Your thoughts on SAST Tooling?

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/devsecops

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarLint - Clean code begins in your IDE with SonarLint
  • SaaSHub - Software Alternatives and Reviews
  • semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    Have you seen Semgrep? It’s a fast, lightweight static analysis tool. There’s an open source command-line tool along with free and paid SaaS plans so you can deploy, manage, and monitor Semgrep at scale across your organization (via CI/CD integration). Java and JavaScript are among the 17+ languages it supports. No .NET at the moment but C# is in the works. Disclaimer: I’m a maintainer.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts