18 years helping Irish businesses
choose better software
Capterra offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links. Learn more
Our commitment
Independent research methodology
Capterra’s researchers use a mix of verified reviews, independent research and objective methodologies to bring you selection and ranking information you can trust. While we may earn a referral fee when you visit a provider through our links or speak to an advisor, this has no influence on our research or methodology.
How Capterra verifies reviews
Capterra carefully verified over 2.5 million+ reviews to bring you authentic software and services experiences from real users. Our human moderators verify that reviewers are real people and that reviews are authentic. They use leading tech to analyze text quality and to detect plagiarism and generative AI.
How Capterra ensures transparency
Capterra lists all providers across its website—not just those that pay us—so that users can make informed purchase decisions. Capterra is free for users. Software and service providers pay us for sponsored profiles to receive web traffic and sales opportunities. Sponsored profiles include a link-out icon that takes users to the provider’s website.

Static Application Security Testing (SAST) Tools

Static Application Security Testing (SAST) automatically scans coding environments for security vulnerabilities during the application development process.

Related Categories

57 results
Ireland Show local products
Axivion logo

Axivion

(0)
Visit Website
Static code analysis tool that helps developers check standard compliance, security vulnerabilities, and code quality issues. Learn more about Axivion
Axivion Static Code Analysis is a static code analysis tool that helps developers check standard compliance, security vulnerabilities, and code quality issues for C and C++ code. It performs automated analysis to identify violations of coding guidelines like MISRA C and detect clones, dead code, and security vulnerabilities. Key features include coding standards compliance checking, metric monitoring, defect analysis, and certification for safety-critical software development. Learn more about Axivion

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Aikido Security logo

Aikido Security

4.7 (6)
Visit Website
Security-first SAST with zero distractions. Scan your code for quality and vulnerabilities & get alerts only for real security risks. Learn more about Aikido Security
Aikido scans your code for quality issues and security vulnerabilities such as SQL injection, XSS, buffer overflows, and other security risks. Checks against popular CVE databases. It works out-of-the-box and supports all major languages. Aikido combines scanning capabilities like SAST, IaC, DAST, Container Scanning, SCA, CSPM & Secrets Detection, all in one platform. Learn more about Aikido Security

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Xygeni Security logo

Xygeni Security

5.0 (5)
Visit Website
AI-powered SAST with low noise, exploit-focused detection, smart prioritization, in-IDE guidance, fully integrated into CI/CD and ASPM. Learn more about Xygeni Security
Xygeni SAST delivers AI-powered static analysis designed for precision and low noise in modern, AI-driven development environments. It detects exploitable vulnerabilities such as injection flaws, access-control issues, and insecure configurations while excluding non-exploitable findings. Intelligent prioritization uses reachability and contextual risk analysis to focus developers on what truly matters. DevAI provides interactive, in-IDE guidance and safe Auto-Fix recommendations with Remediation Risk awareness. Fully integrated into CI/CD pipelines and unified within Xygeni ASPM, SAST findings are correlated with supply chain signals to maintain a continuous application security posture from the first line of code. Learn more about Xygeni Security

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
JFrog Advanced Security logo

JFrog Advanced Security

(0)
Visit Website
JFrog Advanced Security is a software supply chain tool that analyzes vulnerabilities, scans code, and detects exposures. Learn more about JFrog Advanced Security
JFrog Advanced Security is an application security testing solution that goes beyond traditional SCA scanning to deliver deeper vulnerability insights and prioritization. It features vulnerability contextual analysis, source code scanning (SAST), and security exposure scanning for both source code and binaries. Leveraging data from JFrog's Security Research Team, it helps teams understand CVE impacts, prioritize threats, and reduce false positives. The integrated SAST capability enables developers to write trusted code while minimizing zero-day risks. It detects exposed secrets in code and binaries to prevent credential leakage and includes Infrastructure as Code security to address cloud deployment issues before production. Misconfiguration detection identifies security risks in open-source libraries and services. Seamlessly integrating into DevOps workflows, JFrog Advanced Security enhances software supply chain security throughout development. Learn more about JFrog Advanced Security

