---
description: Discover the best Static Application Security Testing (SAST) Software in New Zealand. Compare top Static Application Security Testing (SAST) Software tools with customer reviews, pricing and free demos.
image: https://gdm-localsites-assets-gfprod.imgix.net/images/software_advice/og_logo-55146305bbe7b450bea05c18e9be9c9a.png
title: Best Static Application Security Testing (SAST) Software in New Zealand - 2026 Reviews, Pricing & Demos
---

Breadcrumb: [Home](/) > [Static Application Security Testing (SAST) Software](https://www.softwareadvice.co.nz/directory/4429/sast/software)

# Static Application Security Testing (SAST) Software

Canonical: https://www.softwareadvice.co.nz/directory/4429/sast/software

Page: 1 / 2\
Next: [Next page](https://www.softwareadvice.co.nz/directory/4429/sast/software?page=2)

-----

## Products

1. [Aikido Security](https://www.softwareadvice.co.nz/software/433685/aikido) — 4.7/5 (6 reviews) — Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by develop...
2. [GitHub](https://www.softwareadvice.co.nz/software/397820/github) — 4.8/5 (6155 reviews) — GitHub is a project management and code sharing platform that allows users to share their codes with others and creat...
3. [GitLab](https://www.softwareadvice.co.nz/software/28004/gitlab) — 4.6/5 (1215 reviews) — GitLab is your intelligent orchestration platform for DevOps. GitLab is a unified platform for the full software deve...
4. [Dynatrace](https://www.softwareadvice.co.nz/software/234304/dynatrace) — 4.5/5 (82 reviews) — Dynatrace is an AIOps solution designed to help businesses automate multi-cloud processes and streamline collaboratio...
5. [SonarQube](https://www.softwareadvice.co.nz/software/182719/sonarqube) — 4.5/5 (66 reviews) — SonarQube is the industry leader in automated code review, serving as the verification layer for code quality and sec...
6. [Kiuwan](https://www.softwareadvice.co.nz/software/445953/kiuwan) — 4.4/5 (35 reviews) — Fast, Flexible Code Security\! Kiuwan is a robust, end-to-end application security platform that integrates seamlessly...
7. [Acunetix](https://www.softwareadvice.co.nz/software/77622/acunetix) — 4.4/5 (35 reviews) — Acunetix is a cloud-based digital security solution that assist security analysts with data protection, manual testin...
8. [SiteLock](https://www.softwareadvice.co.nz/software/112461/sitelock) — 3.3/5 (27 reviews) — SiteLock is a cloud-based security platform, which helps accelerate website performance, conversions and protects the...
9. [Invicti](https://www.softwareadvice.co.nz/software/174628/netsparker-security-scanner) — 4.7/5 (26 reviews) — Invicti is an application security platform designed to identify, validate and prioritize vulnerabilities in web appl...
10. [Snyk](https://www.softwareadvice.co.nz/software/234874/snyk) — 4.6/5 (21 reviews) — Snyk is an application security and testing platform designed to help businesses find, prioritize and remediate vulne...
11. [Artifactory](https://www.softwareadvice.co.nz/software/267181/artifactory) — 4.6/5 (19 reviews) — Modern software application development has evolved from deploying products periodically to build them on a daily or ...
12. [Sigrid](https://www.softwareadvice.co.nz/software/420602/sigrid) — 4.1/5 (16 reviews) — Sigrid is a data-driven intelligence platform that helps users analyze and manage applications' source code. By using...
13. [CodeScan](https://www.softwareadvice.co.nz/software/220372/codescan) — 4.8/5 (14 reviews) — AutoRABIT is the only complete DevSecOps platform for Salesforce developers. Incorporate static code analysis, data s...
14. [BuildPiper](https://www.softwareadvice.co.nz/software/254964/buildpiper) — 4.2/5 (13 reviews) — BuildPiper is a microservices and Kubernetes delivery platform. It helps businesses with the entire software delivery...
15. [CodeScene](https://www.softwareadvice.co.nz/software/349713/codescene) — 4.7/5 (11 reviews) — CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code qual...
16. [DeepSource](https://www.softwareadvice.co.nz/software/235303/deepsource) — 4.8/5 (10 reviews) — DeepSource is the code health solution, providing organizations with everything they need to build maintainable and s...
17. [Klocwork](https://www.softwareadvice.co.nz/software/234817/klocwork) — 4.6/5 (8 reviews) — Klocwork is a web-based static application security testing (SAST software designed to help businesses identify and f...
18. [Radware Alteon](https://www.softwareadvice.co.nz/software/450688/Radware-Alteon) — 4.9/5 (8 reviews) — Alteon is a cloud-based and on-premise application delivery and security platform designed to help businesses of all ...
19. [SonarLint](https://www.softwareadvice.co.nz/software/260922/sonarlint) — 4.7/5 (7 reviews) — SonarQube for IDE, a core component of the Sonar solution, is a free and open-source IDE plugin, that is a developer'...
20. [SonarQube Cloud](https://www.softwareadvice.co.nz/software/318986/sonarcloud) — 4.3/5 (7 reviews) — SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security anal...
21. [Bytesafe](https://www.softwareadvice.co.nz/software/375538/bytesafe) — 4.6/5 (7 reviews) — Bytesafe is a cloud-native security platform reduces risk and protects revenue - without slowing down developers. In ...
22. [Checkmarx One](https://www.softwareadvice.co.nz/software/450140/Checkmarx-One) — 3.9/5 (7 reviews) — Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated...
23. [Coverity](https://www.softwareadvice.co.nz/software/234502/coverity-static-analysis) — 3.5/5 (6 reviews) — Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to ...
24. [GuardRails](https://www.softwareadvice.co.nz/software/356775/guardrails) — 5.0/5 (5 reviews) — GuardRails is a security platform that empowers developers to build secure applications by giving them continuous pro...
25. [Xygeni Security](https://www.softwareadvice.co.nz/software/397933/xygeni) — 5.0/5 (5 reviews) — Xygeni Security is an AI-powered Application Security Posture Management (ASPM) platform built for organizations secu...

