Compliance
Explore 210 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Endian Network is a centralized management platform for lifecycle management, updates, and monitoring of Endian security devices and infrastructure across IT and OT environments.
Endian Network is a centralized management platform for lifecycle management, updates, and monitoring of Endian security devices and infrastructure across IT and OT environments.
XFA is a device security platform that discovers, assesses, and enforces compliance for all devices accessing business platforms while maintaining privacy and device ownership.
XFA is a device security platform that discovers, assesses, and enforces compliance for all devices accessing business platforms while maintaining privacy and device ownership.
Black Kilt Security is a cybersecurity consulting firm that provides strategic planning, technology integration, compliance consulting, security engineering, and cyber forensics services to organizations of various sizes.
Black Kilt Security is a cybersecurity consulting firm that provides strategic planning, technology integration, compliance consulting, security engineering, and cyber forensics services to organizations of various sizes.
Endian Switchboard is a centralized management platform that provides zero-trust security, secure remote access, and network monitoring for IT and OT environments through microsegmentation and identity management.
Endian Switchboard is a centralized management platform that provides zero-trust security, secure remote access, and network monitoring for IT and OT environments through microsegmentation and identity management.
A virtual CISO service that combines a security and compliance automation platform with expert support to provide organizations with cybersecurity leadership and operational capabilities.
A virtual CISO service that combines a security and compliance automation platform with expert support to provide organizations with cybersecurity leadership and operational capabilities.
A cybersecurity consulting service that provides security assessments, compliance guidance, and strategic planning across multiple industries with flexible engagement models.
A cybersecurity consulting service that provides security assessments, compliance guidance, and strategic planning across multiple industries with flexible engagement models.
A comprehensive application security service provider offering manual penetration testing, vulnerability assessment, and security solutions across various industries.
A comprehensive application security service provider offering manual penetration testing, vulnerability assessment, and security solutions across various industries.
Endian Secure Digital Platform provides integrated cybersecurity solutions for IT and OT environments through management tools, security gateways, and endpoint connectivity components.
Endian Secure Digital Platform provides integrated cybersecurity solutions for IT and OT environments through management tools, security gateways, and endpoint connectivity components.
Imprivata VPAM is a Zero-Trust third-party access management platform that provides secure, monitored remote access for vendors to internal privileged assets while maintaining granular access controls and comprehensive audit capabilities.
Imprivata VPAM is a Zero-Trust third-party access management platform that provides secure, monitored remote access for vendors to internal privileged assets while maintaining granular access controls and comprehensive audit capabilities.
A comprehensive cybersecurity consulting service offering security assessments, risk analysis, and implementation of tailored information security management systems for organizations.
A comprehensive cybersecurity consulting service offering security assessments, risk analysis, and implementation of tailored information security management systems for organizations.
A multi-module platform that enables organizations to implement Zero Trust Architecture through integrated security hardening, privileged access management, asset management, and vulnerability management capabilities.
A multi-module platform that enables organizations to implement Zero Trust Architecture through integrated security hardening, privileged access management, asset management, and vulnerability management capabilities.
ZTrust is an identity and access management platform offering SSO, MFA, and password management with support for multiple deployment models and compliance standards.
ZTrust is an identity and access management platform offering SSO, MFA, and password management with support for multiple deployment models and compliance standards.
A cloud-based email security platform that provides comprehensive protection against email threats through multiple security layers, threat intelligence integration, and seamless integration with existing email infrastructures.
A cloud-based email security platform that provides comprehensive protection against email threats through multiple security layers, threat intelligence integration, and seamless integration with existing email infrastructures.
NordLayer ZTNA is a Zero Trust Network Access solution that provides identity-based access controls and network segmentation to secure applications and resources regardless of user location.
NordLayer ZTNA is a Zero Trust Network Access solution that provides identity-based access controls and network segmentation to secure applications and resources regardless of user location.
Venn creates secure enclaves on unmanaged BYOD devices using Blue Border™ technology to visually separate and encrypt work applications and data from personal use.
