defects early in the SDLC. Coverity provides detailed reporting and issue management dashboards, which helps ensure compliance with security and coding standards.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/c76a7108-9c84-41a9-84e0-fc4aef15e694.jpeg","url":"https://www.capterra.ca/software/163552/coverity-static-code-analysis","@type":"ListItem"}],"@id":"https://www.capterra.ca/directory/32818/static-application-security-testing-%28sast%29/software#itemlist","numberOfItems":25}
</script>