-----

Page: 1 / 2\
Next: [Next page](https://www.softwareadvice.co.nz/directory/4429/sast/software?page=2)

## Related Categories

- [Cloud Security Software](https://www.softwareadvice.co.nz/directory/4329/cloud-security/software)
- [Source Code Management Software](https://www.softwareadvice.co.nz/directory/4322/source-code-management/software)
- [Vulnerability Management Software](https://www.softwareadvice.co.nz/directory/4286/vulnerability-management/software)
- [DevOps Tools](https://www.softwareadvice.co.nz/directory/4380/devops/software)
- [Cybersecurity Software](https://www.softwareadvice.co.nz/directory/4643/cybersecurity/software)

## Links

- [View on SoftwareAdvice](https://www.softwareadvice.co.nz/directory/4429/sast/software)
- [All Categories](https://www.softwareadvice.co.nz/directory)

## This page is available in the following languages

| Locale | URL |
| de | <https://www.softwareadvice.de/directory/4429/sast/software> |
| en | <https://www.softwareadvice.com/sast/> |
| en-AU | <https://www.softwareadvice.com.au/directory/4429/sast/software> |
| en-GB | <https://www.softwareadvice.co.uk/directory/4429/sast/software> |
| en-IE | <https://www.softwareadvice.ie/directory/4429/sast/software> |
| en-NZ | <https://www.softwareadvice.co.nz/directory/4429/sast/software> |
| fr | <https://www.softwareadvice.fr/directory/4429/sast/software> |

