Nuclei
Fast, template-driven vulnerability scanner with zero false positives
- Stars
- 26,605
- License
- MIT
- Last commit
- 1 day ago
GoActive
Best Application Security Testing (SAST/DAST/SCA) Tools
Explore leading tools in the Application Security Testing (SAST/DAST/SCA) category, including open-source options and SaaS products. Compare features, use cases, and find the best fit for your workflow.
10+ open-source projects · 6 SaaS products
Top open-source Application Security Testing (SAST/DAST/SCA)
These projects are active, self-hostable choices for knowledge management teams evaluating alternatives to SaaS tools.
ZAP
Automated web app security scanner for developers and pentesters
- Stars
- 14,645
- License
- Apache-2.0
- Last commit
- 8 days ago
JavaActive
Nikto
Comprehensive Perl-based web server vulnerability scanner that detects misconfigurations and known exploits
- Stars
- 9,992
- License
- —
- Last commit
- 27 days ago
PerlActive
OSV-Scanner
Comprehensive vulnerability scanner for code, containers, and licenses
- Stars
- 8,363
- License
- Apache-2.0
- Last commit
- 1 day ago
GoActive
Dependency-Check
Detect known vulnerabilities in project dependencies automatically.
- Stars
- 7,394
- License
- Apache-2.0
- Last commit
- 1 day ago
JavaActive
Arachni
Intelligent Ruby scanner for dynamic web application security
- Stars
- 3,987
- License
- —
- Last commit
- 8 months ago
RubyStable
Most starred project
26,605★
Fast, template-driven vulnerability scanner with zero false positives
Recently updated
1 day ago
Detect security flaws, compliance gaps, and misconfigurations across Terraform, Kubernetes, CloudFormation, and many other IaC frameworks early in the development cycle.
Popular SaaS Platforms to Replace
Understand the commercial incumbents teams migrate from and how many open-source alternatives exist for each product.
Acunetix
Web vulnerability scanner for automated security testing of websites and web apps
Application Security Testing (SAST/DAST/SCA)
Alternatives tracked
15 alternatives
AppCheck
Automated web application and infrastructure vulnerability scanning platform
Application Security Testing (SAST/DAST/SCA)
Alternatives tracked
15 alternatives
Burp Suite
Web application security testing platform
Application Security Testing (SAST/DAST/SCA)
Alternatives tracked
15 alternatives
Checkmarx One
Cloud‑native application security platform with SAST, SCA, DAST, and more
Application Security Testing (SAST/DAST/SCA)
Alternatives tracked
15 alternatives
TruffleHog
Secret scanning tool for detecting exposed credentials in code repositories
Application Security Testing (SAST/DAST/SCA)
Alternatives tracked
15 alternatives
Veracode
Application security platform for vulnerability scanning and testing
Application Security Testing (SAST/DAST/SCA)
Alternatives tracked
15 alternatives
Most compared product
10+ open-source alternatives
Acunetix is a web vulnerability scanner that automatically tests websites and web applications for over 6,500 security vulnerabilities. It features advanced crawling and audit tools to identify issues like SQL injection, XSS, and other exploits, helping organizations remediate web security risks.
Leading hosted platforms
Frequently replaced when teams want private deployments and lower TCO.
Explore related categories
Browse neighbouring categories in Security to widen your evaluation.
- Compliance Automation & GRCAutomated controls, evidence collection and audits for SOC 2, ISO 27001, HIPAA and more.
- Container SecurityContainer image scanning and Kubernetes security tools for supply chain protection.
- Data Discovery & ClassificationSensitive data discovery, classification and privacy compliance across data stores.
- Identity & SSOIdentity and single sign-on (SSO) servers for authentication and user management.
- Secrets ManagementVaults and key management systems for secure storage of credentials and secrets.
- SIEM & Threat DetectionSecurity information and event management platforms for threat monitoring and analysis.