SECOLOGIST's SAST-Benchmark is an open-source platform to compare and assess the effectiveness of various Static Application Security Testing (SAST) solutions in the industry, including free-to-use tools for a variety of programming languages and frameworks. The performance of each SAST is measured against multiple criteria.
| Actual: Positive | Actual: Negative | |
|---|---|---|
| Prediction: Positive | True-Positive ✅ | False-Positive ❌ |
| Prediction: Negative | False-Negative ❌ | True-Negative ✅ |
List of supported languages by SASTs.
| Programming Language | QWIET (ShiftLeft) | GitHub CodeQL |
|---|---|---|
| C/C++ | --- | --- |
| C# | --- | --- |
| Go | --- | --- |
| Java | --- | --- |
| Kotlin | --- | --- |
| JS/TS | --- | --- |
| Python | --- | --- |
| Ruby | --- | --- |
| Scala | --- | --- |
| PHP | --- | --- |
| Rust | --- | --- |
| Terraform | --- | --- |
List of vulnerable and non-vulnerable applications repositories are available in applications.json.