Application Security Testing Tools

With GitLab, Security is built into the CI pipeline, out of the box. Every code commit is automatically scanned for security vulnerabilities in your code and its dependencies. Actionable results are delivered to the developer in their native workflow for rapid remediation.

Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine.

SonarQube is the leading tool for continuously inspecting the Code Quality & Security of your codebases and guiding development teams during Code Reviews. Covering 27 programming languages, while pairing-up with your existing software pipeline, SonarQube provides clear remediation guidance for developers to understand and fix issues and ultimately deliver better and safer software. With over 170k deployments helping small development teams as well as global organizations, SonarQube provides the means for all teams and companies around the world to own and impact their Code Quality.

Secure your software supply chain and protect the integrity of your code with WebInspect dynamic application security testing (DAST)

Black Duck software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers.

Coverity is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding standards.

Achieve all the advantages of security testing, vulnerability management, tailored expertise, and support without the need for additional infrastructure or resources.

Sentinel Dynamic is a Software-as-a-Service (SaaS) platform that enables your business to quickly deploy a scalable web security program. Offers complete Web Application Security for Modern and Traditional Web Frameworks and Applications with unmatched accuracy needed for secure DevOps implementations.

Build secure software fast. Find security issues early with the most accurate results in the industry and fix at the speed of DevOps.

CxSCA tracks the open source components that are actually in your applications, rather than handing you a lengthy list of fuzzy matches and potential false positives that waste your time by parsing through them to find the true issues.