Atlassian
Atlassian JIRA lets you prioritize, assign, track, report and audit your issues, whatever they may be: from software bugs and help-desk tickets to project tasks and change requests.
The SQUAD1 Smart Connector Framework automates data ingestion from diverse sources like flat files, XML, web service API, or dedicated connectors.
Atlassian JIRA lets you prioritize, assign, track, report and audit your issues, whatever they may be: from software bugs and help-desk tickets to project tasks and change requests.
Portswigger Burp web scanner is a state-of-the-art vulnerability scanner for web applications. It is designed with security testers in mind, to integrate closely with your existing techniques and methodologies for manual and automated pentesting.
Micro Focus (formerly HP Fortify) Static Code Analyzer accurately tests the security of any third-party or internal applications across 16 different programming languages and detects more than 100 different types of security vulnerabilities.
Tenable Nessus is a network and host security scanner for various flavors of operating systems and out-of-the-box software. It performs over 900 remote security checks, and suggests solutions for security problems.
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
Qualys AssetView detects and inventories all known and unknown assets that connect to your global hybrid-IT environment, gathering detailed information, such as an assets’ details, running services, and installed software.
Qualys VM automates the lifecycle of network auditing and vulnerability management across the enterprise, including network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking.
Acunetix Standard is a web vulnerability scanner, which automatically tests your websites for over 7,000 security vulnerabilities.
Driving Security Innovation in The Cloud Native Community.Our goal is to ensure that security drives faster adoption of cloud native technologies and processes, while avoiding security risks. Open source drives this forward.
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. There are a range of powerful security tools at your disposal, from firewalls and endpoint protection to vulnerability and compliance scanners.
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls and many more additional checks that help on GDPR, HIPAA and other security frameworks.
The most comprehensive database of open source component, vulnerability, and license information—Black Duck software composition analysis solutions and open source audits give you the insight you need to track the open source in your code, mitigate security and license compliance risks, and automatically enforce open source policies using your existing DevOps tools and processes.
Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.
Bugcrowd reduces risk with coverage powered by our crowdsourced cybersecurity platform. Go beyond vulnerability scanners and traditional penetration tests with trusted security expertise that scales — and find critical issues faster.
Checkov is a static code analysis tool for infrastructure-as-code.It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, Kubernetes, Dockerfile, Serverless or ARM Templates and detects security and compliance misconfigurations using graph-based scanning.
Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair. Klar is designed to be used as an integration tool so it relies on enviroment variables. It's a single binary which requires no dependencies. Klar serves as a client which coordinates the image checks between the Docker registry and Clair.
Cobalt’s Pentest as a Service (PtaaS) platform coupled with an exclusive community of testers delivers the real-time insights you need to remediate risk quickly and innovate securely.
Establish a continuous testing process to reduce the risk of being hacked through a web application or API Integrate with your current dev stack Set up and start scanning your web applications, JavaScript or API in minutes.
Scan results seamlessly integrated into 25+ dev workflows, environments, and infrastructures. Accurate, integrated scanning for all your code, providing actionable security insights and visibility across every application and environment.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM).
DrHEADer helps with the audit of security headers received in response to a single request or a list of requests.
ESLint statically analyzes your code to quickly find problems. ESLint is built into most text editors and you can run ESLint as part of your continuous integration pipeline.
A smarter Dockerfile linter that helps you build best practice Docker images. The linter is parsing the Dockerfile into an AST and performs rules on top of the AST. It is standing on the shoulders of ShellCheck to lint the Bash code inside RUN instructions.
Harbor provides static analysis of vulnerabilities in images through the open source projects Trivy and Clair.
JFrog Xray is a universal software composition analysis (SCA) solution that natively integrates with Artifactory, giving developers and DevSecOps teams an easy way to proactively identify vulnerabilities on open source and license compliance violations, before they manifest in production releases.
If you’re using GitLab CI/CD, you can use Static Application Security Testing (SAST) to check your source code for known vulnerabilities. When a pipeline completes, the results of the SAST analysis are processed and shown in the pipeline’s Security tab. If the pipeline is associated with a merge request, the SAST analysis is compared with the results of the target branch’s analysis (if available). The results of that comparison are shown in the merge request.
Scan code as it’s created. Get accurate, actionable security reviews within the developer workflow.
huskyCI makes it easy to find vulnerabilities inside your CI. Runs security tests in multiple languages to find issues before the deployment.
AppScan is intended to test both on-premise and web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems.
ImmuniWeb is a global provider of Attack Surface Management, Dark Web Monitoring and Application Penetration Testing services. The Platform combines human intelligence with award-winning AI technology to offer highest quality of service and best value for money.
Scan your source code for vulnerabilities and get results instantly. Or integrate Kiuwan Code Security with your IDE to build secure applications from the start.
An infrastructure configuration scanner that automates checking your Kubernetes configuration against the CIS benchmark for K8s.
Micro Focus Fortify WebInspect is a dynamic application security testing (DAST) tool that identifies application vulnerabilities in deployed web applications and services.
The Mozilla Observatory has helped over 240,000 websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.
Nmap 7.90 has been released with Npcap 1.00 along with dozens of other performance improvements, bug fixes, and feature enhancements!
npm is the world's largest software registry. Open source developers from every continent use npm to share and borrow packages, and many organizations use npm to manage private development as well.
The OpenSCAP project provides tools that are free to use anywhere you like, for any purpose.Availability of the code results in greater portability – anyone can send patches to add support for their platform of choice.
The OpenSCAP project provides tools that are free to use anywhere you like, for any purpose.Availability of the code results in greater portability – anyone can send patches to add support for their platform of choice.
Qualys Web Application Scanning (WAS) is an all-in-one cloud solution for all your web apps providing continuous web app discovery, detection of vulnerabilities and misconfigurations,virtual patching, and quarantining.
Cybersecurity ratings and insights that make it easy to understand and act on your risks.Automated risk assessments tuned to match your risk appetite.
SonarQube is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.
Sonatype finds critical performance, reliability, and security bugs when they’re easiest to fix — during code review.
SSLyze is a fast and powerful SSL/TLS scanning library. It allows you to analyze the SSL/TLS configuration of a server by connecting to it, in order to detect various issues (bad certificate, weak cipher suites, Heartbleed, ROBOT, TLS 1.3 support, etc.).
Trivy is a simple and comprehensive vulnerability/misconfiguration scanner for containers and other artifacts.
The Twistlock Platform provides vulnerability management and compliance across the application lifecycle by scanning images and serverless functions to prevent security and compliance issues from progressing through the development pipeline, and continuously monitoring all registries and environments.
Veracode’s accurate and reliable results mean fewer false positives and less wasted time for you and your team. With made-for developer tools, integrations, and remediation guidance when you need it, you can react and respond efficiently and confidently.
Wapiti allows you to audit the security of your websites or web applications. It performs 'black-box' scans of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
WhiteSource identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle. The result? Faster, smoother development without compromising on security.
WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes.Since it is a WordPress black box scanner, it mimics a real attacker.
Xanitizer specializes in security analysis of web applications and also considers the behavior of the applied web frameworks. By means of static code analysis the tool systematically scans the program code of an entire system for security vulnerabilities. Xanitizer investigates not only the source code, but also configuration files and templates for rendering the HTML output.
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.
Engage in a brief discussion for tailored security assessments, live product demo showcasing SQUAD1's integration capabilities with premium security scanners and explore customized Security Assessment workflows—all with no commitment necessary.