Venn creates secure enclaves on unmanaged BYOD devices using Blue Border™ technology to visually separate and encrypt work applications and data from personal use.
A cloud-native data security platform that provides data access governance, monitoring, masking, classification, and encryption capabilities with specialized integration for Snowflake environments.
A cloud-native data security platform that provides data access governance, monitoring, masking, classification, and encryption capabilities with specialized integration for Snowflake environments.
A human risk management platform that combines security awareness training, simulated phishing, real-time coaching, and security orchestration to reduce cybersecurity risks associated with human behavior.
A human risk management platform that combines security awareness training, simulated phishing, real-time coaching, and security orchestration to reduce cybersecurity risks associated with human behavior.
An Application Security Posture Management platform that provides visibility, security controls, and risk management across the software development lifecycle from code to cloud deployment.
An Application Security Posture Management platform that provides visibility, security controls, and risk management across the software development lifecycle from code to cloud deployment.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
A platform that provides visibility, monitoring, and control over Large Language Models (LLMs) in production environments to detect and mitigate risks like hallucinations and data leakage.
A platform that provides visibility, monitoring, and control over Large Language Models (LLMs) in production environments to detect and mitigate risks like hallucinations and data leakage.
ZeroThreat is a cloud-based DAST platform that provides automated penetration testing and vulnerability detection for web applications and APIs with AI-driven remediation guidance.
ZeroThreat is a cloud-based DAST platform that provides automated penetration testing and vulnerability detection for web applications and APIs with AI-driven remediation guidance.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.
A security information and event management solution that collects, normalizes, and analyzes log data from across an organization's infrastructure to enhance threat detection and compliance reporting.
A managed security service provider specializing in identity security solutions including IAM, IGA, and PAM with implementation, operational, and advisory services.
A managed security service provider specializing in identity security solutions including IAM, IGA, and PAM with implementation, operational, and advisory services.
A vendor risk management platform that automates assessment, continuously monitors attack surfaces, and correlates security data to verify third-party vendor security postures.
A vendor risk management platform that automates assessment, continuously monitors attack surfaces, and correlates security data to verify third-party vendor security postures.
MX Layer is a cloud-based email security platform that protects organizations against email threats through filtering, archiving, compliance, and data leak prevention capabilities.
MX Layer is a cloud-based email security platform that protects organizations against email threats through filtering, archiving, compliance, and data leak prevention capabilities.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A case management platform for Security Operations Centers that enables collaborative incident response, workflow automation, and compliance reporting throughout the cybersecurity incident response lifecycle.
A compliance management platform that simplifies CMMC Level 1 certification for defense contractors through guided workflows, policy templates, and evidence management tools.
A compliance management platform that simplifies CMMC Level 1 certification for defense contractors through guided workflows, policy templates, and evidence management tools.
A quantum-safe data protection solution that secures data in transit using Layer 4 encryption, crypto-segmentation, and unified security reporting to defend against current and future cryptographic threats.
A quantum-safe data protection solution that secures data in transit using Layer 4 encryption, crypto-segmentation, and unified security reporting to defend against current and future cryptographic threats.
A cloud-based risk management platform that enables healthcare organizations to assess, manage, and share cybersecurity and third-party risk data across a collaborative network of providers and vendors.
A cloud-based risk management platform that enables healthcare organizations to assess, manage, and share cybersecurity and third-party risk data across a collaborative network of providers and vendors.
Strobes Security Consulting Services provides an integrated cybersecurity platform that combines attack surface management, penetration testing, vulnerability management, and application security with expert consulting services.
Strobes Security Consulting Services provides an integrated cybersecurity platform that combines attack surface management, penetration testing, vulnerability management, and application security with expert consulting services.
The Ping Identity Platform is an enterprise identity and access management solution that provides authentication, authorization, and identity governance capabilities with flexible deployment options for securing customer, workforce, and partner identities.
The Ping Identity Platform is an enterprise identity and access management solution that provides authentication, authorization, and identity governance capabilities with flexible deployment options for securing customer, workforce, and partner identities.
