DerSecur in The Static Application Security Testing Solutions Landscape, Q2 2025

Two years is a long time in application security. When Forrester published the Static Application Security Testing Landscape in Q2 2023, generative AI in software development was a topic on the horizon. By the time the SAST Solutions Landscape, Q2 2025 went to press, it was the organizing fact of the entire category. DerSecur is named in the 2025 report — and the AI thread runs through why.

The report's central argument

Forrester's 2025 SAST Landscape frames the market around a specific tension: generative AI tools have dramatically accelerated how fast developers write code, and that acceleration has introduced new classes of security problems at scale. GitHub Copilot, ChatGPT, and similar tools can speed up coding by 10–50x. That's real productivity — and it also means a developer can ship AI-generated code with subtle vulnerabilities before a traditional security review cycle catches up.

The vendors Forrester evaluates in the 2025 edition are those responding to this reality, not just cataloging it.

Where DerScanner fits in 2025

DerScanner's answer to the AI-generated code problem comes through two capabilities that didn't exist in the 2023 version of the platform: DerTriage and DerCodeFix.

DerTriage addresses the false positive problem directly, using AI reasoning to filter findings before they reach the developer. The stated reduction is 95% of false positives — which, if accurate at scale, fundamentally changes the economics of SAST adoption. The persistent criticism of static analysis has always been that it generates too much noise for developers to take seriously. A tool that surfaces a small number of high-confidence findings, rather than a long queue of uncertain ones, changes that relationship.

DerCodeFix takes the next step: rather than flagging a vulnerability and leaving remediation to the developer, it generates a context-aware fix. The logic is straightforward — if AI tooling introduced the vulnerability, AI tooling should be part of removing it. The goal is to keep security embedded in the development workflow rather than exporting it to a separate review process.

Both features connect to a broader positioning: security that moves at development velocity. CI/CD integration means DerScanner can run at the point where code is being written and committed, not downstream where fixes are more expensive and slower.

On Forrester's objectivity

Forrester does not endorse any vendor included in its research publications, and inclusion in a Landscape report does not constitute a product recommendation. The findings reflect analyst judgment at the time of publication.

"We are honored by the recognition from Forrester analysts and appreciate their deep insights into the evolving SAST landscape," said Lauren Connell, PR Director at DerSecur. "The trends highlighted by Forrester, particularly around AI-driven workflows, resonate strongly with us."

DerSecur was founded in 2011. DerScanner supports 43 programming languages and covers SAST, DAST, and SCA within a single platform.