0

App comparison

Add up to 4 apps below to see how they compare. You can also use the "Compare" buttons while browsing.

Software categories Blog & research About us

GetApp offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links.

Our commitment

Independent research methodology

Our researchers use a mix of verified reviews, independent research, and objective methodologies to bring you selection and ranking information you can trust. While we may earn a referral fee when you visit a provider through our links or speak to an advisor, this has no influence on our research or methodology.

Verified user reviews

GetApp maintains a proprietary database of millions of in-depth, verified user reviews across thousands of products in hundreds of software categories. Our data scientists apply advanced modeling techniques to identify key insights about products based on those reviews. We may also share aggregated ratings and select excerpts from those reviews throughout our site.

Our human moderators verify that reviewers are real people and that reviews are authentic. They use leading tech to analyze text quality and to detect plagiarism and generative AI.

How GetApp ensures transparency

GetApp lists all providers across its website—not just those that pay us—so that users can make informed purchase decisions. GetApp is free for users. Software providers pay us for sponsored profiles to receive web traffic and sales opportunities. Sponsored profiles include a link-out icon that takes users to the provider’s website.

Static Application Security Testing (SAST)
Bitbucket

Static Application Security Testing (SAST) Software

Last updated: April 2026

1 filter applied

Features

Vulnerability Scanning

Application Security

Real-Time Analytics

Multi-Language Scanning

Source-Code Scanning

Dashboard

Integrated with

Jenkins

GitLab

GitHub

Bitbucket

Slack

Jira

Pricing model

Free

Open Source

Free Trial

One Time License

Subscription

Devices supported

Android

Chromebook

iPad

iPhone

Linux

Mac

Web-based

Windows

Organization types

Freelancers

Large Enterprises

Mid Size Business

Non Profit

Public Administrations

Small Business

User rating

All Reviews

& up

& up

& up

18 software options

Sort by

Sponsored

Xygeni Security

5.0

(5)

5

5

4

0

3

0

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Real Risk. Real Control. From Code to Cloud

Xygeni SAST uses AI-driven static analysis to detect real, exploitable code vulnerabilities while eliminating noise. Integrated into CI/CD and ASPM, it prioritizes reachable risk and delivers in-IDE guidance and safe Auto-Fix to speed secure remediation.

Read more about Xygeni Security

Users also considered

DeepSource

4.8

(10)

5

8

4

2

3

0

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

The Code Health Solution.

DeepSource is the code health platform that all tools needed to write maintainable and secure code to improve software's stability and increase developer velocity.

Read more about DeepSource

Users also considered

CodeScan

4.8

(14)

5

11

4

3

3

0

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Quality and Security for the Salesforce Platform

For Salesforce DevOps teams, CodeScan helps businesses scan and analyze Salesforce codes, define quality and security standards, and ensure compliance with statutory guidelines across code development projects. We have 350+ rules and support all Salesforce languages and Metadata.

Read more about CodeScan

Users also considered

Aikido Security

4.7

(6)

5

4

4

2

3

0

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Unified cybersecurity software

Security-first SAST with zero distractions. Scan your code for vulnerabilities & get alerts only for real security risks. Auto-triage vulnerabilities with AI.

Read more about Aikido Security

Users also considered

OX Security

4.7

(3)

5

2

4

1

3

0

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Cloud-security solution for administrators.

OX Security is a cloud security platform that helps small to large businesses in technology, banking, financial services, and other sectors protect their organization from advanced cyber threats. The platform provides real-time threat detection and response capabilities, giving administrators the ability to gain insights into their network so they can identify and address threats before those threats cause damage.

Read more about OX Security

Users also considered

Invicti

4.7

(26)

5

19

4

5

3

2

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Proof-based application security testing platform

Invicti is a web application and API security platform that provides proof-based vulnerability scanning with DAST, SAST, and ASPM capabilities. The platform discovers and tests websites, applications, and APIs while correlating security findings from multiple tools to prioritize real vulnerabilities. It integrates with CI/CD pipelines and offers AI-powered remediation guidance to help development teams address security issues efficiently.

Read more about Invicti

Users also considered

GitLab

4.6

(1.2K)

5

785

4

386

3

38

2

3

1

4

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Your intelligent orchestration platform for DevOps

GitLab unifies planning, CI/CD, security, and agentic AI, eliminating the tool handoffs that slow software delivery. Learn more today.