-----

## Structured Data

<script type="application/ld+json">
  {"@context":"https://schema.org","@graph":[{"name":null,"address":{"@type":"PostalAddress","addressLocality":null,"addressRegion":null,"postalCode":null,"streetAddress":null},"description":"Software Advice helps businesses in New Zealand find the best software. Compare software options and learn more from our research and user reviews.","email":"info@softwareadvice.co.nz","url":"https://www.softwareadvice.co.nz/","logo":"https://dm-localsites-assets-prod.imgix.net/images/software_advice/logo-white-d2cfd05bdd863947d19a4d1b9567dde8.svg","@type":"Organization","@id":"https://www.softwareadvice.co.nz/#organization","parentOrganization":"Gartner, Inc.","sameAs":[]},{"name":null,"url":"https://www.softwareadvice.co.nz/","@type":"WebSite","@id":"https://www.softwareadvice.co.nz/#website","publisher":{"@id":"https://www.softwareadvice.co.nz/#organization"},"potentialAction":{"query":"required","target":"https://www.softwareadvice.co.nz/search/?q={search_term_string}","@type":"SearchAction","query-input":"required name=search_term_string"}},{"name":"Static Application Security Testing (SAST) Software","description":"Discover the best Static Application Security Testing (SAST) Software in New Zealand. Compare top Static Application Security Testing (SAST) Software tools with customer reviews, pricing and free demos.","url":"https://www.softwareadvice.co.nz/directory/4429/sast/software","about":{"@id":"https://www.softwareadvice.co.nz/directory/4429/sast/software#itemlist"},"breadcrumb":{"@id":"https://www.softwareadvice.co.nz/directory/4429/sast/software#breadcrumblist"},"@type":["WebPage","CollectionPage"],"@id":"https://www.softwareadvice.co.nz/directory/4429/sast/software#webpage","mainEntity":{"@id":"https://www.softwareadvice.co.nz/directory/4429/sast/software#itemlist"},"isPartOf":{"@id":"https://www.softwareadvice.co.nz/#website"},"inLanguage":"en-NZ","publisher":{"@id":"https://www.softwareadvice.co.nz/#organization"}},{"@type":"BreadcrumbList","itemListElement":[{"name":"Home","position":1,"item":"/","@type":"ListItem"},{"name":"Static Application Security Testing (SAST) Software","position":2,"item":"https://www.softwareadvice.co.nz/directory/4429/sast/software","@type":"ListItem"}],"@id":"https://www.softwareadvice.co.nz/directory/4429/sast/software#breadcrumblist"}]}
</script><script type="application/ld+json">
  {"name":"Best Static Application Security Testing (SAST) Software in New Zealand - 2026 Reviews, Pricing &amp; Demos","@context":"https://schema.org","@type":"ItemList","itemListElement":[{"name":"Aikido Security","position":1,"description":"Secure your code, cloud, and runtime in one central system.\n\nAikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes.\n\nTeams get security done with Aikido thanks to:\nFalse-positive reduction\nAI Autotriage & AI Autofix\nDeep integration into the dev workflow (from IDEs and task managers to CI/CD gating)\nAutomate Compliance\n\nAikido’s covers the entire Software Development Lifecycle (SDLC), including: static application security testing (SAST), dynamic application security testing (DAST), infrastructure-as-code (IaC), container scanning, secrets detection, open source license scanning (SCA), cloud posture management (CSPM), runtime protection, and more.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/3a6ac642-6836-44e8-9489-54089fc64a58.png","url":"https://www.softwareadvice.co.nz/software/433685/aikido","@type":"ListItem"},{"name":"GitHub","position":2,"description":"GitHub is a project management and code sharing platform that allows users to share their codes with others and create/iterate using collective intelligence. The software can be used for different kinds of coding assignments including personal, open-source and business codes. It is available both on-premise and via cloud-based deployment.\n\n\nUsers can save all versions of their code and collaborate with other users by inviting them or tagging them with @mentions. Developers can join communities wherein they can follow open-source projects, leverage already-created codes for experiments, make suggestions and contribute to a project. All the contributions in open-source projects are recorded in developers’ profiles.\n\n\nBusinesses of all sizes use GitHub as an integrated tool for code development.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/d0cfa614-0cde-454f-b5f0-aed4c83f6a76.png","url":"https://www.softwareadvice.co.nz/software/397820/github","@type":"ListItem"},{"name":"GitLab","position":3,"description":"GitLab is your intelligent orchestration platform for DevOps. \n\nGitLab is a unified platform for the full software development lifecycle, consolidating planning, source code management, CI/CD, security, and deployment in a single application. Teams eliminate context switching and manual handoffs, maintaining continuous flow from idea to production.\n\nBuilt-in CI/CD includes code testing, artifact management, environment management, and feature flags. Security runs continuously throughout development: SAST, DAST, dependency scanning, secret detection, container scanning, and IaC scanning.\n\nGitLab Duo Agent Platform brings team-level agentic AI to the entire lifecycle: code generation, automated code review, issue-to-merge-request flows, pipeline remediation, and vulnerability triage. Multiple agents work in parallel while developers steer.\n\nGitLab supports flexible deployment: SaaS, self-managed, dedicated single-tenant, and FedRAMP-compliant environments for government.\n\nContact us to learn more today.