Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.
Find out what your peers are saying about Black Duck, Veracode, PortSwigger and others in Static Application Security Testing (SAST). Updated: May 2026.
Static Application Security Testing provides tools to identify vulnerabilities in code early in the development cycle, improving security and minimizing risk exposure.SAST focuses on analyzing source code, binaries, or bytecode to detect issues like SQL injection, buffer overflows, and cross-site scripting. This proactive approach enables developers to remediate potential security flaws before applications are deployed. The solution integrates seamlessly with existing CI/CD pipelines,...
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.