As of May 2026, there are 19 SaaS companies in Static Application Security Testing (SAST) Software. They have combined revenues of $135.4M and employ 1.1K people. They have raised $40.3M and serve - customers combined.
Static Application Security Testing (SAST) software refers to tools and methodologies that analyze source code, bytecode, or binary code to identify security vulnerabilities within applications prior to deployment. This approach, often described as white-box testing, enables developers to detect and resolve potential security flaws early in the development lifecycle, thereby reducing the risk of vulnerabilities in production environments. The primary use cases of SAST software include scanning the source code for issues such as input validation errors, insecure coding practices, and dependencies that may pose security risks. Typical features of SAST tools encompass automated scanning, detailed reporting on vulnerabilities, integration with continuous integration/continuous deployment (CI/CD) pipelines, and support for various programming languages. The common buyer personas for SAST solutions typically include software developers, security teams, and DevOps engineers who seek to enhance application security while maintaining development efficiency.
Sorting: Highest -> Lowest
Showing 10 of 7 companies ranked by annual revenue.
Dover, Delaware, United States
CodeThreat is a security SAST solution. It uses scientifically proven techniques with approximation to analyze a codebase at rest, collects security related information, calculates data flows, searches for various well-known security weaknesses and as a result produce claims. These claims are usually whether the targeted codebase is vulnerable to scoped weaknesses or not.
India
Provider of mobile security services. The company provides mobile security services to enterprises and developers via application security auditing, code review and on-demand security scans.
San Jose, California, United States
Amplify Security has created a dual AI Agent platform that fixes insecure code before its deployed into production. This eliminates the work developers had to do around security. Now developers can focus on building products without slowing down for security issues or worse, causing a breach.
Seattle, Washington, United States
An Open Source dependency security tool that is smarter than the rest
Melbourne, Victoria, Australia
Appsec360 is a cloud agnostic SaaS platform to build & run high performing application security programs
- Must offer automated scanning of source code, bytecode, or binaries for security vulnerabilities - Should provide detailed reporting on identified vulnerabilities and remediation guidance - Must integrate with CI/CD workflows to facilitate continuous security testing - Should support multiple programming languages and development frameworks - Not just focused on dynamic analysis; must also include static code analysis capabilities - Should offer features for prioritizing vulnerabilities based on severity
Each Tuesday, we reverse-engineer a real SaaS company's revenue, profit, CAC, funnels, and its top growth tactic.
Sign up to access all features
Sign up with GoogleSign up with LinkedInAlready have an account? Log in
GetLatka is trusted by 200k+ founders, researchers, and marketers.
No contracts, cancel at any time
