Devsecops
Browse 243 devsecops tools
FEATURED
Cloud-native app security platform with discovery, testing, and runtime protection
Cloud-native app security platform with discovery, testing, and runtime protection
Code quality and security platform with SAST, SCA, and AI-powered remediation
Code quality and security platform with SAST, SCA, and AI-powered remediation
Automated security design review platform for developers
Automated security design review platform for developers
AI-powered automated code security remediation bot for vulnerability fixes
AI-powered automated code security remediation bot for vulnerability fixes
AI-native SAST tool providing contextual code security analysis in pull requests
AI-native SAST tool providing contextual code security analysis in pull requests
Automated vulnerability remediation tool that fixes code security issues
Automated vulnerability remediation tool that fixes code security issues
A cloud security platform that combines Kubernetes security scanning, runtime monitoring, and cloud security posture management using Kubescape and eBPF technology.
A cloud security platform that combines Kubernetes security scanning, runtime monitoring, and cloud security posture management using Kubescape and eBPF technology.
AI-native AppSec platform for code-to-runtime security with automated triaging
AI-native AppSec platform for code-to-runtime security with automated triaging
AppSec platform with API discovery, CI/CD-native DAST, and risk oversight
AppSec platform with API discovery, CI/CD-native DAST, and risk oversight
Pipelineless AppSec platform for dev-native risk detection & remediation
Pipelineless AppSec platform for dev-native risk detection & remediation
AI-driven development security platform for vibe coding ecosystems
AI-driven development security platform for vibe coding ecosystems
A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.
A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.
Cloud security platform for visibility, posture mgmt & threat detection
Cloud security platform for visibility, posture mgmt & threat detection
AI-powered SAST tool that finds and auto-fixes code vulnerabilities in real-time
AI-powered SAST tool that finds and auto-fixes code vulnerabilities in real-time
AI-powered platform for identifying, fixing, and governing application security risks
AI-powered platform for identifying, fixing, and governing application security risks
Real-time vulnerability detection and automated fixing for AI-generated code
Real-time vulnerability detection and automated fixing for AI-generated code
A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.
A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.
Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.
Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.
A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.
A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.
Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.
Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.
Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.
Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.
OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft that enables continuous developer-driven security testing through automated fuzzing capabilities.
OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft that enables continuous developer-driven security testing through automated fuzzing capabilities.
Preflight is a Go-based verification tool that helps organizations validate scripts and executables to prevent supply chain attacks by enabling secure self-compilation and trusted distribution methods.
Preflight is a Go-based verification tool that helps organizations validate scripts and executables to prevent supply chain attacks by enabling secure self-compilation and trusted distribution methods.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
