Best Mobile Application Security Testing Tools for GitHub

Compare the Top Mobile Application Security Testing Tools that integrate with GitHub as of June 2025

Sort By:

GitHub Mobile Application Security Testing Clear Filters

This a list of Mobile Application Security Testing tools that integrate with GitHub. Use the filters on the left to add additional filters for products that have integrations with GitHub. View the products that work with GitHub in the table below.

What are Mobile Application Security Testing Tools for GitHub?

Mobile application security testing (MAST) tools are software tools designed to assess the security vulnerabilities and weaknesses of mobile applications. These tools use a variety of techniques, such as code analysis and penetration testing, to identify potential threats and risks within the app. They can also check for compliance with industry standards and regulations. These tools provide detailed reports on their findings, allowing developers to address any issues before releasing the app to users. As cyber attacks targeting mobile apps continue to rise, these tools play an important role in ensuring the overall security and integrity of mobile applications. Compare and read user reviews of the best Mobile Application Security Testing tools for GitHub currently available using the table below. This list is updated regularly.

1

Ostorlab

Ostorlab

Uncover your organization's vulnerabilities with ease using Ostorlab. It goes beyond subdomain enumeration, accessing mobile stores, public registries, crawling targets, and analytics to provide a comprehensive view of your external posture. With a few clicks, gain valuable insights to strengthen security and protect against potential threats. From insecure injection and outdated dependencies to hardcoded secrets and weak cryptography, Ostorlab automates security assessments and identifies privacy issues. Ostorlab empowers security and developer teams to analyze and remediate vulnerabilities efficiently. Experience hands-off security with Ostorlab's continuous scanning feature. Automatically trigger scans on new releases, saving you time and effort while ensuring continuous protection. Access intercepted traffic, file system, function invocation, and decompiled source code with ease using Ostorlab. See what attackers see and save hours of manual tooling and grouping of outputs.

Starting Price: $365 per month

View Tool
2

esChecker

eShard

With esChecker, fasten your release cycles, dramatically reduce testing and delivery costs, and mitigate risks. Don't compromise your digitalization, leverage your mobile application security with automated testing within your CI/CD process. With a unique dynamic analysis feature, esChecker automatically executes the mobile application binary on unsafe devices and gives immediate feedback on your protections. Like any other IT system component, mobile apps must be designed, developed, and maintained with security in mind. They are the entry point to the system and require special attention. Compared to pentesting, a MAST tool enables a shorter, quicker, and more efficient security testing process to better control the application's code as it progresses. It’s about code verification integrated into a development cycle and it gives immediate feedback, allows compliance, and can be integrated into a DevSecOps process.

Starting Price: Free

View Tool
3

Q-mast

Quokka

Q-mast is Quokka’s automated mobile application security testing solution built for teams that need deep visibility, operational speed, and strong compliance across both in-house and/or third-party mobile apps. Q-mast performs full-spectrum testing across the mobile software development lifecycle—from design to deployment—covering static, dynamic, and interactive analysis, even in obfuscated or binary-only builds. The solution generates a complete, version-specific software bill of materials (SBOM), including embedded libraries, to surface vulnerable components and dependencies with pinpoint accuracy. Designed to fit into modern pipelines, Q-mast automates mobile app testing within CI/CD workflows like GitHub, GitLab, and Jenkins.

View Tool
4

Syhunt Hybrid

Syhunt

Syhunt dynamically injects data in web applications and analyzes the application response to determine if the application code is vulnerable, automating the web application security testing and proactively guarding your organization's Web infrastructure against several kinds of web application security threats. Syhunt Hybrid follows simple GUI standards, prioritizing ease of use and automation and thus requiring minimal to no user intervention before or during scans despite a large number of customization options. Compare past scan sessions to determine new, unchanged or removed vulnerabilities. Generate a comparison report that displays the evolution of vulnerabilities over time by automatically comparing previous scan session data related to a specific target.

View Tool