Tromzo Product Security Operating Platform
Tromzo is an Application Security Posture Management (ASPM) platform that integrates security throughout the software development lifecycle (SDLC). The platform provides several core functionalities: - Software Asset Discovery and Inventory: Creates a comprehensive inventory of software assets including code repositories, dependencies, SBOMs, containers, and microservices. - Risk Assessment and Prioritization: Utilizes an Intelligence Graph to analyze and prioritize vulnerabilities across the software supply chain. - CI/CD Security Integration: Implements security policies and checks within continuous integration and deployment pipelines. - Vulnerability Management Automation: Streamlines the vulnerability remediation process through automated triage, prioritization, and workflow management. - Compliance Management: Helps organizations maintain compliance requirements throughout the software development process. - Security Analytics: Provides metrics and KPIs including SLA compliance, Mean-Time-to-Remediate (MTTR), and customizable reporting dashboards. The platform integrates with various development and security tools including GitHub, GitLab, Jenkins, AWS, Azure, Google Cloud, Jira, and multiple security scanning solutions.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through an interactive testing interface.
An integrated security platform that provides API discovery, runtime protection, security testing, and incident response capabilities for web applications, APIs, and AI systems.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.
Falco is a cloud native runtime security tool for Linux operating systems that detects and alerts on abnormal behavior and potential security threats in real-time.
Automatic authorization enforcement detection extension for Burp Suite
Tracee is a runtime security and observability tool using eBPF technology.
A deliberately vulnerable modern day app with lots of DOM related bugs
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.