I want to implement SAST on our CICD pipeline and I can't find opensource SAST tools except sonarqube. Is there any alternative tools to sonarqube?
I just want to explore other tools but can't find any opensource tools..
Asked
Active
Viewed 107 times
1 Answers
-1
Welcome to Stackoverflow! Sonarqube is not the only tool. However it is the most known / market leader so to speak. Other tools are e.g. Spotbugs (previsouly known as findbugs), PMD and so on. You can check this list on wiki...
Lonzak
- 9,334
- 5
- 57
- 88