High-speed and Accurate Static Application Security Testing (SAST)

Build Security from the First Line of Code

Automate and scale application security across development, operations, and security teams, and deliver secure code, early in the DevOps cycle. Improve remediation-rate, time-to-remediate, and save your valuable resources.

Flexible Deployment Options

Test your source code and binaries within your own network to keep your intellectual property onsite. (Cloud options also available.)

Integrates with Popular CI/CD Systems

Automate security scans while the application is being built and deployed.

Support for Multiple Languages & Frameworks

High-speed and fully-automated testing for scanning source code and binaries of the most commonly-used programming languages and frameworks

Static Application Security Testing (SAST) - Find and Fix Costly Vulnerabilities Early

Find and Fix Costly Vulnerabilities Early

Reduce remediation costs and time-to-remediate by finding and fixing vulnerabilities earlier in the DevOps cycle.

Verified and Actionable Results with Near-Zero False Positives

Sentinel Source Static Application Security Testing (SAST) helps you verify and fix costly vulnerabilities early, without the overhead of managing false positive results.

Static Application Security Testing (SAST)- Verified Vulnerabilities

Verified Vulnerabilities

Get custom remediation advice from NTT | Application Security Service Delivery, one of the largest and skilled teams of security experts anywhere on the planet.

Static Application Security Testing (SAST) - Attack Vector Intelligence (AVI™)

Attack Vector Intelligence (AVI™)

Improves vulnerability accuracy using a combination of machine intelligence and human verification.

Static Application Security Testing (SAST)- Directed Remediation

Directed Remediation

Remediate vulnerabilities in seconds using our patented technology that provides customized code patches and precise location to apply it.

Static Application Security Testing (SAST) - Built in SCA

Built-in SCA

Quickly identify security vulnerabilities (CVEs), out-of-date versions, and license risks in third party components used by your applications.

Supported Vulnerability Coverage

OWASP Top 10

  • A1 – Injection
  • A2 – Broken Authentication and Session Management
  • A3 – Sensitive Data Exposure
  • A4 – XML External Entities (XXE)
  • A5 – Broken Access Control
  • A6 – Security Misconfiguration
  • A7 – Cross-Site Scripting (XSS)
  • A8 – Insecure Deserialization
  • A9 – Using Components with Known Vulnerabilities
  • A10 – Insufficient Logging & Monitoring (Out of Scope)


Additional Resources


Sentinel Source – Essentials Edition


2019 Application Security Statistics Report


Using AppSec Statistics to Drive Better Outcomes