Find top products in Static Application Security Testing (SAST) Software category

GitHub Advanced Security is an application security testing solution that is natively embedded in the developer workflow. It empowers DevSecOps teams to prioritize innovation and enhance developer productivity without sacrificing security. Automated security checks are run with every pull request, surfacing issues in the context of the development workflow so vulnerabilities are fixed in minutes, not months. Our developer-first solution unlocks your ability to keep your code, supply chain, and secrets secure before you push to production. GitHub Advanced Security gives security teams visibility into the cross-organizational security posture and supply chain, and unparalleled access to curated security intelligence from millions of developers and security researchers around the world. Available for GitHub Enterprise users.

Automated DevSecOps for CI/CD Pipelines - Maintain high velocity while delivering highly secure application services. Harness STO orchestrates your preferred application security scanners, ingests and analyzes the results, and provides a prioritized list of vulnerabilities to the developers. STO also makes it possible to govern pipelines using application security guardrails with policy-as-code. - Centralize all app scanner results in a single solution for Security and Engineering - Reduce the developer workload associated with DevSecOps - Shift-left application security into CI/CD pipelines - Govern the usage of security scanners in pipelines - Easily track security exceptions - Application security reports for Security and Engineering teams

Veracode Static Analysis (SAST) helps developers quickly and accurately find and fix security flaws in proprietary code with detailed remediation guidance during each stage of software development.

The use of AI in application development is exploding, but security teams lack ways to identify them, leaving applications at risk. Mend AI empowers security professionals to gain visibility and control over which AI models are being used in their applications. Mend AI includes: - Comprehensive pre-trained model indexing with coverage for all 350k+ AI models indexed in Hugging Face, giving you clear visibility into the AI models used in your applications. - Protection against outdated dependencies in AI models by providing detailed license, version, and update information for each AI model found in your application. And More is Coming Soon! - Gender Bias Detection - AI Code Snippet Detection - AI-BOM

Mobile Application Protect Suite(MAPS) helps enterprises build secure, compliant, and resilient mobile applications. It is the only unified platform that combines comprehensive in-app protection with centralized threat visibility throughout the application lifecycle. Key capabilities within the suite: - Application Security Testing (MAST): Scan your mobile app binaries to identify security, privacy, and compliance vulnerabilities. - Application Shielding: Protect your code and IP with advanced obfuscation and anti-tampering capabilities. - Runtime App Self Protection (RASP): We provide runtime threat visibility and on-device self-defense capabilities against device, network, applications, and phishing attacks. - Crypto Key Protection: Protect your cryptographic keys using white-box cryptography to secure your most sensitive data.

GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle in their internal repos or on public GitHub. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations. Widely adopted by developer communities, GitGuardian is used by more than 200 thousand developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is an automated secrets detection and remediation platform. By reducing the risks of secrets exposure across the SDLC and on public GitHub, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards. Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

Fortify Static Code Analyzer provides static application security testing (SAST) to analyze application binary and source code for security vulnerabilities. SCA identifies root causes of security vulnerabilities, correlates and prioritizes results. SCA provides line of code detail and guidance on how to remediate the identified vulnerabilities, consequences if it's not addressed, and provides information on best practices to help developers code more securely. With flexible deployment and enterprise scaling you can accurately meet the changing demands of your CI/CD pipeline. Available on premises, in the cloud, or AppSec-as-a-Service.

The Unified Cloud Security Suite Identify. Source Code Analysis. Website security. Application Security. Network Security. Mobile Security.

The ZeroNorth application security automation and orchestration platform unites enterprises to rapidly identify, prioritize and remove the vulnerabilities standing in the way of software excellence.

Standards-based testing and certification are critical for consistent predictability, safety and governance. Standards improve dev and security team alignment and collaboration, which ensures quality and speeds release times. NowSecure enables your mobile app security program to support leading industry frameworks, testing standards and compliance standards.