Question: I'm looking for a SAST solution that can detect sensitive data and privacy issues in our application without accessing our source code.

If you want a SAST tool that can spot sensitive data and privacy problems without seeing your source code, Bearer is a top contender. It can be easily integrated into DevSecOps pipelines and can spot sensitive data like PII and PHI. Bearer doesn't store user source code and has customizable rules and reporting, which makes it a good option for security teams and developers who need to see the right information so they can focus on the most important problems and fix them.

Another good option is Nightfall, an AI-native data leak prevention platform. It's designed to have high accuracy and low false positives to reduce data breaches and non-compliance. Nightfall supports more than 100 file types and major SaaS applications, and it's compliant with regulations like HIPAA, PCI, GDPR and others. It also has flexible pricing options and can be installed in minutes, so it's a good option for fast data protection.

If you're looking for a more general-purpose data security tool, check out Varonis. It's got automated data security tools for data discovery, threat detection and policy automation across many cloud and on-premises systems. Varonis supports many popular applications and cloud platforms like Microsoft 365 and Google Workspace, giving you real-time visibility and proactive threat detection.

Last, Gamma is a cloud-based Data Loss Prevention platform that uses AI to monitor and protect sensitive data. It can continuously monitor, remediate instantly and is compliant with major industry standards. Gamma is built on Google Cloud Platform, which means it's scalable and cost-effective, and it's a good option for companies that want to keep data safe without storing monitored data contents.