For an open-source DAST tool, we'd recommend OWASP ZAP. You can find additional DAST tools in this link here.
- The scan frequency is based on your choice which can be set to monthly, quarterly, or annually. As a standard best practice, we'd recommend setting the frequency as often as possible.
For an open-source SAST tool, we'd recommend SonarCloud. You can find additional SAST tools under this link here.