Does anyone have a recommendation for a SAST / DAST scanning tool that supports a variety of languages (front end and backend), has minimal false positives, supports automation (via API or other), integrates with IDEs and integrates with GitLab?

We are in the process of testing GitLab Ultimate. It has security features like SAST/DAST and fuzzing. I have also used Veracode in the past.

327 views
3 comments
1 upvotes
Related Tags
Anonymous Author
We are in the process of testing GitLab Ultimate. It has security features like SAST/DAST and fuzzing. I have also used Veracode in the past.
0 upvotes
Anonymous Author
DAST - Rapid7 AppSpider DAST - SonarQube
0 upvotes
Anonymous Author
For SAST and IAST, I'd talk to Checkmarx. Then if you want to layer on DAST, talk to Synopsys
0 upvotes