DEV Community

Discussion on: Comparing Popular Static Application Security Testing (SAST) Tools

phlash909 profile image
Phil Ashby

Fair point when you look at current tools (such as SonarQube - in use in my last position), but compared to the available single language tools (eg: checkstyle) and the multiple flavours of C/C++, Java, and early C# (remember this was 15 years ago) that were in use for telecoms software it was a reasonable fit, and meant that my team didn't have to learn how to effectively use multiple tools in a consultancy environment. We also found that it produced fewer false positives from the start compared to other more expensive tooling.