Security Tools
🤖
Harness Security
Freemium
Harness Security Testing Orchestration is a developer-first security platform that integrates SAST, DAST, SCA, container scanning, and secrets detection into CI/CD pipelines with intelligent deduplication and false positive reduction that dramatically reduces the noise developers experience from traditional security scanners. Its AI baselines scan results and surfaces only new, verified vulnerabilities in each pipeline run, making security feedback actionable rather than overwhelming. Platform engineering and DevSecOps teams use Harness Security to shift security left without sacrificing developer velocity or burying teams in unactionable security alerts.
🤖
Oligo Security
Paid
Oligo Security is a runtime application security platform that uses eBPF technology to monitor open-source library behavior in production, detecting exploited vulnerabilities based on actual malicious behavior rather than static CVE lists. It identifies when vulnerable code paths are actually executed and exploited in runtime, eliminating the false positive overload of dependency scanners that flag vulnerabilities in code that is never actually called. AppSec teams at companies overwhelmed by CVE scanner noise use Oligo to focus remediation exclusively on vulnerabilities that represent real, exploitable production risk rather than theoretical exposure.
🤖
Endor Labs
Freemium
Endor Labs is a software supply chain security platform that focuses on dependency lifecycle management, helping development and security teams select safe open-source packages, continuously monitor for new vulnerabilities in dependencies, and prioritize remediation based on actual reachability analysis rather than simple CVE counts. Its call graph analysis determines whether vulnerable functions in dependencies are actually reachable from application code, reducing actionable findings by up to 95 percent compared to traditional SCA tools. Engineering and security teams at software companies use Endor Labs to manage open-source risk intelligently without creating unsustainable remediation backlogs.
🤖
VulnCheck
Freemium
VulnCheck is a vulnerability intelligence platform that provides faster, more comprehensive vulnerability data than the NVD by enriching CVE information with exploit intelligence, proof-of-concept availability, in-the-wild exploitation evidence, and affected package mappings in near real time. Its KEV enrichment and exploit prediction scoring help security teams understand which vulnerabilities require immediate action versus which can wait for scheduled patching cycles. Vulnerability management programs, threat intelligence teams, and security tooling vendors use VulnCheck to make smarter patching prioritization decisions based on actual exploitation risk rather than CVSS scores alone.
🤖
Ox Security
Paid
Ox Security is an end-to-end software supply chain security platform that maps and secures every component of the SDLC from source code repositories through CI/CD pipelines, artifact registries, and production deployment, providing a unified pipeline bill of materials and continuous security posture assessment. Its pipeline security analysis detects misconfigurations, excessive permissions, unprotected secrets, and attack injection points across development infrastructure that traditional security tools focused on application code miss entirely. DevSecOps leaders and platform security teams use Ox Security to secure the development pipeline itself as a critical attack surface alongside the applications it produces.
🤖
Appdome
Paid
Appdome is a mobile app security platform that enables security, engineering, and DevOps teams to add comprehensive security protections to Android and iOS applications without writing code, using an AI-powered build system that integrates security features into app binaries automatically as part of the CI/CD pipeline. It covers anti-tampering, root and jailbreak detection, code obfuscation, SSL pinning, and mobile threat defense in a single unified platform. Mobile app developers, security teams, and DevSecOps engineers use Appdome to protect consumer and enterprise mobile applications from reverse engineering, fraud, and runtime attacks without the development cost of building security features from scratch.
🤖
Checkmarx
Paid
Checkmarx is an application security testing platform that provides SAST, SCA, DAST, API security testing, and IaC scanning in a unified solution that integrates across the SDLC from IDE through CI/CD pipeline to production monitoring. Its AI-powered correlation engine reduces false positives and prioritizes findings by exploitability, helping development and security teams focus remediation effort on the vulnerabilities that represent real production risk. Enterprise AppSec programs use Checkmarx to implement a comprehensive application security testing strategy that covers all vulnerability categories with a single vendor platform and unified reporting across the entire software portfolio.
🤖
Deepsource
Freemium
DeepSource is a static analysis and code quality platform that continuously reviews code changes for bugs, security vulnerabilities, performance issues, and anti-patterns across Python, JavaScript, TypeScript, Go, Ruby, and other languages, providing actionable fix guidance directly in pull requests. Its AI autofix feature automatically generates code fixes for many detected issues, enabling developers to remediate vulnerabilities with a single click. Engineering teams that prioritize code quality and shift-left security use DeepSource to catch issues at code review time rather than in production, improving codebase health incrementally with every pull request.
🤖
Veracode
Paid
Veracode is an application security testing platform that provides cloud-based SAST, DAST, SCA, and penetration testing services with AI-assisted remediation guidance that helps developers fix vulnerabilities faster. Its Fix feature uses generative AI to suggest code-level remediations for security vulnerabilities in context, reducing the time developers spend understanding and addressing security findings. Enterprise AppSec programs use Veracode for its comprehensive testing coverage, compliance reporting capabilities for standards like PCI DSS and HIPAA, and developer-centric remediation workflow that makes security fixes actionable rather than overwhelming.
🤖
Legitify
Free
Legitify is a policy-as-code tool that continuously audits GitHub and GitLab configurations for security misconfigurations including overly permissive branch protections, excessive admin access, disabled required code reviews, and insecure repository settings that create supply chain attack vectors. It maps findings to SLSA supply chain security framework requirements and provides prioritized remediation guidance for each misconfiguration. DevSecOps and platform security teams use Legitify to enforce SCM security baselines and continuously monitor for configuration drift that could expose their source code and CI/CD pipelines to supply chain attacks.
🤖
Wazuh
Free
Wazuh is a free, open-source security platform that provides unified SIEM, XDR, and compliance capabilities for on-premises, cloud, and hybrid environments through a lightweight agent that collects and analyzes security events from endpoints, applications, and infrastructure. Its built-in rules and decoders detect threats including malware, rootkits, privilege escalation, and configuration violations, while its compliance modules map findings to PCI DSS, HIPAA, NIST, and other regulatory frameworks. Security teams at organizations seeking enterprise-grade security monitoring without commercial SIEM licensing costs use Wazuh for its comprehensive detection capabilities, active open-source community, and full deployment flexibility.
🤖
Tenable Nessus
Freemium
Tenable Nessus is the most widely deployed vulnerability scanner in the world that provides comprehensive vulnerability assessment for network devices, operating systems, applications, and cloud infrastructure through an extensive plugin library covering over 60,000 CVEs and configuration checks. Its AI-powered prioritization helps security teams focus remediation effort on vulnerabilities with the highest actual exploitability risk rather than raw CVSS score. Security teams at organizations of all sizes use Nessus for its breadth of coverage, accuracy, and the trusted industry standard status it has maintained for decades of continuous vulnerability research and plugin development.
Browse Other Categories
Image Generation
Video AI
Productivity
AI Tool
Writing & Content
Audio & Music
Code & Developer
AI Companion
Gaming AI
LLM & Models
Data & Analytics
Finance
Framework
Marketing
Education
Legal
MLOps
Directory
E-commerce
AI Agents
APIs
Automation
Cybersecurity AI
Database
Healthcare AI
HR & Recruiting
NLP
Platform
Real Estate AI
Research
Search