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
GitHub logo

GitHub

4.8 (6,143)
View Profile
Find vulnerabilities in custom code using static analysis. Prevent new vulnerabilities from being introduced by scanning every PR.
Find vulnerabilities in custom code using static analysis. Prevent new vulnerabilities from being introduced by scanning every pull request. We have security tools for every level of user - Dependency Graph is a map of the code libraries and repos your project relies on. Dependabot alerts you when these libraries were updated. These are available to every user. When you use GitHub Enterprise, you can add Token, Secret and Code Scanning to your repos for automatic security updates. Learn more about GitHub

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
GitLab logo

GitLab

4.6 (1,211)
View Profile
GitLab DevSecOps is trusted by enterprises and loved by developers. Start your free trial.
GitLab empowers your teams to balance speed and security by automating software delivery and securing your end-to-end software supply chain. Learn more about GitLab

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Dynatrace logo

Dynatrace

4.6 (81)
View Profile
Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.
Dynatrace is an application performance and lifecycle management solution designed to help retail businesses, financial markets, transportation companies, emergency services, and government bodies monitor and analyze the performance of applications on a unified dashboard. Key features of the platform include anomaly detection, root cause determination, network process monitoring, log entry analysis, cross-team collaboration, AI-assistance, and more among others. Learn more about Dynatrace

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
SonarQube logo

SonarQube

4.5 (65)
View Profile
SonarQube helps developers control code security by detecting Vulnerabilities and Security Hotspots early in the workflow.
SonarQube enables your team to systematically deliver code that meets high-quality standards, for every project, at every step of the workflow. Covering over 30 programming languages, while pairing up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues, and for teams overall to deliver better and safer software. Learn more about SonarQube

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Kiuwan logo

Kiuwan

4.4 (35)
View Profile
Kiuwan | Code Scanning That’s Built for Developers and Trusted by Security Teams
Fast, Flexible Code Security! Kiuwan is a robust, end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Governance and Code Quality, empowering your team to quickly identify and remediate vulnerabilities. Top features: ✅ Extensive language support: Over 30 programming languages. ✅ Detailed action plans: Prioritize remediation with tailored action plans. ✅ Code Security: Seamless Static Application Security Testing (SAST) integration. ✅ Insights: On-demand or continuous scanning Software Composition Analysis (SCA) to help reduce third-party threats. ✅ One-click Software Bill of Materials (SBOM) generation. Code Smarter. Secure Faster. Ship Sooner Learn more about Kiuwan

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Acunetix logo

Acunetix

4.4 (35)
View Profile
All-in-one security solution that scans your website, detects vulnerabilities and offers remediation, in three steps: Find-Fix-Prevent.
Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications. With Acunetix, security teams can: - Save time and resources by automating manual security processes. - Work more seamlessly with developers, or embrace DevSecOps by integrating directly in. - Leave no potential entry points unscanned and vulnerable to attack. - Detect over 12,000+ vulnerabilities, including zero-days. Learn more about Acunetix

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
SiteLock logo

SiteLock

3.3 (27)
View Profile
Cloud-based solution that enables businesses to detect & prevent cyber threats with website scanning, malware removal and more.
SiteLock, the global leader in website security solutions, is the only provider to offer complete, cloud-based website protection. Its 360-degree monitoring detects and fixes threats, prevents future attacks, accelerates website performance, and meets PCI compliance standards for businesses of all sizes. Founded in 2008, the company protects over 12 million websites worldwide. Learn more about SiteLock