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/0a4c64d3-570d-43a0-9ab9-725c546efdf4.png","url":"https://www.softwareadvice.co.nz/software/28004/gitlab","@type":"ListItem"},{"name":"Dynatrace","position":4,"description":"Dynatrace is an AIOps solution designed to help businesses automate multi-cloud processes and streamline collaboration across multiple teams through purpose-built use cases. Its filtering capabilities enable supervisors to search for specific entities according to requirements.\n\nThe system offers built-in support for several technologies such as OneAgent, ActiveMQ, Amazon Connect, Android Webkit, Ansible Tower, Azure Application Gateway and more. Dynatrace allows administrators to configure access permissions for staff members and track processes across web and mobile application tiers. Additionally, it helps businesses drill down into analyzed components and gain visibility into dependency details, user experience insights and performance metrics. \n\nDynatrace provides open API, which helps businesses integrate the platform with various third-party systems such as Slack, ServiceNow, GitHub and Google Analytics, among others. The product is available on annual subscriptions and support is extended via live chat, documentation, forums, phone, email and other online measures.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/68183a9d-ab05-4850-890c-50d319013242.png","url":"https://www.softwareadvice.co.nz/software/234304/dynatrace","@type":"ListItem"},{"name":"SonarQube","position":5,"description":"SonarQube is the industry leader in automated code review, serving as the verification layer for code quality and security in the AI-powered SDLC. SonarQube reviews AI code and developer code, ensuring it is secure, reliable, and maintainable. Available through SaaS or self-managed deployment, SonarQube automatically analyzes pull and merge requests, providing developers with clear, actionable feedback and AI-driven fixes before code is merged. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at Snowflake, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/f45c49bb-a722-495f-8c4c-b1b8bb5009fe.png","url":"https://www.softwareadvice.co.nz/software/182719/sonarqube","@type":"ListItem"},{"name":"Kiuwan","position":6,"description":"Fast, Flexible Code Security!\n\nKiuwan is a robust, end-to-end application security platform that integrates seamlessly into your development process. \n\nOur toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Governance and Code Quality, empowering your team to quickly identify and remediate vulnerabilities.\n\nTop features:\n✅ Extensive language support: Over 30 programming languages.\n✅ Detailed action plans: Prioritize remediation with tailored action plans.\n✅ Code Security: Seamless Static Application Security Testing (SAST) integration.\n✅ Insights: On-demand or continuous scanning Software Composition Analysis (SCA) to help reduce third-party threats.\n✅ One-click Software Bill of Materials (SBOM) generation.\n\n\nCode Smarter. Secure Faster. Ship Sooner","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/a8dcb3c0-541d-479f-a555-bed59bc42274.png","url":"https://www.softwareadvice.co.nz/software/445953/kiuwan","@type":"ListItem"},{"name":"Acunetix","position":7,"description":"Acunetix is a cloud-based digital security solution that assist security analysts with data protection, manual testing and compliance reporting. It is primarily designed to scan websites and identify vulnerabilities that can compromise networks.\n\nKey features include site crawling, analysis, threat detection, SQL injection testing, network scanning and testing. Its vulnerability scanner crawls through open-source software and custom-built applications using black box and grey box techniques. With its network security module, users can test routers, firewalls and switches and detect misconfigurations.\n\nAcunetix comes with an application programming interface (API) that enables firms to integrate it with their workflows and processes. It if offered on a one-time subscription basis and support is provided via phone and email.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/9a1f201e-3bde-45b3-a0e2-bfe0c3a29b9e.png","url":"https://www.softwareadvice.co.nz/software/77622/acunetix","@type":"ListItem"},{"name":"SiteLock","position":8,"description":"SiteLock is a cloud-based security platform, which helps accelerate website performance, conversions and protects the online business against hackers. Designed for all industries, the platform provides solutions for vulnerability management, database protection and compliance maintenance across all applications.\n\n\nKey features of SiteLock include search engine monitoring and spam blacklists, detecting malware and automatically initiating the removal process, protection of the WordPress database and vulnerability patching of core client management systems.\n\n\nSiteLock’s TrueCode (SAST), static application security testing module, helps find common vulnerabilities in all applications with in-depth analysis. Its TrueShield Web Application Firewall (WAF) filters out malicious traffic and prevents attacks. The software offers compatibility with any hosting environment and maintains compliance with Payment Card Industry (PCI) data security standards.\n\n\nSiteLock allows application programming interface (API) integration and comes with an iOS mobile application. It is available on a monthly subscription and extends 24/7 customer support via phone, email, chat.