This week, Cycode launched its proprietary next-generation SAST engine to elevate its complete ASPM platform – and it is already achieving a breakthrough 94% reduction in false positives in OWASP benchmark tests compared to leading open-source and commercial alternatives.
Application security teams must secure expanding attack surfaces against intensifying threats while controlling costs. Noisy scans and disjointed point solutions cannot keep pace with the speed and scale of modern development. ASPM has emerged to create clarity out of complex security data and shorten the lifecycle of high-risk vulnerabilities and weaknesses. However, effective ASPM starts with high-quality data and accurate scans.
“Application security teams face increasing pressure to secure complex software environments without slowing development or driving up costs,” said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC.
Norton continued, “This challenge has contributed to the rise of Application Security Posture Management (ASPM) as a strategic investment to reduce risk and improve operational efficiency. With new enhancements to its proprietary, accuracy-focused SAST engine as part of its ASPM platform, Cycode aims to help customers enhance visibility, refine risk prioritization, and accelerate remediation, while also supporting broader efforts to streamline security investments.”
Cycode SAST delivers fast and accurate security feedback for first-party code. Built on modern software architecture, the new engine combines real-time scanning with cross-function and cross-file analysis to quickly pinpoint true positives and provide developers with deep context for more efficient remediation. Specifically, by offering industry-leading SAST as part of Cycode’s Complete ASPM platform, customers can reduce risk, increase developer productivity and lower cost of ownership.
According to Guillaume Montard, Head of Product at Cycode, “Early adopters of Cycode’s next-generation SAST engine saw significant improvements. In one organization, over a third of the findings from the incumbent SAST tool were false positives. Cycode reduced false positives to 2%. For context, in an organization with 100,000 SAST findings, Cycode SAST eliminates over 30,000 false positives. Cycode achieves this while retaining a 75% recall rate for true positives.
Furthermore, the evidence path gives developers confidence violations are real and context to fix them faster. With risk-based prioritization and automated remediation workflows, Cycode empowers you to prevent flaw introduction and burn down high-risk security debt.”
As organizations adopt ASPM to enhance their security posture, the ability to deliver high-quality security data becomes a key differentiator. Traditional SAST solutions often introduce friction due to high false-positive rates and slow scans, limiting their effectiveness in modern DevSecOps workflows. By embedding a next-generation SAST engine into its Complete ASPM platform, Cycode ensures security teams and developers have access to precise, actionable insights—enabling them to focus on real risks and accelerate remediation.
To learn more, visit https://cycode.com/.
