Looking for a IAST app and software scanner

My company is considering the option of adding SonarQube to the DevSecOps pineline, and I’m tasked with evaluating several SAST, DAST or a combination of both IAST. Does SonarQube consist of both features? We are currently using Checkmarx, which is more SAST centered.


Hi Patrick,

SonarQube is purely static analysis.


Thank you, Ann. Any recommendations for an IAST security tool?