Does anyone have a recommendation for a SAST / DAST scanning tool that supports a variety of languages (front end and backend), has minimal false positives, supports automation (via API or other), integrates with IDEs and integrates with GitLab?

2.1k views1 Upvote4 Comments

Chief Security Officer in Software, 10,001+ employees

We are in the process of testing GitLab Ultimate. It has security features like SAST/DAST and fuzzing. I have also used Veracode in the past.

CTO in Software, 201 - 500 employees

DAST - Rapid7 AppSpider
DAST - SonarQube

CTO in Software, 11 - 50 employees

For SAST and IAST, I'd talk to Checkmarx. Then if you want to layer on DAST, talk to Synopsys

Director & Founder, Self-employed

For SAST tools you can consider Sonarqube and Snyk.
For DAST Beagle Security, Intruder, and Detectify seems to do a good job.

Content you might like

Is there a corporate responsibility to strengthen national U.S. cybersecurity?

People & Leadership Governance, Risk & Compliance Security & GRC +6 more

Yes74%

No17%

Unsure9%

210 PARTICIPANTS

695 views1 Upvote

Are you considering MDR Services or maybe already using it today? Which one(s) are on your shortlist? Why or what were the benefits or features that were key to you? (comments)

Disruptive & Emerging Technologies Security & GRC

Arctic Wolf - MDR18%

Red Canary - MDR29%

CrowdStrike - Falcon Complete47%

SentinelOne - Vigilance29%

Rapid7 - MDR25%

Sophos - MDR22%

Expel - MDR2%

Secureworks - Taegis Managed XDR5%

462 PARTICIPANTS

1.8k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

142 19 Replies

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRC Threat & Vulnerability Management

ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees

I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read more

Any recommendations on OT security product? I tried pushing Crowdstrike but it wasn't approved by OEMs. Other two are Claroty and Nozomi. Any feedback either on above two or any other as per your experience?

Security & GRC Strategy & Architecture

Director of IT in Manufacturing, 1,001 - 5,000 employees

I am pretty much convinced with output of Claroty, however unsure about pricing since they do not have much competition. I reached out to Gartner for commercial review but could not get satisfactory response. Any ballpark ...read more