Latka logo

Top 19 Static Application Security Testing (SAST) Software SaaS Companies in July 2026

As of July 2026, there are 19 SaaS companies in Static Application Security Testing (SAST) Software. They have combined revenues of $135.4M and employ 1.1K people. They have raised $40.3M and serve - customers combined.

Static Application Security Testing (SAST) software refers to tools and methodologies that analyze source code, bytecode, or binary code to identify security vulnerabilities within applications prior to deployment. This approach, often described as white-box testing, enables developers to detect and resolve potential security flaws early in the development lifecycle, thereby reducing the risk of vulnerabilities in production environments. The primary use cases of SAST software include scanning the source code for issues such as input validation errors, insecure coding practices, and dependencies that may pose security risks. Typical features of SAST tools encompass automated scanning, detailed reporting on vulnerabilities, integration with continuous integration/continuous deployment (CI/CD) pipelines, and support for various programming languages. The common buyer personas for SAST solutions typically include software developers, security teams, and DevOps engineers who seek to enhance application security while maintaining development efficiency.

Companies
19
Revenue
$135.4M
Funding
$40.3M
Employees
1.1K

Filters

Sorting: Highest -> Lowest

Filters

Top Static Application Security Testing (SAST) Software Companies

Showing 10 of 7 companies ranked by annual revenue.

1CodeThreat logo
CodeThreat

Dover, Delaware, United States

CodeThreat is a security SAST solution. It uses scientifically proven techniques with approximation to analyze a codebase at rest, collects security related information, calculates data flows, searches for various well-known security weaknesses and as a result produce claims. These claims are usually whether the targeted codebase is vulnerable to scoped weaknesses or not.

Revenue
$770K
Customers
-
Year founded
2020
Funding
-
Team size
7
Growth
-
2Attify Inc. logo
Attify Inc.

India

Provider of mobile security services. The company provides mobile security services to enterprises and developers via application security auditing, code review and on-demand security scans.

Revenue
$673.6K
Customers
-
Year founded
2013
Funding
-
Team size
5
Growth
-
3Amplify Security logo
Amplify Security

San Jose, California, United States

Amplify Security has created a dual AI Agent platform that fixes insecure code before its deployed into production. This eliminates the work developers had to do around security. Now developers can focus on building products without slowing down for security issues or worse, causing a breach.

Revenue
$660K
Customers
-
Year founded
2022
Funding
-
Team size
6
Growth
-
4Corgea logo
Corgea

San Francisco, California, United States

Fix vulnerable code using AI

Revenue
$440K
Customers
-
Year founded
2023
Funding
-
Team size
4
Growth
-
5LunaSec logo
LunaSec

Seattle, Washington, United States

An Open Source dependency security tool that is smarter than the rest

Revenue
$330K
Customers
-
Year founded
2019
Funding
-
Team size
3
Growth
-
6Appsec360 logo
Appsec360

Melbourne, Victoria, Australia

Appsec360 is a cloud agnostic SaaS platform to build & run high performing application security programs

Revenue
$80.4K
Customers
-
Year founded
2020
Funding
$36.5K
Team size
3
Growth
-
7Secutils.dev logo
Secutils.dev

Germany

An open-source toolbox for application security engineers

Revenue
$1K
Customers
-
Year founded
2023
Funding
-
Team size
1
Growth
-

Inclusion Criteria

- Must offer automated scanning of source code, bytecode, or binaries for security vulnerabilities - Should provide detailed reporting on identified vulnerabilities and remediation guidance - Must integrate with CI/CD workflows to facilitate continuous security testing - Should support multiple programming languages and development frameworks - Not just focused on dynamic analysis; must also include static code analysis capabilities - Should offer features for prioritizing vulnerabilities based on severity