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Invicti logo

Invicti

4.7 (26)
View Profile
Invicti, formerly Netsparker, is a DAST-first AppSec platform proving real risks, cutting noise, and securing everything at scale.
Invicti Security, formerly Netsparker, delivers application security with zero noise through a DAST-first approach that focuses on real, exploitable vulnerabilities in your running applications. The platform combines enterprise-grade dynamic application security testing (DAST), API security, web asset and API discovery, IAST, and dynamic SCA with static application security testing (SAST), static software composition analysis (SCA), and container security—all within a single, scalable solution. With proof-based scanning, Invicti automatically confirms exploitable vulnerabilities, to reduce false positives and speed remediation. Teams can prioritize real risk, reduce alert fatigue, and confidently secure their entire attack surface. Invicti integrates into modern development pipelines for continuous scanning and actionable insights across the SDLC. Trusted by leading enterprises, Invicti empowers security and DevOps teams to fix what matters most—quickly, accurately, and at scale. Learn more about Invicti

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Snyk logo

Snyk

4.6 (21)
View Profile
Snyk's Developer Security Platform puts security expertise in the toolbox of every developer.
Snyk is the leader in developer security. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST. Learn more about Snyk

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Artifactory logo

Artifactory

4.6 (19)
View Profile
The universal repository manager for DevOps & AI. Securely manage, store, and distribute binaries across your entire software supply ch
JFrog Artifactory is the world’s leading universal binary repository manager and the core of the JFrog Software Supply Chain Platform. Designed for modern DevOps, it provides a single source of truth for all software components, including binaries, packages, and AI/ML models. With native support for 40+ package types (Docker, Kubernetes, Maven, npm, PyPI, and Terraform), Artifactory eliminates silos and ensures consistent, reliable access across the SDLC. Scale your global infrastructure with multi-site replication and high availability, while securing your supply chain through deep integration with JFrog Xray for vulnerability scanning. Artifactory powers cloud-native, hybrid, and on-premises environments, offering the "Database of DevOps" for enterprises prioritizing speed, security, and compliance. Automate releases with robust REST APIs and CLI tools to accelerate CI/CD pipelines and ensure every build is traceable, governed, and ready for production at scale. Learn more about Artifactory

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Sigrid logo

Sigrid

4.1 (16)
View Profile
Sigrid delivers a holistic SAST solution that empowers organizations to proactively manage software security risks.
Sigrid is an advanced software security platform that specializes in Static Application Security Testing (SAST). The platform offers comprehensive and continuous scanning capabilities, utilizing a range of best-in-class technologies to identify, classify, and prioritize vulnerabilities across your entire software portfolio. Sigrid provides unified, risk-based, and actionable insights to help organizations secure their software from the code level up to the entire system. It simplifies complex security data into clear and prioritized recommendations, ensuring that even non-technical managers can make informed decisions about security risks. Sigrid is designed to serve a broad range of roles within an organization, from developers who need to identify and address specific security issues in their code, to security specialists seeking a unified view of security threats, and managers and C-level stakeholders who require oversight without needing to delve into technical details. Learn more about Sigrid

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
CodeScan logo

CodeScan

4.8 (14)
View Profile
CodeScan offers static code analysis and automated scans of Salesforce policies to strengthen code quality and data security.
AutoRABIT's CodeScan offers powerful static code analysis designed specifically for Salesforce environments. By automating the detection of security vulnerabilities, code quality issues, and compliance risks, it integrates seamlessly into your CI/CD pipeline to support continuous monitoring. CodeScan helps teams ensure their Salesforce codebase remains secure, consistent, and aligned with best practices. This significantly reduces manual review efforts, accelerates deployment times, and improves the overall performance of Salesforce applications. With advanced reporting and actionable insights, CodeScan empowers development and security teams to maintain high standards of security, compliance, and application quality throughout the software development lifecycle. Learn more about CodeScan

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
BuildPiper logo

BuildPiper

4.2 (13)
View Profile
BuildPiper: The Most Powerful Microservice Delivery Platform
BuildPiper is an end-to-end Kubernetes & Microservices Application Delivery Platform that enables dockerized code to be deployed across environments and enables seamless management of Production operations with all the required observability, security, and compliance baked in. The goal is to simplify and accelerate the 'microservices’ application journey for any organization & make it hugely rewarding. Learn more about BuildPiper