A cybersecurity consulting service that provides security assessments, strategy development, and implementation guidance to organizations.
A cybersecurity consulting service that provides security assessments, strategy development, and implementation guidance to organizations.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
A device security analysis platform that provides comprehensive vulnerability scanning, SBOM management, and supply chain security monitoring for connected devices and their components.
A device security analysis platform that provides comprehensive vulnerability scanning, SBOM management, and supply chain security monitoring for connected devices and their components.
A unified data security platform that discovers, classifies, monitors, and protects sensitive data across cloud, SaaS, and on-premises environments while ensuring compliance and automating security processes.
A unified data security platform that discovers, classifies, monitors, and protects sensitive data across cloud, SaaS, and on-premises environments while ensuring compliance and automating security processes.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
Todyl is a modular cybersecurity platform that consolidates SASE, SIEM, EDR/NGAV, MXDR, and GRC capabilities into a single-agent solution with centralized management.
Panorays is a third-party cyber risk management platform that combines external attack surface monitoring with automated security questionnaires to assess, remediate, and continuously monitor vendor security postures.
Panorays is a third-party cyber risk management platform that combines external attack surface monitoring with automated security questionnaires to assess, remediate, and continuously monitor vendor security postures.
An API security platform that provides automated discovery, documentation, and continuous security testing throughout the API lifecycle.
An API security platform that provides automated discovery, documentation, and continuous security testing throughout the API lifecycle.
An AI-powered API security testing platform that performs continuous vulnerability assessment, attack surface mapping, and compliance monitoring of API endpoints.
An AI-powered API security testing platform that performs continuous vulnerability assessment, attack surface mapping, and compliance monitoring of API endpoints.
A pentest management platform that automates reporting workflows, provides client collaboration tools, and streamlines the entire penetration testing lifecycle from scoping to remediation.
A pentest management platform that automates reporting workflows, provides client collaboration tools, and streamlines the entire penetration testing lifecycle from scoping to remediation.
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.
ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.
An automated security testing platform that performs AI-driven penetration testing and vulnerability assessment for web applications and APIs with compliance reporting capabilities.
An automated security testing platform that performs AI-driven penetration testing and vulnerability assessment for web applications and APIs with compliance reporting capabilities.
A remediation operations platform that streamlines vulnerability management by connecting security findings to fixing teams through automated workflows.
A remediation operations platform that streamlines vulnerability management by connecting security findings to fixing teams through automated workflows.
An Application Security Posture Management platform that provides visibility, security controls, and automated workflows across the software development lifecycle from code to cloud.
An Application Security Posture Management platform that provides visibility, security controls, and automated workflows across the software development lifecycle from code to cloud.
An API security and governance platform that provides discovery, security testing, compliance monitoring and lifecycle management capabilities for enterprise API implementations.
An API security and governance platform that provides discovery, security testing, compliance monitoring and lifecycle management capabilities for enterprise API implementations.
A comprehensive application security platform that combines runtime protection, security testing, and monitoring capabilities across the entire application lifecycle.
A comprehensive application security platform that combines runtime protection, security testing, and monitoring capabilities across the entire application lifecycle.
A cloud-based identity and access management solution that provides access governance, compliance monitoring, and risk management for hybrid environments.
A cloud-based identity and access management solution that provides access governance, compliance monitoring, and risk management for hybrid environments.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
ASPIA InfoTech offers a unified platform for enterprise security workflow automation with solutions spanning application security, vulnerability management, GRC, and security incident management.
ASPIA InfoTech offers a unified platform for enterprise security workflow automation with solutions spanning application security, vulnerability management, GRC, and security incident management.
A cloud-native security platform that provides asset inventory, vulnerability management, compliance monitoring, and security posture management across multiple cloud providers.
A cloud-native security platform that provides asset inventory, vulnerability management, compliance monitoring, and security posture management across multiple cloud providers.
An AI-powered data security governance platform that autonomously discovers, classifies, monitors, and protects sensitive information across cloud and on-premises environments.
