Technology Partners

Atlassian JIRA lets you prioritize, assign, track, report and audit your issues, whatever they may be: from software bugs and help-desk tickets to

Portswigger Burp web scanner is a state-of-the-art vulnerability scanner for web applications. It is designed with security testers in mind, to

Micro Focus (formerly HP Fortify) Static Code Analyzer accurately tests the security of any third-party or internal applications across 16 different

Tenable Nessus is a network and host security scanner for various flavors of operating systems and out-of-the-box software. It performs over 900

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management

Qualys AssetView detects and inventories all known and unknown assets that connect to your global hybrid-IT environment, gathering detailed

Qualys VM automates the lifecycle of network auditing and vulnerability management across the enterprise, including network discovery and mapping,

Acunetix Standard is a web vulnerability scanner, which automatically tests your websites for over 7,000 security vulnerabilities.

Developer-friendly open source tools for vulnerability scanning and SBOM generation.

Driving Security Innovation in The Cloud Native Community.Our goal is to ensure that security drives faster adoption of cloud native technologies and

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. There are a range of powerful

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and

The most comprehensive database of open source component, vulnerability, and license information—Black Duck software composition analysis solutions

Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find

Bugcrowd reduces risk with coverage powered by our crowdsourced cybersecurity platform. Go beyond vulnerability scanners and traditional penetration

Checkov is a static code analysis tool for infrastructure-as-code.It scans cloud infrastructure provisioned using Terraform, Terraform plan,

Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair. Klar is designed to

Cobalt’s Pentest as a Service (PtaaS) platform coupled with an exclusive community of testers delivers the real-time insights you need to remediate

Establish a continuous testing process to reduce the risk of being hacked through a web application or API Integrate with your current dev stack Set

Scan results seamlessly integrated into 25+ dev workflows, environments, and infrastructures. Accurate, integrated scanning for all your code,

A suite of secret scanners built in Rust for performance.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

DrHEADer helps with the audit of security headers received in response to a single request or a list of requests.

ESLint statically analyzes your code to quickly find problems. ESLint is built into most text editors and you can run ESLint as part of your

A smarter Dockerfile linter that helps you build best practice Docker images. The linter is parsing the Dockerfile into an AST and performs rules on

Harbor provides static analysis of vulnerabilities in images through the open source projects Trivy and Clair.

JFrog Xray is a universal software composition analysis (SCA) solution that natively integrates with Artifactory, giving developers and DevSecOps

If you’re using GitLab CI/CD, you can use Static Application Security Testing (SAST) to check your source code for known vulnerabilities. When a

Scan code as it’s created. Get accurate, actionable security reviews within the developer workflow.

huskyCI makes it easy to find vulnerabilities inside your CI. Runs security tests in multiple languages to find issues before the deployment.

AppScan is intended to test both on-premise and web applications for security vulnerabilities during the development process, when it is least

ImmuniWeb is a global provider of Attack Surface Management, Dark Web Monitoring and Application Penetration Testing services. The Platform combines

Scan your source code for vulnerabilities and get results instantly. Or integrate Kiuwan Code Security with your IDE to build secure applications

An infrastructure configuration scanner that automates checking your Kubernetes configuration against the CIS benchmark for K8s.

Micro Focus Fortify WebInspect is a dynamic application security testing (DAST) tool that identifies application vulnerabilities in deployed web

The Mozilla Observatory has helped over 240,000 websites by teaching developers, system administrators, and security professionals how to configure

Nmap 7.90 has been released with Npcap 1.00 along with dozens of other performance improvements, bug fixes, and feature enhancements!

npm is the world's largest software registry. Open source developers from every continent use npm to share and borrow packages, and many

The OpenSCAP project provides tools that are free to use anywhere you like, for any purpose.Availability of the code results in greater portability –

The OpenSCAP project provides tools that are free to use anywhere you like, for any purpose.Availability of the code results in greater portability –

Qualys Web Application Scanning (WAS) is an all-in-one cloud solution for all your web apps providing continuous web app discovery, detection of

Cybersecurity ratings and insights that make it easy to understand and act on your risks.Automated risk assessments tuned to match your risk appetite.

SonarQube is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing

Sonatype finds critical performance, reliability, and security bugs when they’re easiest to fix — during code review.

sslscan tests SSL/TLS enabled services to discover supported cipher suites

SSLyze is a fast and powerful SSL/TLS scanning library. It allows you to analyze the SSL/TLS configuration of a server by connecting to it, in order

Trivy is a simple and comprehensive vulnerability/misconfiguration scanner for containers and other artifacts.

The Twistlock Platform provides vulnerability management and compliance across the application lifecycle by scanning images and serverless functions

Veracode’s accurate and reliable results mean fewer false positives and less wasted time for you and your team. With made-for developer tools,

Wapiti allows you to audit the security of your websites or web applications. It performs 'black-box' scans of the web application by crawling the

WhiteSource identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces

WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress

Xanitizer specializes in security analysis of web applications and also considers the behavior of the applied web frameworks. By means of static code

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international