The Forrester Wave™ SAST: Analyzing the positions of Veracode, OpenText, and GitLab

In today's software development landscape, which is rapidly evolving under the influence of artificial intelligence, cloud technologies, and microservices, Static Application Security Testing (SAST) has become critically important. The Forrester Wave™: Static Application Security Testing Solutions, Q3 2025 report provides a deep market analysis, helping information security and development leaders make informed decisions. The report evaluated 10 key SAST solution providers based on 23 criteria. Let's take a closer look at the positions of three vendors for whom Softprom is an official representative.

Veracode: A recognized market leader

Veracode has once again confirmed its leading position, earning the "Leader" status in the Forrester Wave™ report. This recognition underscores the company's relentless focus on innovation and customer success in building a secure, developer-centric future.

Forrester analysts specifically noted the following strengths of Veracode:

• Exceptional detection and remediation capabilities. The Veracode SAST solution stands out for its excellent vulnerability detection capabilities, and the Veracode Fix tool provides clear and actionable recommendations for their elimination directly within the development environment (IDE).
• A forward-thinking strategy and vision. Forrester highly praised the company's strategic vision, aimed at adapting to modern development workflows and protecting applications in the age of AI.
• Differentiated reporting and analytics. The platform provides powerful tools for analysis and reporting, allowing security teams to get a complete picture of the security posture of their software products.

OpenText: Flexibility and intelligent automation

OpenText, a recognized leader in content management, offers powerful solutions that integrate security at all stages of the information lifecycle. According to Forrester reports, OpenText's strategy is to embed intelligence and automation into its extensive product portfolio.

While the SAST Wave report does not focus on OpenText, analysts note the following advantages of their approach to security:

• Enhanced security and lifecycle management. OpenText received the highest possible scores on the criteria of enhanced security and content lifecycle management.
• Artificial intelligence integration. The company is actively implementing generative AI capabilities to create, transform, and analyze documents, which opens new horizons for secure data management.
• Flexible cloud deployment options. OpenText is an excellent choice for customers looking for robust management and AI-powered automation capabilities with flexible deployment options.

GitLab: A comprehensive DevSecOps platform

The GitLab platform was recognized as a "Leader" in The Forrester Wave™: DevOps Platforms, Q2 2025 report. Analysts called it the "most comprehensive" solution among all those evaluated, ideal for enterprises looking to standardize their processes with a single platform.

The key advantages of GitLab in the context of application security are:

• Built-in pipeline security. GitLab received the highest possible scores for the CI/CD pipeline security criterion, which allows for the detection of vulnerabilities in the early stages of development.
• Mitigation of AI-related risks. Forrester awarded GitLab the highest score (5.0) for the criteria of AI implementation and mitigation of its associated risks, confirming the company's focus on secure innovation.
• Build and CI automation. Forrester noted GitLab's powerful capabilities for build automation and continuous integration, which allow teams to build software faster and more securely.