An AI-powered data security governance platform that autonomously discovers, classifies, monitors, and protects sensitive information across cloud and on-premises environments.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
A centralized application security posture management platform that integrates security tools, automates workflows, and provides visibility into application security risks.
A centralized application security posture management platform that integrates security tools, automates workflows, and provides visibility into application security risks.
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.
A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
DerScanner is a comprehensive application security testing platform that combines SAST, DAST, MAST, SCA, and Binary Analysis capabilities with support for on-premises deployment and CI/CD integration.
DerScanner is a comprehensive application security testing platform that combines SAST, DAST, MAST, SCA, and Binary Analysis capabilities with support for on-premises deployment and CI/CD integration.
An endpoint data loss prevention solution that discovers, classifies, and protects sensitive data while controlling data transfer methods and mitigating insider threats.
An endpoint data loss prevention solution that discovers, classifies, and protects sensitive data while controlling data transfer methods and mitigating insider threats.
A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.
A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
Pathlock is an identity security platform that provides compliance-focused governance, access management, and continuous controls monitoring across enterprise applications with particular emphasis on ERP systems.
Pathlock is an identity security platform that provides compliance-focused governance, access management, and continuous controls monitoring across enterprise applications with particular emphasis on ERP systems.
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
Egress Prevent is an email data loss prevention solution that uses AI to detect and prevent outbound email breaches, misdirected emails, and accidental data exposure.
Egress Prevent is an email data loss prevention solution that uses AI to detect and prevent outbound email breaches, misdirected emails, and accidental data exposure.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
A cloud and database asset intelligence platform that provides continuous monitoring, compliance management, and security posture assessment across hybrid cloud environments.
A cloud and database asset intelligence platform that provides continuous monitoring, compliance management, and security posture assessment across hybrid cloud environments.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
Kiteworks is a unified platform that secures, tracks, and controls sensitive content communications across email, file sharing, managed file transfer, and web forms to ensure regulatory compliance and data protection.
Kiteworks is a unified platform that secures, tracks, and controls sensitive content communications across email, file sharing, managed file transfer, and web forms to ensure regulatory compliance and data protection.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
A vulnerability and exposure management platform that unifies security tool data, automates workflows, and provides risk-based prioritization for enterprise vulnerability management programs.
A vulnerability and exposure management platform that unifies security tool data, automates workflows, and provides risk-based prioritization for enterprise vulnerability management programs.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.
Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.
An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.
Data Theorem API Secure is an application security platform that combines SAST, DAST, IAST, and SCA testing methodologies to provide comprehensive security assessment and monitoring for APIs and modern applications throughout their development lifecycle.
Data Theorem API Secure is an application security platform that combines SAST, DAST, IAST, and SCA testing methodologies to provide comprehensive security assessment and monitoring for APIs and modern applications throughout their development lifecycle.
A Non-Human Identity Management platform that provides discovery, security, and lifecycle management for machine identities across hybrid cloud environments.
A Non-Human Identity Management platform that provides discovery, security, and lifecycle management for machine identities across hybrid cloud environments.
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
A data security and AI governance platform that provides unified control and management of data assets across hybrid cloud environments with focus on AI security and compliance.
A data security and AI governance platform that provides unified control and management of data assets across hybrid cloud environments with focus on AI security and compliance.
Security design review automation tool that scans design documents and provides security requirements to development teams during the planning phase.
Security design review automation tool that scans design documents and provides security requirements to development teams during the planning phase.
A platform that provides visibility and security monitoring of hardware, firmware, and software components in IT infrastructure to identify supply chain risks and vulnerabilities.
A platform that provides visibility and security monitoring of hardware, firmware, and software components in IT infrastructure to identify supply chain risks and vulnerabilities.
A data security platform that provides automated sensitive data discovery, access control, monitoring, and compliance capabilities for organizations managing data across multiple storage platforms.
A data security platform that provides automated sensitive data discovery, access control, monitoring, and compliance capabilities for organizations managing data across multiple storage platforms.
Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.
Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.
A security platform that provides monitoring, control, and protection mechanisms for organizations using generative AI and large language models.