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/6dc6f5dd-7237-4f5c-a5cf-b4098df41023.png","url":"https://www.softwareadvice.co.nz/software/112461/sitelock","@type":"ListItem"},{"name":"Invicti","position":9,"description":"Invicti is an application security platform designed to identify, validate and prioritize vulnerabilities in web applications and APIs. It incorporates Application Security Posture Management capabilities to support security operations across large application portfolios. The platform is used by organizations in sectors such as government, IT, telecommunications, financial services and healthcare to help maintain compliance standards and manage security at scale.\n\nThe platform includes Dynamic Application Security Testing, Static Application Security Testing, Software Composition Analysis, container security scanning and API security testing. Its scanning engine validates detected vulnerabilities to confirm they are exploitable. It identifies websites, applications, APIs and hidden assets within an organization and prioritizes high-risk applications for testing. The Application Security Posture Management feature consolidates findings from various security tools, providing a centralized view for vulnerability management and risk assessment.\n\nInvicti offers AI-powered remediation guidance, identifying the exact code locations of vulnerabilities and providing detailed resolution steps for developers. It supports integration with various development and security tools through a REST API and is compatible with CI/CD pipelines and DevOps workflows. The platform includes flexible deployment options and role-based access control to manage security across extensive application environments while maintaining accuracy and performance.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/d386ac3d-34c6-4fa7-a326-728dc8167276.png","url":"https://www.softwareadvice.co.nz/software/174628/netsparker-security-scanner","@type":"ListItem"},{"name":"Snyk","position":10,"description":"Snyk is an application security and testing platform designed to help businesses find, prioritize and remediate vulnerabilities across open source libraries, codes and containers. \n\nThe platform enables developers to scan and test projects directly from the Git repository and add automated Snyk test into CI/CD pipeline to prevent vulnerabilities from reaching applications during the development stage. Using the integrated IDE plugins, developers can perform testing in real-time and manage issues within workflows. Its semantic analysis feature allows testers to process codes in bulk and track modified patterns for potential threats. \n\nSnyk offers integration with several third-party applications such as JIRA, Jenkins, Slack, GitHub, Teamcity, Eclipse and more. The solution is available on monthly and annual subscriptions and support is extended via documentation.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/0b834ddb-8c1a-4529-9ac4-28e194ec2eaf.png","url":"https://www.softwareadvice.co.nz/software/234874/snyk","@type":"ListItem"},{"name":"Artifactory","position":11,"description":"Modern software application development has evolved from deploying products periodically to build them on a daily or hourly basis using CI servers. Developers and DevOps teams need to support the continual flow of code from the individual developer’s machine to the organization’s production environment.\n\nThese applications are typically assembled using a blend of open source, proprietary, and third party software, with dependencies on many shared libraries and packages. Software dependencies have their own set of dependencies, resulting in long chains of dependencies and an explosion of binaries to keep track of. To make things worse, this web of interconnected software has to flow through different software development platforms and tools, which can bog down the workflow of your software releases. Developers need to trust these shared components, and DevOps leaders need a central access and management point for component usage in your software development lifecycle.\n\nJFrog Artifactory is repository management software that gives you a single source of truth for sourcing, storing, sharing, and deploying software components. Artifactory bridges the gap between the development teams’ desktops and the organization’s servers, load balancers and databases hosted on production systems. \n\nArtifactory provides stable and reliable access to repositories that store a large number of common artifacts and binaries across different environments. These assets are securely stored and access is controlled based on fine grained permissions and role-based access control. Actions done to a repository can be traced back to a user. To simply access and address performance and availability issues, repositories and binaries can be locally cached.\n\nArtifactory supports 30+ package types (such as Maven, Git, npm, NuGet, PyPI, PHP, Golang, and more), artifacts, and their corresponding metadata. Artifactory is also used as a full-featured Kubernetes registry, serving as your Docker container registry and your Helm Chart repository. Artifactory easily integrates with all major DevOps tools and CI/CD platforms.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/2f492671-8e3d-4523-9fdf-2fd3b4ec5487.png","url":"https://www.softwareadvice.co.nz/software/267181/artifactory","@type":"ListItem"},{"name":"Sigrid","position":12,"description":"Sigrid is a data-driven intelligence platform that helps users analyze and manage applications' source code. By using advanced analysis techniques, it provides users with objective insights into the software's technical and business aspects including risks, costs, and opportunities on multiple software quality aspects.