Secure software development life cycle models propose static code analysis testing as a best practice for development. The purpose of static code analysis testing (SAST) tools is to detect bad code, bugs and potential security issues.
There are free and commercial SAST solutions available. Does it make a difference which one to use? We put some of them to a test to find out how they fare in uncovering security vulnerabilities.