A security platform that provides monitoring, control, and protection mechanisms for organizations using generative AI and large language models.
Unbound is a security platform that enables enterprises to control and protect the use of generative AI applications by employees while safeguarding sensitive information.
Unbound is a security platform that enables enterprises to control and protect the use of generative AI applications by employees while safeguarding sensitive information.
Uno.ai is an AI-powered GRC platform that automates various governance, risk, and compliance processes to enhance efficiency and risk management.
Uno.ai is an AI-powered GRC platform that automates various governance, risk, and compliance processes to enhance efficiency and risk management.
A-LIGN provides cybersecurity compliance audits and certifications, offering a range of services including SOC 2, ISO 27001, HITRUST, and FedRAMP, along with a technology platform for audit management.
A-LIGN provides cybersecurity compliance audits and certifications, offering a range of services including SOC 2, ISO 27001, HITRUST, and FedRAMP, along with a technology platform for audit management.
Wald.ai is an AI security platform that provides enterprise access to multiple AI assistants while ensuring data protection and regulatory compliance.
Wald.ai is an AI security platform that provides enterprise access to multiple AI assistants while ensuring data protection and regulatory compliance.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
ScubaGear is a PowerShell-based assessment tool that evaluates Microsoft 365 tenant configurations against CISA security baselines using Open Policy Agent and generates compliance reports.
ScubaGear is a PowerShell-based assessment tool that evaluates Microsoft 365 tenant configurations against CISA security baselines using Open Policy Agent and generates compliance reports.
PII Crawler is a data scanning tool that identifies and locates Personally Identifiable Information in various file types and databases.
PII Crawler is a data scanning tool that identifies and locates Personally Identifiable Information in various file types and databases.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.
API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.
Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.
Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.
Online IT Security and Privacy Awareness training courses to help companies meet compliance requirements and reduce cybersecurity risks.
Online IT Security and Privacy Awareness training courses to help companies meet compliance requirements and reduce cybersecurity risks.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ServiceNow Governance, Risk, and Compliance (GRC) is an integrated suite of products that enables organizations to build operational resilience, mitigate risks, and ensure compliance across the enterprise through a unified platform, data model, AI-powered insights, and automated workflows.
ServiceNow Governance, Risk, and Compliance (GRC) is an integrated suite of products that enables organizations to build operational resilience, mitigate risks, and ensure compliance across the enterprise through a unified platform, data model, AI-powered insights, and automated workflows.
SAP GRC and cybersecurity solutions provide integrated capabilities for managing enterprise risk, compliance, international trade, cybersecurity, and identity and access governance, leveraging predictive analytics, real-time monitoring, and automation.
SAP GRC and cybersecurity solutions provide integrated capabilities for managing enterprise risk, compliance, international trade, cybersecurity, and identity and access governance, leveraging predictive analytics, real-time monitoring, and automation.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
Drata is a cloud-based platform that automates security and compliance processes, evidence collection, and audit preparation for various industry standards and regulations.
Drata is a cloud-based platform that automates security and compliance processes, evidence collection, and audit preparation for various industry standards and regulations.
A tool for achieving and proving compliance with NIST 800-171 and CMMC cybersecurity requirements
A tool for achieving and proving compliance with NIST 800-171 and CMMC cybersecurity requirements
Verity is a comprehensive compliance management tool that helps organizations manage their governance, risk, and compliance initiatives.
Verity is a comprehensive compliance management tool that helps organizations manage their governance, risk, and compliance initiatives.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
A tool for discovering, analyzing, and remedying sensitive data
A tool for discovering, analyzing, and remedying sensitive data
A next-generation file integrity monitoring and change detection system
A next-generation file integrity monitoring and change detection system
A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.
A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A GaaS platform that simplifies and streamlines compliance processes for MSPs, ensuring their policies are properly aligned, authorized, adopted, and assessed.
A GaaS platform that simplifies and streamlines compliance processes for MSPs, ensuring their policies are properly aligned, authorized, adopted, and assessed.