\n\nThe platform consists of various features that include code quality analysis, architectural assessment, security and performance assessments, and risk management. Sigrid's code quality analysis examines codebases to help users identify weaknesses and defects in the code, allowing developers and teams to easily prioritize which areas to address first and improve overall quality and maintainability.\n\nSigrid enables users to measure, evaluate, and monitor the entire software landscape health at every stage of its life cycle – whether buying, building, or operating. The architectural assessment feature analyzes the structure and design of the application, identifying technical risks and areas where the architecture may not align with business objectives.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/7fbb591b-986a-4cbd-812b-c8ee8870d591.png","url":"https://www.softwareadvice.co.nz/software/420602/sigrid","@type":"ListItem"},{"name":"CodeScan","position":13,"description":"AutoRABIT is the only complete DevSecOps platform for Salesforce developers. Incorporate static code analysis, data security, and CI/CD capabilities to increase the security, release velocity, and quality of your Salesforce code deployments. \n\nCodeScan allows staff members to manage technical debt by detecting code vulnerabilities, issues and bugs in real-time. It lets IT professionals run multiple scans in compliance with open web application security project (OWASP), SysAdmin, audit, network, and security (SANS), and common weakness enumeration (CWE) standards and regulations. Additionally, managers can conduct branch analysis and generate weekly reports to gain insights into overall code performance.\n\nCodeScan comes with an application programming interface(API), which allows businesses to integrate the platform with several third-party solutions, including Github, Salesforce, and Bitbucket. Pricing is available on request and support is extended via live chat, email, FAQs, phone and other online measures.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/27625740-314b-462c-a10a-0d1f1f138f0c.png","url":"https://www.softwareadvice.co.nz/software/220372/codescan","@type":"ListItem"},{"name":"BuildPiper","position":14,"description":"BuildPiper is a microservices and Kubernetes delivery platform. It helps businesses with the entire software delivery process, starting right from the developer's workstation to the final product release.\n\nWith BuildPiper, organizations can manage the underlying process of their new product release or updates. It's a nocode\\lowcode platform where any developer or a DevOps engineer with beginner-level knowledge can easily manage and execute the releases and updates of the product. The platform improves productivity by ensuring developers' time is spent on important tasks.\n\n BuildPiper enables automation for specific tasks and includes various functionalities to facilitate rollback of updates, types of deployments with incremental models and more.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/0420462b-3ca2-44f2-a95a-d2d68f7584ed.png","url":"https://www.softwareadvice.co.nz/software/254964/buildpiper","@type":"ListItem"},{"name":"CodeScene","position":15,"description":"CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality.\n\nWe enable software development teams to make confident, data-driven decisions that fuel performance and developer productivity\n\nDon’t just evaluate code, elevate it.\n\nCodeScene guides developers and technical leaders to: \n\n- Get a holistic overview and evolution of your software system in one single dashboard.\n\n- Identify, prioritize, and tackle technical debt based on return on investment.\n\n- Maintain a healthy codebase with powerful CodeHealth™ Metrics, spend less time on rework and more time on innovation. \n\n- Seamlessly integrate with Pull Requests and editors, get actionable code reviews and refactoring recommendations. \n\n- Set Improvement goals and quality gates for teams to work towards while monitoring the progress. \n\n- Support retrospectives by identifying areas for improvement.\n\n- Benchmark performance against personalized trends.\nUnderstand the social side of the code, measure socio-technical factors like key personnel dependencies, knowledge sharing and inter-team coordination. \n\n- Put findings into context based on how your organization and your code evolves.\n\nSupporting 28+ programming languages, CodeScene also offers an automated integration with GitHub, BitBucket, Azure DevOps or GitLab pull requests to incorporate the analysis results into existing delivery workflows. Get early warnings and recommendations about complex code before merging it to the main branch, set quality gates to trigger in case your code health declines.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/9a5a497c-b29b-47e3-96a2-e490a5926b35.jpeg","url":"https://www.softwareadvice.co.nz/software/349713/codescene","@type":"ListItem"},{"name":"DeepSource","position":16,"description":"DeepSource is the code health solution, providing organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle.\n\nMost organizations use many tools cobbled together to improve the quality and security of their code base. DeepSource is an all-in-one alternative to all those products and a replacement for all manual tooling for code health organizations have built in their CI pipeline.