|
|
|
|
|
|
by relaunched
2310 days ago
|
|
|
Based on the programming languages, and the lack of a stated preference for open source / free vs. proprietary, I'd strongly consider checkmarx or veracode for a corporate environment. We've used all the tools at work and are running a pretty significant number of applications, in a fully ci / cd environment. No tool is perfect, but make sure you have the right language support, versions, framework support, etc. Also, make sure you have someone qualified to do static analysis, because the tools all have false positives, as well as can miss things. Happy to talk via email. |
|
|