Retraced is an audit logging solution that provides compliant, searchable audit trails for applications with client libraries for Go and JavaScript.
InfoRisk Today is a key resource for news and insights on information risk management and cybersecurity education.
InfoRisk Today is a key resource for news and insights on information risk management and cybersecurity education.
Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.
Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.
Access Undenied on AWS analyzes CloudTrail AccessDenied events to explain access denial reasons and provide least-privilege remediation suggestions.
Access Undenied on AWS analyzes CloudTrail AccessDenied events to explain access denial reasons and provide least-privilege remediation suggestions.
A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.
A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.
A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.
A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.
Prowler is an open source multi-cloud security assessment tool that performs audits, compliance checks, and security evaluations across AWS, Azure, GCP, and Kubernetes environments.
Prowler is an open source multi-cloud security assessment tool that performs audits, compliance checks, and security evaluations across AWS, Azure, GCP, and Kubernetes environments.
An automated security response system for Google Cloud that processes Security Command Center findings and executes predefined remediation actions like disk snapshots, IAM revocation, and notifications.
An automated security response system for Google Cloud that processes Security Command Center findings and executes predefined remediation actions like disk snapshots, IAM revocation, and notifications.
A configurable data destruction toolkit that securely erases sensitive virtual data, temporary files, and swap memory using customizable overwrite methods.
A configurable data destruction toolkit that securely erases sensitive virtual data, temporary files, and swap memory using customizable overwrite methods.
An open-source policy-as-code platform that analyzes multi-cloud and SaaS environments using SQL and YAML policies with GPT integration for security, cost, and architecture assessments.
An open-source policy-as-code platform that analyzes multi-cloud and SaaS environments using SQL and YAML policies with GPT integration for security, cost, and architecture assessments.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.
Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.
Watchmen is a framework that centralizes AWS Config rule lambda functions into a single account for streamlined compliance management and automation.
Watchmen is a framework that centralizes AWS Config rule lambda functions into a single account for streamlined compliance management and automation.
Cloud Custodian is a YAML-based rules engine that manages and enforces security, compliance, and cost optimization policies across AWS, Azure, and GCP cloud environments in real-time.
Cloud Custodian is a YAML-based rules engine that manages and enforces security, compliance, and cost optimization policies across AWS, Azure, and GCP cloud environments in real-time.
A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.
A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.
CustomProcessor is a policy management tool that enables users to create and manage custom policies for IETF policy frameworks through a user-friendly interface.
CustomProcessor is a policy management tool that enables users to create and manage custom policies for IETF policy frameworks through a user-friendly interface.
An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.
An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
PacBot is a cloud security platform that provides continuous compliance monitoring, automated policy enforcement, and security reporting through policy-as-code implementation and multi-source data integration.
PacBot is a cloud security platform that provides continuous compliance monitoring, automated policy enforcement, and security reporting through policy-as-code implementation and multi-source data integration.
On-demand access to AWS and ISV compliance reports with time-saving benefits.
An open-source framework that inventories and manages AWS resources across multiple accounts by collecting data via Cross Account Assume Roles and storing it in a centralized S3 bucket for analysis.
An open-source framework that inventories and manages AWS resources across multiple accounts by collecting data via Cross Account Assume Roles and storing it in a centralized S3 bucket for analysis.
A comprehensive AWS security automation toolkit that provides event monitoring, data protection, resource management, and security configuration validation across AWS environments.
A comprehensive AWS security automation toolkit that provides event monitoring, data protection, resource management, and security configuration validation across AWS environments.
A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.
A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.
A cloud security assessment tool that collects cloud resource information, analyzes it against best practices, and generates compliance reports in multiple formats.
A cloud security assessment tool that collects cloud resource information, analyzes it against best practices, and generates compliance reports in multiple formats.
A summary of the threat modeling posts and final thoughts on the process
A summary of the threat modeling posts and final thoughts on the process
Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.
Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.
Continually audit your AWS usage to simplify risk and compliance assessment.
Continually audit your AWS usage to simplify risk and compliance assessment.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
A standalone Python script that audits system configurations against CIS Hardening Benchmarks to assess compliance readiness without requiring installation or dependencies.