\n\nDevelopers and security engineers are empowered to discover and fix maintainability and security problems in the codebase during the earliest stages of software development. Here is how teams benefit from DeepSource:\n\n- One-click integration with all major version control systems\n\n- Continuous analysis on every commit\n\n- Accurate and fast analyzers (guaranteed below 5% false-positive rate)\n\n- Automated remediation of issues with Autofix™️\n\n- Automated code style formatting \n\n- Integrated code coverage tracking \n\n- Code maintainability and security reporting\n\n- Self-hosted version with one-click installation and upgrades","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/43f2a0b4-91b7-494b-b8f4-4062b87276c4.png","url":"https://www.softwareadvice.co.nz/software/235303/deepsource","@type":"ListItem"},{"name":"Klocwork","position":17,"description":"Klocwork is a web-based static application security testing (SAST software designed to help businesses identify and fix software security issues in compliance with security standards such as OWASP, CWE, PCI DSS, CERT and ISO/IEC TS 17961 and DISA STIG. It offers differential analysis, which lets IT professionals analyze files using system context data through the Klocwork Server. \n\nDevOps teams using Klocwork can control access permissions, manage approval workflows, generate compliance and security reports, display metrics and trending data and prioritize defects on the basis of severity, lifecycle and location. Containerized builds enable managers to use internal or external cloud services to streamline code analysis. Additionally, businesses can integrate the system with various architectural enforcement and visualization tools.\n\nKlocwork offers plugins for a variety of IDEs including Eclipse, Microsoft Visual Studio, IntelliJ and more. Custom rules can be implemented using the graphical custom checker creation tool.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/5822c014-8788-40c1-b840-28d4ec210a35.jpeg","url":"https://www.softwareadvice.co.nz/software/234817/klocwork","@type":"ListItem"},{"name":"Radware Alteon","position":18,"description":"Alteon is a cloud-based and on-premise application delivery and security platform designed to help businesses of all sizes manage application traffic across cloud and data centers and integrates with application protection services to manage cyberthreats. The solution generates analytics to help monitor application service level agreements (SLAs) and cyberattacks.\n\nIt comes with global elastic licensing (GEL) and provides protection to investments and workloads. Alteon enables users to access an automation scripts library to manage private cloud environments such as OpenStack and VMware and can be connected to DevOps CI/CD processes. The solution also provides bot management, threat intelligence, and API protection tools and comes with an integrated web application firewall (WAF).","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/c1dd0c8d-65ac-47e2-a365-e9a457faa5d9.png","url":"https://www.softwareadvice.co.nz/software/450688/Radware-Alteon","@type":"ListItem"},{"name":"SonarLint","position":19,"description":"SonarQube for IDE, a core component of the Sonar solution, is a free and open-source IDE plugin, that is a developer's first line of defense to find and fix coding issues in real time. SonarQube for IDE resolves issues in code and provides rich contextual guidance to help developers improve their skills while enhancing their productivity.\n\nSupporting +30 languages and the most popular IDEs, SonarQube for IDE leverages over 5,000 language-specific rules to instantly highlight common coding issues that may lead to bugs and vulnerabilities.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/34d17e79-84da-474e-a790-2a114c3d6dce.png","url":"https://www.softwareadvice.co.nz/software/260922/sonarlint","@type":"ListItem"},{"name":"SonarQube Cloud","position":20,"description":"SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/1685de1f-4afa-4374-95d8-31e70f2e8f0f.png","url":"https://www.softwareadvice.co.nz/software/318986/sonarcloud","@type":"ListItem"},{"name":"Bytesafe","position":21,"description":"Bytesafe is a cloud-native security platform reduces risk and protects revenue - without slowing down developers.\n\nIn today’s insecure world, security attacks are increasingly targeting the software supply chain and simply scanning for vulnerabilities and reacting to threats is not enough.\n\nBytesafe is a SaaS service that protects your organisation by allowing you to securely manage both internal packages and external dependencies in secure private registries.\n\nThe Bytesafe Dependency Firewall keeps your supply chain secure with automated controls according to your business policies. Safeguarding against bad actors, blocking unwanted packages and identifying open source risks.\n\nHaving all your dependencies centrally allows for continuous protection and control of what code you are using. Knowing what code you are using is at the core of securing your software supply chain!\n\nThe Bytesafe service is built to make information accessible for everyone involved in the software development lifecycle (SDLC). We offer features for everyone from Developers, Test Engineers, Devops, Security Teams to Business Stakeholders.