“…They find that although both open-source and commercial DAST tools can be effective, no single tool was effective in finding all the vulnerabilities. Cruz et al [28] compare Open-Source SAST, DAST, and Software Composition Analysis (SCA) tools. The authors found combinations of tools were more effective than using one particular tool or approach.…”