A standalone Python script that audits system configurations against CIS Hardening Benchmarks to assess compliance readiness without requiring installation or dependencies.
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
A comprehensive guide providing step-by-step instructions for hardening GNU/Linux systems using industry standards like CIS, STIG, NIST, and PCI-DSS.
A comprehensive guide providing step-by-step instructions for hardening GNU/Linux systems using industry standards like CIS, STIG, NIST, and PCI-DSS.
A Microsoft Word template library for implementing industrial information security management systems with documentation for policy, risk management, business continuity, and incident handling.
A Microsoft Word template library for implementing industrial information security management systems with documentation for policy, risk management, business continuity, and incident handling.
Repokid automatically removes unused service permissions from AWS IAM role inline policies using Access Advisor data to implement least privilege access.
ZeusCloud is an open source cloud security platform that discovers AWS assets, identifies attack paths, and provides remediation guidance with customizable compliance controls.
ZeusCloud is an open source cloud security platform that discovers AWS assets, identifies attack paths, and provides remediation guidance with customizable compliance controls.
An archived community-driven collection of open source cloud security tools that provided monitoring and compliance capabilities for cloud infrastructure.
An archived community-driven collection of open source cloud security tools that provided monitoring and compliance capabilities for cloud infrastructure.
CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.
CSET is a free Windows-based tool that helps organizations identify cybersecurity vulnerabilities in enterprise and industrial control systems using hybrid risk and standards-based assessment approaches.
CFRipper is a security analyzer for AWS CloudFormation templates that identifies vulnerabilities and misconfigurations before cloud deployment.
CFRipper is a security analyzer for AWS CloudFormation templates that identifies vulnerabilities and misconfigurations before cloud deployment.
aws-allowlister automatically generates AWS Service Control Policies that restrict access to only compliance-framework-approved AWS services.
aws-allowlister automatically generates AWS Service Control Policies that restrict access to only compliance-framework-approved AWS services.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A tool for monitoring and managing device compliance and security across multiple platforms
A tool for monitoring and managing device compliance and security across multiple platforms
A Terraform module that establishes security baseline configurations for AWS accounts based on CIS benchmarks and AWS security best practices.
A Terraform module that establishes security baseline configurations for AWS accounts based on CIS benchmarks and AWS security best practices.
A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.
A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.
A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.
An automated AWS security compliance remediation system that uses Lambda functions and SQS queues to automatically fix security violations detected by AWS Config.
An automated AWS security compliance remediation system that uses Lambda functions and SQS queues to automatically fix security violations detected by AWS Config.
A shell script-based Unix security auditing tool that generates scored compliance reports based on CIS frameworks and provides lockdown capabilities with rollback functionality.
A shell script-based Unix security auditing tool that generates scored compliance reports based on CIS frameworks and provides lockdown capabilities with rollback functionality.
Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.
Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.
Assess, audit, and evaluate configurations of AWS resources.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
Cloud Inquisitor is an AWS security tool that monitors resource ownership, detects domain hijacking, verifies security services, and manages IAM policies across multiple accounts.
Cloud Inquisitor is an AWS security tool that monitors resource ownership, detects domain hijacking, verifies security services, and manages IAM policies across multiple accounts.
A collection of automation scripts that quickly enable essential AWS security and compliance features that are not activated by default in AWS accounts.
A collection of automation scripts that quickly enable essential AWS security and compliance features that are not activated by default in AWS accounts.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.
A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.
A collection of AWS security benchmark resources including CIS Foundations Benchmark 1.1, best practices guides, and configuration documentation for securing Amazon Web Services environments.
A collection of AWS security benchmark resources including CIS Foundations Benchmark 1.1, best practices guides, and configuration documentation for securing Amazon Web Services environments.
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
A tool that generates Terraform files for creating Azure Policy Initiatives to implement cloud security guardrails and enforce organizational standards at scale.
A tool that generates Terraform files for creating Azure Policy Initiatives to implement cloud security guardrails and enforce organizational standards at scale.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
A system for reserving classrooms at the University of Pisa.
