Static Application Security Testing (SAST)
SAST tools analyze source code or compiled versions of code to find security vulnerabilities during the development process.
Examples of SAST tools include Fortify Static Code Analyzer, Checkmarx, and SonarQube.
Dynamic Application Security Testing (DAST)
DAST tools test running web applications for security vulnerabilities by sending malicious requests and analyzing responses.
Examples of DAST tools include OWASP ZAP, Acunetix, and Burp Suite.
Software Composition Analysis (SCA)
SCA tools identify and manage open-source components and their dependencies to detect vulnerabilities and ensure license compliance.
Examples of SCA tools include Black Duck by Synopsys, WhiteSource Bolt, and Nexus Lifecycle.
Container Scanning
Container scanning tools analyze container images for security vulnerabilities and policy violations.
Examples of container scanning tools include Clair, Trivy, and Aqua Security.