Read more about GitLab

Users also considered

Bytesafe

4.6

(7)

5

4

4

3

3

0

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Source code and vulnerability management platform

Bytesafe is a firewall for dependencies. Using the source code and vulnerability management platform, businesses can protect applications, stay in control and keep unwanted dependencies out of the organization.

Read more about Bytesafe

Users also considered

Snyk

4.6

(21)

5

15

4

3

3

3

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Cloud-based security platform to track & fix vulnerabilities

Snyk is a cloud-based application security and testing platform, which helps enterprises discover and fix vulnerabilities across open source libraries, containers, or codes throughout the development process. Features include runtime monitoring, reporting, exploitability indicators, alerts, and prioritization.

Read more about Snyk

Users also considered

SonarQube

4.5

(66)

5

40

4

23

3

2

2

0

1

1

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Sonar: AI code verification for quality and security

SonarQube is an automated code review solution, serving as the verification layer for code quality and security. SonarQube ensures that all AI and developer code is secure, reliable, and maintainable.

Read more about SonarQube

Users also considered

Kiuwan

4.4

(35)

5

16

4

18

3

1

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Secure your applications confidently with Kiuwan.

Kiuwan is an end-to-end application security platform supporting 30+ languages with SAST, SCA, & QA. Kiuwan integrates with IDEs for direct analysis, offers tailored reports, and meets NIST, CWE, & OWASP standards.

Manage open source components and secure your projects confidently with Kiuwan.

Read more about Kiuwan

Users also considered

Acunetix

4.4

(35)

5

20

4

10

3

4

2

1

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Cloud-based and automated web application security solution

Acunetix is a cybersecurity solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites to detect vulnerabilities such as XSS, SQL Injection, and more.

Read more about Acunetix

Users also considered

SonarQube Cloud

4.3

(7)

5

3

4

3

3

1

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

SonarCloud is a cloud-based alternative of the SonarQube .

SonarCloud is a cloud based (SaaS) static code analysis solution that can be used by dev teams to ensure code quality and security.

Read more about SonarQube Cloud

Users also considered

Sigrid

4.1

(16)

5

3

4

12

3

0

2

1

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

One platform to manage your entire application landscape

Sigrid delivers a holistic SAST solution that empowers organizations to manage software security risks. By offering actionable insights, Sigrid helps companies strengthen their security defenses, streamline compliance processes, and accelerate the deployment of secure software applications.

Read more about Sigrid

Users also considered

Conviso

4.0

(1)

5

0

4

1

3

0

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Application Security Posture Management

The Conviso Platform is an Application Security Posture Management (ASPM) solution that centralizes the management of risks, vulnerabil

Read more about Conviso

Users also considered

Sonatype Lifecycle

4.0

(4)

5

0

4

4

3

0

2

0

1

0

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

OSS Application Security and Dependency Management Solution

Sonatype Lifecycle controls open source risk across the SDLC to help application security scale their operations to the speed of development.

Eliminate unnecessary work
Improve efficiency and speed
Enhance productivity

Read more about Sonatype Lifecycle

Users also considered

Checkmarx One

3.9

(7)

5

3

4

2

3

1

2

0

1

1

Based on GetApp‘s extensive, proprietary database of in-depth, verified user reviews

Enterprise cloud-native application security platform.

Checkmarx One is an enterprise cloud-native application security platform that helps teams cut through the noise fix what matters most.

Read more about Checkmarx One

Users also considered

Akto

(0)

API Security Platform for Modern Appsec teams

Akto is an industry-leading solution for API discovery, API security posture management, sensitive data exposure, API security testing.

Read more about Akto

Users also considered

Related categories

Vulnerability Scanner

Vulnerability Management

Container Security

Security System Installer

Network Security

Computer Security

Physical Security

US office

56 Top Gallant Road
Stamford, CT 06902
USA

Registered office

Calle Álava 121
08018 Barcelona,
Spain

For you

Join Sign in Software categories Blog & research

For vendors

Get listed Your account

Our company

About us We're hiring!News Legal Privacy Policy Vulnerability Disclosure Program

© 2010-2026 GetApp. All Rights Reserved.
GetApp is a registered trademark of Nubera eBusiness S.L. Nubera eBusiness uses its own and third-party cookies. By using the website you are accepting the use of these cookies. To get more information about our cookies click here.