As with any tools purchase part of the outcome is in how good the evaluation criteria are, so it is important to understand the criteria people might use when assessing Security static analysis tools.
Obviously the weighting on each criterion would be down to the individual companies priorities but the list could be reasonably generic.
Some criteria which might apply are :-
Cost. A couple of components for this would be software licenses (up front and annual), hardware costs for running the software (assuming it's not SAAS)
Scaling. Ability for the tool to scale to larger environments. Specific points might be around sharing data between developers, integration with bug tracking and source code control systems...
Capability. Language coverage, false positive/negative rates.
Customization. A key area for this kind of software is ability to customize to the specific codebase that is being evaluated (eg, to take account of bespoke input validation libraries), also ability to customize reports and other outputs.