Best Static Application Security Testing (SAST) Software for CircleCI

x
View:
Open Source Commercial

Compare the Top Static Application Security Testing (SAST) Software that integrates with CircleCI as of July 2025

Sort By:
CircleCI Static Application Security Testing (SAST) Clear Filters

This a list of Static Application Security Testing (SAST) software that integrates with CircleCI. Use the filters on the left to add additional filters for products that have integrations with CircleCI. View the products that work with CircleCI in the table below.

What is Static Application Security Testing (SAST) Software for CircleCI?

Static Application Security Testing (SAST) software analyzes the source code, binaries, or bytecode of an application to identify vulnerabilities before the code is run in production. This type of software scans the application at rest to detect issues such as coding errors, security flaws, and weaknesses like SQL injection, cross-site scripting (XSS), and buffer overflows. SAST tools provide developers with early insights into potential security vulnerabilities, allowing them to fix issues before deployment. These tools are typically integrated into the software development lifecycle (SDLC), supporting secure coding practices and helping teams build more secure applications. Compare and read user reviews of the best Static Application Security Testing (SAST) software for CircleCI currently available using the table below. This list is updated regularly.

  • 1
    GitGuardian

    GitGuardian

    GitGuardian

    GitGuardian is a code security platform that provides solutions for DevOps generation. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers. GitGuardian helps developers, cloud operation, security, and compliance professionals secure software development and define and enforce policies consistently and globally across all systems. GitGuardian solutions monitor public and private repositories in real-time, detect secrets, sensitive files, IaC misconfigurations, and alert to allow investigation and quick remediation. Additionally, GitGuardian's Honeytoken module exposes decoy resources like AWS credentials, increasing the odds of catching intrusion in the software delivery pipeline. GitGuardian is trusted by leading companies, including 66 degrees, Snowflake, Orange, Iress, Maven Wave, DataDog, and PayFit. Used by more than 300K developers, it ranks #1 in the security category on GitHub Marketplace.
    Leader badge
    32 Ratings
    Starting Price: $0
    View Software
  • 2
    Snyk

    Snyk

    Snyk

    Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.
    1 Rating
    Starting Price: $0
    View Software
  • 3
    Mend.io

    Mend.io

    Mend.io

    Trusted by the world's leading companies, including IBM, Google, and Capital One, Mend.io's enterprise suite of application security tools is designed to help you build and manage a mature, proactive AppSec program. Mend.io understands the different AppSec requirements of developers and security teams. Unlike other AppSec solutions that force everyone to use a single tool, Mend.io helps them work in harmony by giving each team different, but complementary, tools - enabling them to stop chasing vulnerabilities and start proactively managing application risk.
    1 Rating
    Starting Price: $1,000 per developer, per year
    View Software
  • 4
    Jit

    Jit

    Jit

    DevOps ain’t easy! We are hearing more and more about the breakdown and friction where Dev meets Ops, so let’s not even talk about all the other shift-left domains that add another layer of complexity in the middle like DevSecOps. Where this comes with the need to implement and integrate dozens of security tools in their SDLC. But what if it doesn’t have to be difficult? Jit's DevSecOps Orchestration Platform allows high-velocity Engineering teams to own product security while increasing dev velocity. With a unified and friendly developer experience, we envision a world where every cloud application is born with Minimal Viable Security (MVS) embedded and iteratively improves by adding Continuous Security into CI/CD/CS.
    1 Rating
    View Software
  • 5
    Snappytick

    Snappytick

    Snappycode Audit

    Snappy Tick Source Edition (SAST) is a source code review tool, it helps to identify the Vulnerability in Source code. We provide - Static Code Analysis tools and Source Code Review tools. Consider an In-line auditing approaches will identify the largest amount of most significant Security issues in your application and it will verify that the proper security controls exist. Snappy Tick Standard Edition (DAST) is Dynamic application security tool, it helps to perform black box and grey box testing. Analyze the requests and responses and find potential vulnerabilities inside an application by trying to access them in variety of ways, while the applications are running. Built with amazing features developed specifically for SnappyTick. Capable of scanning multiple languages. Best reporting that highlights the precise source files, line numbers, and even subsections of lines that are affected.
    Starting Price: $549 per month
    View Software
  • 6
    Qwiet AI

    Qwiet AI

    Qwiet AI

    The Fastest Code Analysis, Hands Down. 40X faster scan times so developers never have to wait for results after submitting pull requests. The Most Accurate Results. Qwiet AI has the highest OWASP Benchmark score, which is nearly triple the commercial average and more than double the 2nd highest score. Developer-Centric Security Workflows. 96% of developers report that disconnected security and development workflows inhibit their productivity. Implementing developer-centric AppSec workflows decreases mean-time-to-remediation (MTTR), typically by 5X - enhancing both security and developer productivity. Automatically Find Business Logic Flaws in Dev. Identify vulnerabilities that are unique to your code base before they reach production. Achieve Compliance. Demonstrate and maintain compliance with security and privacy regulations such as SOC 2, PCI-DSS, GDPR, and CCPA.
    Starting Price: Free
    View Software
  • 7
    GuardRails

