Announcing The Static Application Security Testing Solutions Forrester Wave™ And Buyer’s Guide — AI Brings Opportunity To SAST Solutions

· Source: Featured Blogs - Forrester · Field: Technology & Digital — Cybersecurity & Data Privacy, Software Development & Engineering, Artificial Intelligence & Machine Learning · Depth: Intermediate, short

Summary

The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025, evaluates 10 leading SAST vendors: Black Duck Software, Checkmarx, GitHub, GitLab, HCLSoftware, Mend.io, OpenText, Snyk, Sonar, and Veracode. This research assesses vendors on 16 current-offering and seven strategy criteria, based on questionnaires, executive briefings, and customer interviews. The SAST market has matured, intensifying competition and driving vendors to focus on efficiency, integration, and expanded offerings. Key trends include integrating AI SAST agents for faster code analysis, prioritizing AI-driven remediation with fix options, and evolving SAST to secure AI applications and agents, including identifying OWASP Top 10 LLM flaws. The market also sees low entry barriers for new AI-powered SAST solutions and a crowded landscape with diverse players.

Key takeaway

For security leaders evaluating SAST solutions, prioritize vendors demonstrating strong AI integration for both scan speed and automated remediation, especially those addressing AI application security. Your decision should weigh not only technical capabilities but also vendor commitment to customer support and roadmap inclusion, as customer loyalty and satisfaction remain high in this mature market, indicating long-term partnership value.

Key insights

SAST solutions are maturing, integrating AI for speed and remediation, and adapting to secure AI-generated code and applications.

Principles

Method

Forrester evaluated 10 SAST vendors using questionnaires, executive briefings, and customer interviews, scoring 16 current-offering and seven strategy criteria.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Product Manager, Security Engineer, Software Engineer, AI Product Manager

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Featured Blogs - Forrester.