A system for reserving classrooms at the University of Pisa.
BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.
BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.
PrismX is a cloud security dashboard that provides centralized AWS security monitoring based on CIS benchmarks with JIRA integration for issue management.
PrismX is a cloud security dashboard that provides centralized AWS security monitoring based on CIS benchmarks with JIRA integration for issue management.
A centralized platform for managing open source components and automating software supply chain security.
A centralized platform for managing open source components and automating software supply chain security.
A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.
A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.
A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.
A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
A community-driven GRC solution that is simple, affordable, and open-source.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
A community repository of custom AWS Config rules for evaluating AWS resource configurations against compliance and security standards.
A community repository of custom AWS Config rules for evaluating AWS resource configurations against compliance and security standards.
A free online tool that scans and fixes common security issues in WordPress websites.
A free online tool that scans and fixes common security issues in WordPress websites.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
Security Monkey monitors AWS, GCP, and OpenStack environments for policy changes and insecure configurations, providing historical tracking and alerting capabilities through a centralized interface.
Security Monkey monitors AWS, GCP, and OpenStack environments for policy changes and insecure configurations, providing historical tracking and alerting capabilities through a centralized interface.
A comprehensive guide to securing Industrial Control Systems (ICS) from cyber threats, published by NIST.
A comprehensive guide to securing Industrial Control Systems (ICS) from cyber threats, published by NIST.
Absolute Security provides a comprehensive cybersecurity platform that offers endpoint-to-network access coverage, automated security compliance, and secure endpoint and access solutions.
Absolute Security provides a comprehensive cybersecurity platform that offers endpoint-to-network access coverage, automated security compliance, and secure endpoint and access solutions.
Receive important notifications and updates related to North American electric grid security.
Receive important notifications and updates related to North American electric grid security.
An AWS IAM security assessment tool that identifies least privilege violations and generates risk-prioritized reports for IAM policy remediation.
An AWS IAM security assessment tool that identifies least privilege violations and generates risk-prioritized reports for IAM policy remediation.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
AirIAM analyzes AWS IAM usage patterns and generates least-privilege Terraform configurations to optimize cloud access management.
rpCheckup is an AWS resource policy security analysis tool that identifies public, external, intra-organizational, and private resource access patterns across AWS accounts.
rpCheckup is an AWS resource policy security analysis tool that identifies public, external, intra-organizational, and private resource access patterns across AWS accounts.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.
Lockdown Enterprise is a subscription service for Ansible Lockdown to automate security benchmark compliance.
Lockdown Enterprise is a subscription service for Ansible Lockdown to automate security benchmark compliance.
A community website for API security news, vulnerabilities, and best practices
A community website for API security news, vulnerabilities, and best practices
A command-line tool that performs automated IAM policy security linting across AWS accounts and organizations using AWS Access Analyzer validation.
A command-line tool that performs automated IAM policy security linting across AWS accounts and organizations using AWS Access Analyzer validation.
Fleet is an open-source endpoint management platform that provides device management, vulnerability reporting, and security monitoring capabilities for IT and security teams managing large computer environments.
Fleet is an open-source endpoint management platform that provides device management, vulnerability reporting, and security monitoring capabilities for IT and security teams managing large computer environments.
Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.
Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
Zeus is an AWS security auditing and hardening tool that evaluates cloud configurations against CIS benchmarks and can automatically apply recommended security settings.
Zeus is an AWS security auditing and hardening tool that evaluates cloud configurations against CIS benchmarks and can automatically apply recommended security settings.
Scout Suite is an open source multi-cloud security auditing tool that gathers configuration data via cloud provider APIs to identify risks and provide visibility into cloud attack surfaces.
Scout Suite is an open source multi-cloud security auditing tool that gathers configuration data via cloud provider APIs to identify risks and provide visibility into cloud attack surfaces.
Validate baseline cybersecurity skills with CompTIA Security+ certification.
Validate baseline cybersecurity skills with CompTIA Security+ certification.
