Scans artifacts across SDLC for vulnerabilities, malware, secrets & misconfigs

Vulnerability Management

Aqua Software Supply Chain Security

Full lifecycle software supply chain security platform for code integrity

Application Security

Checkmarx One Assist

AI-powered AppSec platform with agentic agents for vulnerability prevention & fix

Application Security

OPSWAT MetaDefender Software Supply Chain

Secures SDLC with malware detection, vuln scanning, SBOM gen & secret detection

Application Security

CloudMatos MatosSphere

IaC scanning tool for Terraform, CloudFormation, and Kubernetes configurations

Cloud Security

Anchore Secure

Container & source code scanning for vulnerabilities, malware, and secrets

Application Security

GuardRails

DevSecOps platform for vulnerability detection and developer security training

Application Security

Wallarm API Attack Surface Management

Agentless API attack surface discovery and vulnerability detection platform

Attack Surface

Cycode ASPM

ASPM platform providing visibility, prioritization, and remediation from code to cloud

Application Security

Jsmon 2.0

JavaScript security scanner for detecting vulnerabilities in third-party scripts

Application Security

Seekrets OSS

A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.

Application Security

Free

Arnica Pipelineless AppSec

Pipelineless AppSec platform for dev-native risk detection & remediation

Application Security

Anchore Anchore Enterprise

SBOM-powered SCA platform for container & source code security scanning

Application Security

Codacy Security and Code Quality

Code security and quality platform with SAST, SCA, DAST, and AI code protection

Application Security

cariddi

An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.

Security Operations

Free

Nosey Parker

A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.

Application Security

Free

Secret Bridge

Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.

Attack Surface

Free

detect-secrets

A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.

Application Security

Free

GitGot

A tool for identifying sensitive secrets in public GitHub repositories

Attack Surface

Free

Betterscan

Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.

Application Security

Free

Dufflebag

Dufflebag searches through public AWS EBS snapshots to identify accidentally exposed secrets and sensitive information.

Cloud Security

Free

SecretScanner

SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

Application Security

Free

git-all-secrets

A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.

Application Security

Free

TruffleHog

Find leaked credentials by scanning repositories for high entropy strings.

Application Security

Free