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/27c22bec-6e47-479d-9856-efd5d3be4fba.jpeg","url":"https://www.softwareadvice.co.nz/software/375538/bytesafe","@type":"ListItem"},{"name":"Checkmarx One","position":22,"description":"Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources. \n\nCheckmarx One offers comprehensive application scanning across the SDLC: \n*Static Application Security Testing (SAST)  \n*Software Composition Analysis (SCA) \n*API security \n*Dynamic Application Security Testing (DAST) \n*Container security \n*IaC security \n*Correlation, prioritization and risk management \n*Codebashing secure code training \n*AI security \n*Tech partnerships extending AppSec into runtime analysis \n*Developer tool integrations including: CI/CD tools, \n  development frameworks, feedback tools, IDEs, \n  programming languages and SCMs\n\nCheckmarx One helps secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving toolset, Checkmarx One helps consolidate AppSec solutions and make better sense of results.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/62209003-738c-4e4e-854f-4f602f774154.png","url":"https://www.softwareadvice.co.nz/software/450140/Checkmarx-One","@type":"ListItem"},{"name":"Coverity","position":23,"description":"Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/c76a7108-9c84-41a9-84e0-fc4aef15e694.jpeg","url":"https://www.softwareadvice.co.nz/software/234502/coverity-static-analysis","@type":"ListItem"},{"name":"GuardRails","position":24,"description":"GuardRails is a security platform that empowers developers to build secure applications by giving them continuous protection. \n\nGuardRails provides a seamless experience for you and your team by securing all the critical components of an app. The visibility into security issues will let users know if there are any potential threats and take action immediately.\n\nThe solution automatically streamlines your application security process so you’ll increase productivity while staying secure and spend less time worrying about vulnerabilities and the business harm they cause.\n\nGuardRails is the perfect solution to make your development process more secure. It enhances your security in all aspects and gives you and your team security and efficiency.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/1f625515-6e4f-4af3-8560-e94181abe258.png","url":"https://www.softwareadvice.co.nz/software/356775/guardrails","@type":"ListItem"},{"name":"Xygeni Security","position":25,"description":"Xygeni Security is an AI-powered Application Security Posture Management (ASPM) platform built for organizations securing modern, fast-moving software environments. It delivers clarity, prioritization, and control across the software supply chain, without the noise, fragmentation, and operational overhead of traditional AppSec stacks.\n\nAs software delivery accelerates and open-source and AI-generated code become dominant across the SDLC, security teams face growing challenges: developers lose time fixing false positives, DevSecOps teams struggle with pipeline noise and remediation backlog, and security leaders lack a clear, trustworthy view of real risk exposure. Xygeni addresses these challenges by unifying application security from code to cloud and transforming scattered security signals into actionable, risk-driven decisions.\n\nXygeni continuously secures the full software supply chain, including:\n- Source code and pull requests\n- Open-source and third-party dependencies\n- Secrets and credentials\n- CI/CD pipelines and build systems\n- Infrastructure as Code (IaC)\n- Container images and runtime signals\n\nRather than flooding teams with disconnected alerts, Xygeni applies AI-driven detection, reachability analysis, and intelligent triage to identify which vulnerabilities and malicious components are truly exploitable and business-relevant. This includes early detection of open-source malware, supply-chain compromise, and anomalous behavior that traditional scanners often miss.\nXygeni continuously correlates findings across native security controls and third-party tools to maintain a real-time application security posture. It understands asset relationships, exposure paths, exploitability, malicious behavior, and change history, enabling accurate risk prioritization, governance, and audit-ready visibility for security leaders.\n\nAgentic AI capabilities are central to the platform.\nAt the same time, Xygeni brings security directly into developer workflows. Engineers receive interactive, in-IDE guidance and AI-assisted remediation suggestions with built-in remediation risk awareness. This allows teams to safely fix vulnerabilities and malicious code, including issues introduced by AI-generated code, without disrupting delivery flow or introducing regressions.\nAdvanced capabilities such as early malware warning, anomaly detection, remediation risk analysis, and automated Auto-Fix significantly reduce mean time to remediation (MTTR) while improving developer adoption and productivity. DevSecOps teams benefit from unified alerts and orchestration across the supply chain, while CISOs gain confidence through continuous posture tracking and AI-backed remediation evidence.\nXygeni integrates natively with GitHub, GitLab, Bitbucket, Jenkins, and Azure DevOps, fitting seamlessly into existing CI/CD workflows. The platform is available as SaaS, on-prem, or hybrid, supporting organizations with strict regulatory, data residency, or compliance requirements.\n\nFor organizations evaluating modern AppSec platforms, Xygeni stands out by replacing fragmented toolchains with a single, intelligent ASPM platform that prioritizes real risk, detects malware early, and applies AI-powered remediation safely, delivering enterprise-grade control with startup-level agility.","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductLogo/89af94ed-f3da-45da-bf77-00bd8539d976.jpeg","url":"https://www.softwareadvice.co.nz/software/397933/xygeni","@type":"ListItem"}],"@id":"https://www.softwareadvice.co.nz/directory/4429/sast/software#itemlist","numberOfItems":25}
</script>