CyberArk delivers the most comprehensive solution for protecting against the exploitation of privileged accounts, credentials and secrets anywhere – on the endpoint and across on-premises, hybrid cloud, and DevOps environments. CyberArk Conjur is a secrets management solution that secures and manages secrets used by machine identities (including applications, microservices, applications, CI/CD tools and APIs) and users throughout the DevOps pipeline to mitigate risk without impacting velocity. Conjur is the only platform-independent secrets management solution specifically architected for containerized environments and can be deployed at massive scale. CyberArk Conjur is also available to developers as an Open Source Community Edition.
Datical is a database company that allows organizations to deliver error-free application experiences faster. The company’s solutions make database code deployment as simple as application release automation, while still eliminating risks that cause application downtime and data security vulnerabilities. Using Datical to automate database releases means organizations are now able to deliver error-free application experiences faster and safer while focusing resources on the high-value tasks that move the business forward.
IBM is recognized by IDC as a leader in DevSecOps. IBM’s approach is to deliver secure DevOps at scale in the cloud, or behind the firewall. IBM provides a set of industry-leading solutions that work with your existing environment. And of course they work fantastically together: Change is delivered from dev to production with the IBM UrbanCode continuous delivery suite. Changes are tested with Rational Test Workbench, and security tested with IBM AppScan or Application Security on Cloud. IBM helps you build your production safety net with application management, Netcool Operations Insight and IBM QRadar for security intelligence and events.
Imperva offers many different solutions to help you secure your applications. Organizations will be able to protect application in the cloud and on-premises with the same set of security policies and management capabilities. Its multiple deployment methods allow teams to meet the specific security and service level requirements for individual applications. Imperva WAF protects against the most critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers continually monitor the threat landscape and update Imperva WAF with the latest threat data.
JFrog Xray is a continuous security and universal artifact analysis tool, providing multilayer analysis of containers and software artifacts for vulnerabilities, license compliance, and quality assurance. Deep recursive scanning provides insight into your components graph and shows the impact that any issue has on all your software artifacts.
Nosprawl is security for DevOps. As DevOps matures and finds broader adoption in enterprises, the scope of DevOps must be expanded to include all the teams and stakeholders that contribute to application delivery including security. NoSprawl integrates with software development platforms to check for security vulnerabilities throughout the entire software development lifecycle to deliver verified secure software before it gets into production.
Parasoft: Harden your software with a comprehensive security testing solution, with support for important standards like CERT-C, CWE, and MISRA. To help you understand and prioritize risk, Parasoft’s static analysis violation metadata includes likelihood of exploit, difficulty to exploit/remediate, and inherent risk, so you can focus on what’s most important in your C and C++ code. In addition to static analysis that detects security vulnerabilities, weak code susceptible to hacking, and helps enforce secure engineering standards in support of Secure-by-Design, Parasoft provides flexible, intelligent dashboards and reports specifically designed for each standard to provide necessary information for reporting and compliance auditing. Configuration, reporting, and remediation are all standards centric – no need to translate vendor IDs to standards IDs.
Qualys is a leading provider of information security and compliance cloud solutions, with over 10,300 customers globally. It provides enterprises with greater agility, better business outcomes, and substantial cost savings for digital transformation efforts. The Qualys Cloud Platform and apps integrated with it help businesses simplify security operations and automates the auditing, compliance, and protection for IT systems and web applications.
Redgate SQL Provision supports database DevSecOps, keeping compliance central to the process. It enables multiple clones of masked databases to be created in seconds, allowing them to be used safely within the development and test process. Each clone takes up just a few MB of storage and sensitive data can be pseudonymized or replaced with realistic data, ensuring protection and compliance. And with a single central management system for provisioning, the entire process is simple, repeatable, transparent, and auditable.