Does anyone have a recommendation for a SAST / DAST scanning tool that supports a variety of languages (front end and backend), has minimal false positives, supports automation (via API or other), integrates with IDEs and integrates with GitLab?

2.1k views1 Upvote4 Comments

Chief Security Officer in Software, 10,001+ employees
We are in the process of testing GitLab Ultimate. It has security features like SAST/DAST and fuzzing. I have also used Veracode in the past.
CTO in Software, 201 - 500 employees
DAST - Rapid7 AppSpider
DAST - SonarQube
CTO in Software, 11 - 50 employees
For SAST and IAST, I'd talk to Checkmarx. Then if you want to layer on DAST, talk to Synopsys
Director & Founder, Self-employed
For SAST tools you can consider Sonarqube and Snyk.
For DAST Beagle Security, Intruder, and Detectify seems to do a good job.

Content you might like

Arctic Wolf - MDR18%

Red Canary - MDR29%

CrowdStrike - Falcon Complete47%

SentinelOne - Vigilance29%

Rapid7 - MDR25%

Sophos - MDR22%

Expel - MDR2%

Secureworks - Taegis Managed XDR5%


1.8k views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.1k views131 Upvotes319 Comments