Product Listings
The Mend AI Native AppSec Platform is designed to address risks in software created by both human developers and AI systems. The platform unifies static application security testing (SAST), software composition analysis (SCA), container scanning, AI component security and automated AI red teaming, giving teams visibility into risks across the application attack surface. The platform secures AI-generated code, embedded AI components (models, agents, MCPs, RAG pipelines), and conversational AI, while also covering traditional application risks.
Mend.io integrates with development workflows to provide real-time alerts, policy enforcement, and ongoing monitoring across the software development lifecycle. Centralized dashboards and reporting deliver visibility into vulnerabilities, risk trends, and remediation progress. AI-assisted remediation and prioritization workflows enable teams to address issues efficiently and reduce overall risk.
Veracode is a software focused on application security, offering tools for static analysis, dynamic analysis, software composition analysis, and manual penetration testing. The software scans code and binaries to identify vulnerabilities, helping organizations improve security throughout the software development lifecycle. It integrates with development environments and DevOps pipelines, enabling continuous security checks and remediation guidance for developers. Veracode addresses business challenges related to secure coding, regulatory compliance, and risk management by providing actionable insights, reporting, and governance features. The software supports a range of programming languages and frameworks, allowing teams to reduce security risks while maintaining development speed and agility.
Black Duck® software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers. Black Duck uses multiple open source discovery techniques to generate a complete and accurate software bill of materials (SBOM), including: declared/transitive dependency analysis, filesystem scanning, binary file analysis, and embedded code snippet detection. Black Duck gives teams a complete picture of open source risks with information from the Black Duck KnowledgeBase™ of over 5 million open source projects. In addition, independently researched Black Duck Security Advisories (BDSAs) provide teams with detailed vulnerability risk and remediation guidance weeks ahead of the NVD. Teams can manage risks across the SDLC using integrated policy management capabilities as well as monitoring and alerting for newly reported vulnerabilities impacting production applications.
RapidFort Platform is a software designed to enhance security and optimize performance for containerized applications by automatically analyzing and reducing unused components within container images. The software provides vulnerability management by identifying and removing unnecessary packages, thereby minimizing attack surfaces and improving compliance with security standards. It integrates with existing development workflows and supports continuous monitoring to detect risks in real time. RapidFort Platform helps organizations streamline their DevSecOps processes, ensuring that deployed containers are lightweight and contain only essential code needed for operation. Through automated image optimization and comprehensive reporting features, the software addresses challenges related to container security, resource management, and regulatory compliance.
Snyk Open Source provides a developer-first SCA solution, to find, prioritize, and fix security vulnerabilities and license issues in open source packages, throughout the software development lifecycle. Application context helps prioritize reachable, deployed, or publicly exposed open source issues that pose the greatest risk to your organization, while guardrails verify that your projects adhere to your security and license policies. SBOM exporting for open source and container projects allows you to meet increasing software transparency regulations, and SBOM testing can scan external tools for vulnerabilities.
Aikido is a developer-centric security platform that gives developers and security teams an instant overview of all code-to-cloud security issues and guides teams to fix vulnerabilities fast. Aikido supports security teams execute by aggressively reducing false-positives, automatic triage and risk bundling, and translating Common Vulnerabilities and Exposures (CVEs) into easy step-by-step explanations to resolve.
Described as an "all-in-one" application security platform, Aikido's covers the entire Software Development Lifecycle (SDLC), including: static application security testing (SAST), dynamic application security testing (DAST), infrastructure-as-code (IaC), container scanning, secrets detection, open source lisence scanning, cloud posture management (CSPM), runtime protection, and more.
Deep Code Analysis: Apiiro extrapolates application components, going beyond vulnerability detection to identify changes introducing risk. Its patented technology forms the foundation for the Risk GraphTM, connecting risks to identify toxic combinations and surface invaluable context.
Code to Runtime Modeling: Connecting to runtime via API, Apiiro uses modeling technology to generate context and prioritize findings based on deployment, internet exposure, or WAF protection. This technology matches runtime APIs, containers, and security alerts to their source code and maps the entire exposure path of risks.
Risk-Based, Developer-Centric Policy Engine: Apiiro offers out-of-the-box and custom risk-based policies and workflows to define, automate, and validate security controls. With extensive developer tool integrations, the policy engine enables continuous, proactive guardrails to prevent business-critical risks from reaching the cloud.
The Sonatype Nexus One Platform is a unified software supply chain security platform that combines open source software (OSS) intelligence, governance, and automation across the software development lifecycle. It integrates capabilities for AI/ML model visibility and governance, malware detection and blocking, automated dependency management, and SBOM governance, alongside artifact and workflow management. The platform incorporates artifact repository functions and connects with CI/CD pipelines and developer tooling.
Nexus One leverages curated OSS data covering hundreds of millions of components and applies ML-driven analysis to identify and manage risks from open source and machine-assisted code. It is designed for integration into existing development workflows and supports end-to-end visibility from component selection through deployment and monitoring.
Tenable Cloud Security (TCS) is an identity-intelligent, actionable cloud security platform that exposes and closes security gaps caused by misconfigurations, risky entitlements and vulnerabilities. Organizations use its intuitive, unifying UI to secure the full cloud stack, achieving visibility, prioritization and remediation across infrastructure, workloads, identities, data and AI resources. TCS pinpoints toxic combinations of risk most likely to be exploited. Users are enabled to take action, even if they have only 5 minutes, with guided remediations and code snippets that reduce MTTR. TCS is a comprehensive CNAPP solution; its wide-reaching capabilities also meet the criteria of specific cloud security domains. TCS is part of Tenable’s AI-powered exposure management platform, Tenable One.