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
CodeScene logo

CodeScene

4.7 (11)
View Profile
CodeScene is a code analysis, visualization, and reporting tool. Reduce technical debt and deliver better code quality.
CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality. We enable software development teams to make confident, data-driven decisions that fuel performance and developer productivity. Supporting 28+ programming languages, CodeScene also offers an automated integration with GitHub, BitBucket, Azure DevOps or GitLab pull requests to incorporate the analysis results into existing delivery workflows. Get early warnings and recommendations about complex code before merging it to the main branch, set quality gates to trigger in case your code health declines. Learn more about CodeScene

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
DeepSource logo

DeepSource

4.8 (10)
View Profile
The all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software.
DeepSource is an all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle. Developers and security engineers are empowered to discover and fix maintainability and security issues in the codebase during the earliest stages of software development. Organizations enable velocity without risking technical debt. Learn more about DeepSource

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Klocwork logo

Klocwork

4.6 (8)
View Profile
Klocwork is a static code analysis tool that identifies issues to enforce standards compliance for multiple programming languages.
Klocwork is a static code analysis tool for C/C++, C#, Python, Kotlin, JavaScript, and Java. It identifies software security, quality, and reliability issues through static analysis to help enforce compliance with standards. Klocwork integrates with developer tools and provides enterprise-wide capabilities for control, collaboration, and reporting. Learn more about Klocwork

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Radware Alteon logo

Radware Alteon

4.9 (8)
View Profile
Load balancing platform that helps businesses monitor application performances, detect anomalies, analyze root causes, and more.
Radware Alteon is an application delivery and security solution that manages application traffic across cloud and data center locations, optimizing availability and performance. It integrates multiple application protection services to provide protection against an array of cyberthreats. Lastly, Alteon’s analytics provides insightful visibility so that you can seamlessly manage application SLAs and stay ahead of cyberattacks. Learn more about Radware Alteon

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
SonarCloud logo

SonarCloud

4.3 (7)
View Profile
SonarQube Cloud is a fully managed SaaS solution that improves human-developed and AI-assisted code at scale.
SonarQube Cloud (formerly SonarCloud) is a SaaS code analysis tool, designed to detect coding issues in 30+ languages, frameworks, and IaC platforms. The solution also provides fix recommendations leveraging AI with Sonar’s AI CodeFix capability. By integrating directly with your CI pipeline or one of the supported DevOps platforms, your code is checked against an extensive set of rules that cover many attributes of code, such as maintainability, reliability, and security issues, on each merge/pull request. Learn more about SonarCloud

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
SonarLint logo

SonarLint

4.7 (7)
View Profile
SonarQube for IDE is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time.
SonarQube for IDE (formerly SonarLint) is a free IDE plugin for static code analysis brought to you by Sonar. It’s your first line of defense, designed to detect coding issues in real-time for 25 languages, frameworks, and IaC platforms. Learn more about SonarLint

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Bytesafe logo

Bytesafe

4.6 (7)
View Profile
Manage Open Source supply chain threats intelligently with Bytesafe's cloud-native security platform.
Bytesafe allows enterprises to increase their software supply chain security posture with automated best practices - and a unified workflow for security and developer teams. The Dependency Firewall enables enterprises to enforce open source usage policies and avoid threats by effectively blocking open source vulnerabilities and non-compliant licenses. Learn more about Bytesafe

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API
Checkmarx One logo

Checkmarx One

3.9 (7)
View Profile
Checkmarx One is an enterprise cloud-native application security platform that helps teams cut through the noise fix what matters most.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources. Checkmarx One offers comprehensive application scanning across the SDLC: *Static Application Security Testing (SAST) *Software Composition Analysis (SCA) *API security *Dynamic Application Security Testing (DAST) *Container security *IaC security *Correlation, prioritization and risk management *Codebashing secure code training *AI security *Tech partnerships extending AppSec into runtime analysis *Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs Checkmarx One helps secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving toolset, Checkmarx One helps consolidate AppSec solutions and make better sense of results. Learn more about Checkmarx One

Features

  • Vulnerability Scanning
  • Real-Time Analytics
  • Integrated Development Environment
  • API