Application Security Testing Tools

With GitLab, Security is built into the CI pipeline, out of the box. Every code commit is automatically scanned for security vulnerabilities in your code and its dependencies. Actionable results are delivered to the developer in their native workflow for rapid remediation.

Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine.

SonarQube is the leading tool for continuously inspecting the Code Quality & Security of your codebases and guiding development teams during Code Reviews. Covering 27 programming languages, while pairing-up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues and ultimately deliver better and safer software. With over 170k deployments helping small development teams as well as global organizations, SonarQube provides the means for all teams and companies around the world to own and impact their Code Quality.

Black Duck software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers.

Traditional SAST tools often require tuning and expertise, overwhelming teams with false positives. Others are easy to use, but miss vulnerabilities. OpenText™ Static Application Security Testing (Fortify) (SAST) enables DevSecOps with precise vulnerability detection, broad language support, and seamless CI/CD integration. AI-driven insights help developers prioritize and resolve vulnerabilities efficiently, reducing security risk across the SDLC.

OpenText™ Dynamic Application Security Testing (Fortify) is an automated security testing solution that uncovers real, exploitable vulnerabilities by simulating live attacks against running applications, APIs, and services. Designed for modern DevSecOps teams, it prioritizes issues for root-cause analysis and integrates seamlessly via REST APIs—whether managed through an intuitive UI or fully automated in CI/CD pipelines.

Veracode Static Analysis provides fast, automated security feedback in the IDE and the pipeline, and conducts a full policy scan before deployment. It then provides clear guidance on what issues to focus on and how to fix them faster.

Checkmarx CxSAST is a powerful Static Source Code Analysis solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code.

Appknox is a plug & play mobile app security solution used by enterprises around the world to detect threats in their apps within minutes. Appknox's API security testing can be easily enabled from the same dashboard that helps you manage other Vulnerability Assessment (VA) activities such as the static code analysis tool and DAST tool, with just a few clicks.

Coverity is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding standards.