GitLab is a comprehensive AI-powered DevSecOps platform for software innovation. The GitLab DevSecOps platform includes all capabilities required to deliver secure software faster with a unified data store, including source code management, continuous integration and delivery, agile project and portfolio planning, GitOps, software supply chain security, compliance management, and value stream management. GitLab empowers customers to improve operational efficiency, reduce security and compliance risk, build high-performing teams, and accelerate cloud transformation to maximize the overall return on software development.
OX centralizes Application Security from AI coding to runtime, tracing every risk back to its source: your code. As AI transforms development, security teams face fragmented tooling and blind spots—OX delivers complete product security built for prevention, unifying security across your entire code journey from AI code generation through cloud runtime.
Timesys Vigiles is a software solution designed to help embedded system developers and organizations manage security vulnerabilities in open source software components used within their products. The software continuously monitors relevant sources for disclosed vulnerabilities, providing automated alerts and notifications tailored to the configuration of each device. Through vulnerability identification, triaging, remediation workflows, and issue tracking, the software aims to streamline compliance with industry security standards and reduce the workload for security and engineering teams. Vigiles supports integration with software development processes and tools, enabling timely mitigation of security risks in embedded Linux projects.
SBOM Studio is an SBOM management platform that simplifies and automates creation, validation, and reconciliation of SBOMs. Integrated with CI/CD workflows, it supports multiple formats (CycloneDX SPDX) and standardizes component metadata across toolchains. Its reconciliation engine harmonizes inputs from open-source, commercial, and legacy codebases to ensure accurate visibility into third-party and proprietary components. Interactive dashboards deliver insights into SBOM coverage, contextualized vulnerability alerts, and compliance status against NTIA, FDA guidance, the EU Cyber Resilience Act, and industry standards. Role-based access controls and collaboration features enable teams to share, review, and approve SBOMs, while automated reporting streamlines audits and vendor assessments. With extensible APIs and automation support, SBOM Studio accelerates vulnerability lifecycle management, helps proactively manage software supply chain risks at scale, and enables security assurance.
Spectra Assure is a software supply chain security platform that analyzes commercial, freeware and open source software and their components, helping organizations detect threats, manage risk and block malicious attacks before software is curated, released, acquired, deployed or updated. It provides a comprehensive analysis to detected threats (e.g. malware and tampering, anomalous changes or behaviors, exposed secrets and more) across proprietary, open source, third-party components, build artifacts and embedded models, with actionable remediation guidance. Visibility into ML/AI models (ML-BOM), cryptographic elements (CBOM), and third party services (SaaSBOM) also helps organizations strengthen compliance and manage evolving exposures. Integrating Spectra Assure into existing workflows helps developers and buyers to validate software integrity, enforce risk-based policies, meet compliance needs, expedite decision making, communicate policy requirements and drive remediation.
FOSSA is a software designed to automate open source license compliance and manage dependencies within development workflows. The software scans codebases to identify open source components and tracks changes as projects evolve, providing visibility into licenses, vulnerabilities, and dependencies. It offers policy enforcement capabilities to help organizations meet regulatory and legal requirements related to open source usage. FOSSA integrates with continuous integration and deployment pipelines to enable real-time monitoring and reporting, supporting collaboration among engineering, legal, and security teams. The software aims to address challenges in large-scale open source management by centralizing data, reducing manual effort, and supporting audit preparation.
Arnica is a software designed to enhance the security and integrity of software development processes by preventing and remediating security vulnerabilities in code repositories. The software integrates with version control systems to detect and address risks such as secrets exposure, unsafe coding practices, and configuration errors. It provides automated actions and developer guidance to facilitate secure code contributions without impacting workflow efficiency. Arnica addresses the business problem of managing security risks in modern DevOps environments, helping organizations maintain compliance and reduce exposure to threats within their software supply chain.
Checkmarx Software Composition Analysis is a software designed to identify and manage open source components within applications. It enables organizations to detect security vulnerabilities, licensing issues, and operational risks present in third-party libraries and dependencies used during development. The software provides automated analysis of applications, helping teams maintain compliance with internal and external requirements for open source usage. It offers integration capabilities for various development environments and continuous integration pipelines, supporting developer workflows and promoting efficient risk assessment and mitigation. The software assists in reducing exposure to security threats by providing insight into component status and suggesting remediation steps, thereby supporting organizations in maintaining reliable and secure software solutions.
Revenera is a software provided by Flexera that assists organizations in managing software licensing, compliance, and installation processes. The software offers solutions for software monetization, license management, entitlement management, and installation packaging. It enables software producers to implement flexible licensing models, protect intellectual property, automate product updates, and track usage analytics. Revenera addresses the business challenge of ensuring compliance with licensing agreements and optimizing revenue by providing detailed insight into software usage and automating the delivery and activation processes for software products.
DeepSource is an all-in-one code health platform that equips organizations with everything they need to build maintainable and secure software while elevating the velocity of their software development cycle. DeepSource provides highly accurate and fast static analyzers, automated issue remediation with Autofix, code Issue and security reporting: OWASP Top 10, SANS Top 25, Code Coverage, and even a self-hosted option with one-click installation and upgrades.
Semgrep Supply Chain is a software composition analysis (SCA) tool that scans third-party dependencies to identify and prioritize security risks. It detects reachable vulnerabilities, so developers are only alerted to issues that are actually relevant in their codebase. The tool helps reduce noise and false positives, improving signal quality for faster triage and remediation. Features like AI-assisted breaking change detection and click-to-fix remediation make it easier for teams to fix issues confidently and efficiently. Semgrep Supply Chain integrates well into development workflows and helps organizations maintain secure dependencies without slowing down delivery.