As of May 2026, there are 19 SaaS companies in Static Application Security Testing (SAST) Software. They have combined revenues of $135.4M and employ 1.1K people. They have raised $40.3M and serve - customers combined.
Static Application Security Testing (SAST) software refers to tools and methodologies that analyze source code, bytecode, or binary code to identify security vulnerabilities within applications prior to deployment. This approach, often described as white-box testing, enables developers to detect and resolve potential security flaws early in the development lifecycle, thereby reducing the risk of vulnerabilities in production environments. The primary use cases of SAST software include scanning the source code for issues such as input validation errors, insecure coding practices, and dependencies that may pose security risks. Typical features of SAST tools encompass automated scanning, detailed reporting on vulnerabilities, integration with continuous integration/continuous deployment (CI/CD) pipelines, and support for various programming languages. The common buyer personas for SAST solutions typically include software developers, security teams, and DevOps engineers who seek to enhance application security while maintaining development efficiency.
Sorting: Highest -> Lowest
Showing 10 of 5 companies ranked by annual revenue.
San Francisco, California, United States
Semgrep is an application security platform that scans code for bugs and security vulnerabilities, helping developers to write secure code.
Sydney, New South Wales, Australia
Secure Code Warrior is a secure coding platform that sets the standards that keep our digital world safe. We do this by providing the world’s leading agile learning platform that delivers the most effective secure coding solution for developers to learn, apply, and retain software security principles. More than 600 enterprises trust Secure Code Warrior to implement agile learning security programs and ensure the applications they release are free of vulnerabilities.
San Rafael, California, United States
Bright Security is an AI -powered application security platform that integrates application security into SDLC.
Leuven, Belgium
Guardsquare offers the most complete approach to mobile application security on the market. Built on the open source ProGuard technology, Guardsquare’s software integrates seamlessly across the development cycle. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. More than 975 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications against reverse engineering and tampering.
Palo Alto, California, United States
80% of code in modern applications is code your developers didn’t write, but “borrowed” from the internet. With over 3M Open Source Software (OSS) projects, 43M versions, and 3.1T downloads yearly, development teams can gain tremendous benefits from leveraging the OSS ecosystem, as long as organizations invest in the tooling to address the security, scalability and sustainability challenges that come with it. At Endor Labs, we've created the first open source dependency lifecycle management platform to help OSS consumers select, secure and maintain dependencies effectively.
- Must offer automated scanning of source code, bytecode, or binaries for security vulnerabilities - Should provide detailed reporting on identified vulnerabilities and remediation guidance - Must integrate with CI/CD workflows to facilitate continuous security testing - Should support multiple programming languages and development frameworks - Not just focused on dynamic analysis; must also include static code analysis capabilities - Should offer features for prioritizing vulnerabilities based on severity
Each Tuesday, we reverse-engineer a real SaaS company's revenue, profit, CAC, funnels, and its top growth tactic.
Sign up to access all features
Sign up with GoogleSign up with LinkedInAlready have an account? Log in
GetLatka is trusted by 200k+ founders, researchers, and marketers.
No contracts, cancel at any time