    GuardRails

    GuardRails

    Empowering modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration. Empowering modern development teams to find, fix, and prevent security vulnerabilities in their applications. Continuous security scanning reduces cycle times and speeds up the shipping of features. Our expert system reduces the amount of false alerts and only informs about relevant security issues. Consistent security scanning across the entire product portfolio results in more secure software. GuardRails provides a completely frictionless integration with modern Version Control Systems like Github and GitLab. GuardRails seamlessly selects the right security engines to run based on the languages in a repository. Every single rule is curated to decide whether it has a high security impact issue resulting in less noise. Has built an expert system that detects false positives that is continuously tuned to be more accurate.
    Starting Price: $35 per user per month
    View Software
  • 8
    PVS-Studio

    PVS-Studio

    Program Verification Systems

    PVS-Studio is a tool for detecting bugs and security weaknesses in the source code of programs, written in C, C++, C# and Java. It works under 64-bit systems in Windows, Linux and macOS environments, and can analyze source code intended for 32-bit, 64-bit and embedded ARM platforms.
    View Software
  • 9
    Seeker

    Seeker

    Black Duck

    Seeker® is an interactive application security testing (IAST) solution that provides unparalleled visibility into your web application's security posture. It identifies vulnerability trends against compliance standards such as OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25. Seeker enables security teams to track sensitive data, ensuring it is handled securely and not stored in log files or databases without proper encryption. Its seamless integration into DevOps CI/CD workflows allows for continuous application security testing and verification. Unlike other IAST solutions, Seeker not only identifies security vulnerabilities but also verifies their exploitability, providing developers with a prioritized list of confirmed issues to address. By employing patented methods, Seeker processes extensive HTTP(S) requests swiftly, reducing false positives to near zero and enhancing productivity while minimizing business risk.
    View Software
  • 10
    Oxeye

    Oxeye

    Oxeye

    Oxeye is designed to expose vulnerable flows in distributed cloud native application code. We incorporate next-generation SAST, DAST, IAST, and SCA capabilities to ensure verification of risks in both Dev and Runtime environments. Built for developers and AppSec teams, Oxeye helps to shift-left security while accelerating development cycles, reducing friction, and eliminating vulnerabilities. We deliver reliable results with high accuracy. Oxeye analyzes code vulnerabilities across microservices delivering contextualized risk assessment enriched with infrastructure configuration data. With Oxeye developers can easily track and resolve vulnerabilities. We deliver the vulnerability visibility flow, steps to reproduce, and the exact line of code. Oxeye offers a seamless integration as Daemonset with a single deployment that doesn’t require performing changes in the code. We deliver frictionless security to your cloud-native apps.
    View Software
  • 11
    Enso

    Enso

    Enso Security

    Enso is transforming application security by empowering organizations to build, manage and scale their AppSec programs. Its Application Security Posture Management (ASPM) platform easily deploys into an organization’s environment to create an actionable, unified inventory of all application assets, their owners, security posture and associated risk. With Enso Security, AppSec teams gain the capacity to manage the tools, people and processes involved in application security, enabling them to build a simplified, agile and scalable application security program without interfering with development. Enso has been recognized with numerous awards including the 2022 Excellence Awards, Globee Awards, and Forbes Top 20 Cybersecurity Startups to Watch.
    View Software
  • 12
    Argon

    Argon

    ArgonSec

    The first unified security solution protecting the integrity of your software throughout the entire DevOps CI CD pipeline. Track all events and actions across your software supply chain with unparalleled clarity, get actionable information and make decisions faster. Bolster your security posture by enforcing security best practices at all stages of the software delivery process with real-time alerts and auto-remediation. Ensure source code integrity with automated validity checks on each release, so you can be sure the code you committed is the source code deployed. Argon continuously monitors your DevOps infrastructure to identify security risks, code leaks, misconfigurations, and anomalies, and provide insights about the posture of your CI CD pipeline.
    View Software
  • 13
    Contrast Assess

    Contrast Assess

    Contrast Security

    A new kind of security designed for the way software is created. Resolve security issues minutes after installation by integrating security into your toolchain. Because Contrast agents monitor code and report from inside the application, developers can finally find and fix vulnerabilities without requiring security experts. That frees up security teams to focus on providing governance. Contrast Assess deploys an intelligent agent that instruments the application with smart sensors. The code is analyzed in real time from within the application. Instrumentation minimizes the false positives that slow down developers and security teams. Resolve security issues minutes after installation by integrating security into your toolchain. Contrast Assess integrates seamlessly into the software life cycle and into the tool sets that development and operations teams are already using, including native integration with ChatOps, ticketing systems and CI/CD tools, and a RESTful API.
    View Software
  • 14
    Veracode

    Veracode

    Veracode

    Veracode offers a holistic, scalable way to manage security risk across your entire application portfolio. We are the only solution that can provide visibility into application status across all testing types, including SAST, DAST, SCA, and manual penetration testing, in one centralized view.
    View Software
  • Previous
  • You're on page 1
  • Next

Related Categories