The following is a listing of DevSecOps tool providers, along with a brief description of their offerings.
Bridgecrew by Prisma Cloud automates security from code to cloud. By embedding earlier in the DevOps lifecycle, Bridgecrew enables developers to write secure code without slowing them down. In addition to its DevSecOps tools and integrations, Bridgecrew’s platform gives security teams instant visibility into their security posture across their entire software supply chain. Join Brex, Databricks, and Robinhood in bridging the gap between security and engineering by trying Bridgecrew’s all-in-one DevSecOps platform for free.
Contrast Security secures the code that global business relies on. It is the industry’s most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. The Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides how-to-fix guidance for easy and fast vulnerability remediation. Security and development teams can then collaborate and innovate faster while accelerating digital transformation initiatives.
Sonatype Nexus helps more than 10 million software developers innovate faster while mitigating security risks inherent in open source. Powered by Nexus IQ, the platform combines intelligence with real-time remediation guidance to automate and scale open-source governance across every stage of the modern DevOps pipeline. Nexus IQ enables Nexus Firewall, which stops risky components from entering the development environment. From there, trusted components are stored in Nexus Repository, and can be easily distributed into the development process. Then, Nexus Lifecycle uses Nexus IQ to automatically and continuously identify and remediate, OSS risks in all areas of an environment, including applications in production.
Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. By consolidating all aspects of infrastructure access, Teleport reduces attack surface area, cuts operational overhead, easily enforces compliance and improves engineering productivity. Get started at goteleport.com.
Aqua Security Aqua secures the entire software development lifecycle, including image scanning for known vulnerabilities during the build process, image assurance to enforce policies for production code as it is deployed, and run-time controls for visibility into application activity, allowing organizations to mitigate threats and block attacks in real-time.
Checkmarx provides application security at the speed of DevOps, enabling organizations to deliver secure software faster. It easily integrates with developers’ existing work environments, allowing them to stay in their comfort zone while still addressing secure coding practices.
Chef Automate is a continuous delivery platform that allows developers, operations, and security engineers to collaborate effortlessly on delivering application and infrastructure changes at the speed of business. Chef Automate provides actionable insights into the state of your compliance, configurations, with an auditable history of every change that’s been applied to your environments.
CloudPassage has been a leading innovator in cloud security automation and compliance monitoring for high-performance application development and deployment environments. Its on-demand security solution, Halo, is a workload security automation platform that provides visibility and protection in any combination of data centers, private/public clouds, and containers.
CodeAI is smart automated secure coding application for DevOps that fixes security vulnerabilities in computer source code to prevent hacking. It’s unique user-centric interface provides developers with a list of solutions to review instead of a list of problems to resolve. Teams that use CodeAI will experience a 30%-50% increase in overall development velocity.
CyberArk Conjur is a secrets management solution that secures and manages secrets used by machine identities (including applications, microservices, applications, CI/CD tools and APIs) and users throughout the DevOps pipeline to mitigate risk without impacting velocity. Conjur is the only platform-independent secrets management solution specifically architected for containerized environments and can be deployed at massive scale.
Datical is a database company that allows organizations to deliver error-free application experiences faster. The company’s solutions make database code deployment as simple as application release automation, while still eliminating risks that cause application downtime and data security vulnerabilities. Using Datical to automate database releases means organizations are now able to deliver error-free application experiences faster and safer while focusing resources on the high-value tasks that move the business forward.
IBM provides a set of industry-leading solutions that work with your existing environment. Change is delivered from dev to production with the IBM UrbanCode continuous delivery suite. Changes are tested with Rational Test Workbench, and security tested with IBM AppScan or Application Security on Cloud. IBM helps you build your production safety net with application management, Netcool Operations Insight and IBM QRadar for security intelligence and events.
Imperva WAF protects against the most critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers continually monitor the threat landscape and update Imperva WAF with the latest threat data.
JFrog Xray is a continuous security and universal artifact analysis tool, providing multilayer analysis of containers and software artifacts for vulnerabilities, license compliance, and quality assurance. Deep recursive scanning provides insight into your components graph and shows the impact that any issue has on all your software artifacts.
NoSprawl is security for DevOps. As DevOps matures and finds broader adoption in enterprises, the scope of DevOps must be expanded to include all the teams and stakeholders that contribute to application delivery including security. NoSprawl integrates with software development platforms to check for security vulnerabilities throughout the entire software development lifecycle to deliver verified secure software before it gets into production.
Parasoft: Harden your software with a comprehensive security testing solution, with support for important standards like CERT-C, CWE, and MISRA. To help you understand and prioritize risk, Parasoft’s static analysis violation metadata includes likelihood of exploit, difficulty to exploit/remediate, and inherent risk, so you can focus on what’s most important in your C and C++ code.
Qualys is a leading provider of information security and compliance cloud solutions, with over 10,300 customers globally. It provides enterprises with greater agility, better business outcomes, and substantial cost savings for digital transformation efforts. The Qualys Cloud Platform and apps integrated with it help businesses simplify security operations and automates the auditing, compliance, and protection for IT systems and web applications.
Redgate SQL Provision supports database DevSecOps, keeping compliance central to the process. It enables multiple clones of masked databases to be created in seconds, allowing them to be used safely within the development and test process. Each clone takes up just a few MB of storage and sensitive data can be pseudonymized or replaced with realistic data, ensuring protection and compliance.
Perforce helps thousands of global enterprise customers tackle the hardest and most complex issues in building, connecting, and securing applications. Our Klocwork static code analysis tool helps DevSecOps professionals, from developers to test automation engineers to compliance leaders, create more secure code with on-the-fly security analysis at the desktop and integrated into large-scale continuous integration workflows.
Signal Sciences secures the most important applications, APIs, and microservices of the world’s leading companies. Our next-gen WAF and RASP help you increase security and maintain site reliability without sacrificing velocity, all at the lowest total cost of ownership. Signal Sciences gets developers and operations involved by providing relevant data, helping them triage issues faster with less effort.
Sumo Logic is the leading secure, cloud-native, multi-tenant machine data analytics platform that delivers real-time, continuous intelligence across the entire application lifecycle and stack. Sumo Logic simplifies DevSecOps implementation at the code level, enabling customers to build infrastructure to scale securely and quickly. This approach is required to maintain speed, agility and innovation while simultaneously meeting security regulations while staying alert for malicious cyber threats.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior.
Veracode creates software that fuels modern transformation for companies across the globe. DevSecOps enables the build, test, security and rollout of software quickly and efficiently, providing software that’s more resistant to hacker attacks. Veracode offers a unified platform that enables organizations to implement DevSecOps and address security applications from inception through production.
WhiteHat Security The WhiteHat Application Security Platform is a cloud service that allows organizations to bridge the gap between security and development to deliver secure applications at the speed of business. Its software security solutions work across departments to provide fast turnaround times for Agile environments, near-zero false positives and precise remediation plans while reducing wasted time verifying vulnerabilities, threats and costs for faster deployment.