Opportunity

Sacramento Opengov #2026-RFB-0064

Sacramento County Seeks Application Security Testing Platform for Secure Software Development

Posted

July 07, 2026

Respond By

July 30, 2026

Identifier

2026-RFB-0064

NAICS

541512

Sacramento County's Contract & Purchasing Services Division is seeking an Application Security Testing (AST) platform to enhance secure software development for the Department of Technology. - Government Buyer: - Sacramento County Contract & Purchasing Services Division, on behalf of the Department of Technology - Products/Services Requested: - Application Security Testing (AST) platform - Must support Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and AI-assisted remediation - Integration with modern source-code management systems and CI/CD pipelines - Support for enterprise authentication, including Single Sign-On (SSO) - Flexible licensing models (developer- or application-centric) - Robust reporting for audit, compliance, and operational security - Unique/Notable Requirements: - Preference for platforms with FedRAMP or GOVRAMP authorization - Must align with NIST Cyber-Security framework - Compliance with PCI, IRS Pub 1075, HIPAA, and CJIS regulations - No specific OEMs or vendors are named in the solicitation, but leading AST platform manufacturers are likely to compete.

Description

The Sacramento County Contract & Purchasing Services Division is issuing a Request for Bid (RFB) to procure an Application Security Testing (AST) platform for the Department of Technology. The platform must support secure software development across multiple programming languages and environments, integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and AI-assisted remediation. It should seamlessly integrate with source-code management systems and CI/CD pipelines, support enterprise authentication including SSO, and offer licensing models suitable for developer or application-centric use. Preference is given to solutions with FedRAMP or GOVRAMP authorization and robust reporting capabilities for audit, compliance, and operational security.

View original listing