The following is a listing of security testing tool providers, along with a brief description of their offerings.


HCL AppScan helps organizations pinpoint and remediate vulnerabilities throughout the software development lifecycle (SDLC) with a suite of application security testing platforms available as a cloud-based service (SaaS), self-managed, or cloud-native. Powerful static, dynamic, interactive, and open-source scanning engines (DAST, SAST, IAST, SCA, API) quickly and accurately test code, web applications, APIs, mobile applications, containers, and open-source components with the help of broad language support, seamless integrations and automations, and proven AI capabilities. Centralized dashboards provide visibility, oversight, compliance policies, and reporting to enable developers, DevOps, and security teams to collaborate in a comprehensive and continuous security model.

RELATED CONTENT: The importance of security testing


CheckmarxThe Checkmarx One cloud-native platform combines the full suite of application security testing (AST) solutions to help you secure your digital transformation across every phase of modern application development and bring your apps to market faster. The company enables large-scale enterprises to secure every phase of development for every application while balancing the dynamic needs of CISOs, security, and development teams.

Contrast Security: With its Scan (SAST), Software Composition Analysis (SCA) and Assess (IAST) solutions, Contrast’s Secure Code platform helps organizations make code security testing as routine as a code commit while focusing on the most imperative vulnerabilities to deliver fast, accurate and actionable results.

Gitlab provides all of the essential DevSecOps tools in one DevSecOps platform. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development costs, speed time to market, and deliver more secure and compliant applications.

JFrog: Its Enhanced SCA tool helps organizations manage the risk of open-source software with a database that aggregates malicious package information from global sources. The Code Security Scanning tool enables development teams to write and commit trusted code with fast and accurate security-focused engines that deliver scans that minimize false positives and won’t slow down development. The company’s Mend SCA enables you to quickly and easily generate SBOMs that identify all open-source libraries, track and document each component, including direct and transitive dependencies, and update automatically when components change. Its SAST offering offers automated remediation that writes the exact code changes needed to fix code flaws, based on approvals done through pull requests.

Parasoft:  AST tools extend automated application security testing across the SDLC to help uncover security and quality issues that could expose security risks in your software applications. This increases collaboration in DevSecOps and provides an effective way for you to identify and manage security risks more confidently. This includes static application security testing (SAST), penetration testing, and more, using different tools for each type. 

Perforce offers a full range of security testing tools, from its Klocwork static analysis,  BlazeMeter continuous testing, and Perfecto web and mobile solution. Perforce identifies software security, quality, and reliability issues, helping to enforce compliance with standards.

Snyk enables developers to build securely from the start, while giving security teams complete visibility and comprehensive controls. Snyk helps you secure critical components of your software supply chain, including first-party code, open-source libraries, container images, and cloud infrastructure, right in the tools your developers use every day.

SonarSource: SonarLint empowers organizations to find and fix issues in real time, while SonarQube provides development teams with a self-hosted code quality and security solution that integrates into their enterprise environment. SonarCloud is a code review tool that easily integrates into cloud DevOps platforms and extends your CI/CD workflow.

Sonatype supports 50+ languages and integrations across leading IDEs, source repositories, CI pipelines, and ticketing systems, enabling organizations to ensure their open-source components are secure throughout the entire software development life cycle by spotting vulnerabilities early on in the development process.

Veracode offers a full suite of security testing tools, including SAST, DAST and SCA, and that can integrate container security into the development pipeline. This makes security simpler for developers. The company also offers security training for developers to help them spot issues before they make it into production.