Effective DevSecOps requires AppSec integration at each stage in the software development life cycle, and delivering security risk insight directly into the hands of the people who need it to fix issues, without breaking established workflows.
Black Duck solutions for application security testing and software composition analysis integrate into CI/CD pipelines and DevOps workflows to derive actionable security risk data and automate mechanisms to help you build secure, high-quality software faster.
coverity polaris black duck
polaris coverity black duck seeker
coverity
coverity software risk manager
coverity polaris black duck
coverity
code sight coverity
software risk manager coverity code sight
software risk manager coverity code sight
code sight coverity
coverity code sight
coverity
coverity
code sight coverity
software risk manager coverity code sight
code sight coverity
coverity
black duck
black duck
black duck
coverity black duck
black duck
coverity black duck
coverity
black duck
black duck
coverity black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
black duck
coverity polaris black duck
polaris coverity black duck seeker
black duck
software risk manager black duck
coverity polaris black duck
tinfoil coverity black duck
black duck
coverity black duck
black duck
tinfoil coverity black duck
black duck
software risk manager coverity black duck seeker tinfoil
coverity
black duck
black duck
black duck
black duck
black duck
black duck
black duck
software risk manager coverity seeker
coverity
black duck seeker software risk manager
coverity black duck seeker polaris software risk manager
black duck
black duck software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager coverity
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
coverity
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
black duck coverity
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager
software risk manager coverity
software risk manager
software risk manager
software risk manager
software risk manager coverity
software risk manager
black duck
coverity software risk manager
seeker
black duck
seeker
black duck
seeker
black duck
black duck
black duck seeker
black duck
seeker
Q-mast, by Quokka, is an automated mobile application security testing (MAST) solution that discovers and delivers defense-grade insights into zero-day threats and exploits. The Q-mast integration with Software Risk Manager helps unify visibility and control over Q-mast analysis and results.
Integrates with Software Risk Manager
IriusRisk makes secure design a standardized, scalable practice for all digital teams using their intelligent threat modeling solution. IriusRisk data can be exported and used by Software Risk Manager for greater threat analysis within a single source of truth alongside other security products.
Integrates with Software Risk Manager
Cycode enables organizations to develop secure applications faster, to amplify visibility, and to ensure end-to-end coverage. Cycode's connector with Black Duck SCA enables you to pull vulnerabilities from Black Duck and to correlate them with other AppSec tooling within Cycode. Cycode's connector with Coverity enables you to pull vulnerabilities from Coverity and to correlate them into Cycode's platform. with Coverity data that is searchable via Cycode’s Risk Intelligence Graph (RIG).
Integrates with Black Duck, and Coverity
CoGuard extends static analysis coverage to software, container, IaC, and cloud configurations and their dependencies. Organizations can apply the same robust static analysis processes, commonly applied to code, to infrastructure.
Integrates with Coverity
Botprise is a Gen-AI, no-code automation and remediation platform. Botprise focuses on automation and remediation for SecOps, ITOps, and CloudOps.
Integrates with Seeker
Nucleus is a risk-based vulnerability management solution that automates vulnerability management processes and workflows. Nucleus integrates with Black Duck SCA to give organizations an understanding of their risks from vulnerabilities in third-party dependencies and libraries. Data from Black Duck SCA is aggregated with vulnerability information from across an organization in Nucleus, providing risk-based vulnerability prioritization across all assets.
Integrates with Black Duck
Micro Focus AccuRev is a software configuration management tool that addresses complex parallel and distributed development environments with a stream-based architecture to accelerate development and improve asset reuse.
Integrates with Coverity
Using the Black Duck GitHub Action, users can automate application security tasks in the CI pipeline. This is facilitated by the Black Duck Bridge CLI and simplified, standardized product functions like:
- Perform scans on push and/or pull events, - Add security-related pull request comments, - Upload issues to GitHub Advanced Security, - Create projects and branches on the fly, - Break the build based on policies, - Export SARIF files
For more information and product-specific capabilities, please check out our documentation.,
Integrates with Black Duck, Polaris, and Coverity
Using the Black Duck GitHub Action, users can automate application security tasks in the CI pipeline. This is facilitated by the Black Duck Bridge CLI and simplified, standardized product functions like:
- Perform scans on push and/or pull events, - Add security-related pull request comments, - Upload issues to GitHub Advanced Security, - Create projects and branches on the fly, - Break the build based on policies, - Export SARIF files
For more information and product-specific capabilities, please check out our documentation.,
Integrates with Black Duck, Polaris, and Coverity
Trigger security scans based on code changes, provide actionable developer feedback through annotated pull requests, and fail the pipeline if critical security issues are found.
Integrates with Coverity
Using the Black Duck GitLab Template, users can automate application security tasks in the CI pipeline. This is facilitated by the Black Duck Bridge CLI and simplified, standardized product functions like:
- Perform scans on push and/or pull events, - Add security-related pull request comments, - Create projects on the fly, - Break the build based on policies, - Create SARIF reports for non-MR/PR scans
For more information and product-specific capabilities, please check out our documentation.
Integrates with Polaris, Black Duck, and Coverity
Using the Black Duck GitLab Template, users can automate application security tasks in the CI pipeline. This is facilitated by the Black Duck Bridge CLI and simplified, standardized product functions like:
- Perform scans on push and/or pull events, - Add security-related pull request comments, - Create projects on the fly, - Break the build based on policies, - Create SARIF reports for non-MR/PR scans
For more information and product-specific capabilities, please check out our documentation.
Integrates with Polaris, Black Duck, and Coverity,
Trigger security scans based on code changes, provide actionable developer feedback through annotated pull requests, and fail the pipeline if critical security issues are found.
Integrates with Software Risk Manager, and Coverity
Helix Core version control by Perforce is enterprise-class version control software that tracks and manages changes to all your digital assets.
Integrates with Coverity
Concurrent Versions System (CVS) is a free, client-server-based version control system that records the history of sources files and documents.
Integrates with Coverity
Android Studio by Google provides tools for building apps on every type of Android device.
Integrates with Coverity
PhpStorm by JetBrains is a PHP IDE that provides built-in tools for debugging, testing, and profiling PHP applications.
Integrates with Code Sight, and Coverity
Microsoft Visual Studio enables you to build web, mobile, and native applications for multiple operating systems and devices with C#, C++, Node.js, F#, Python, or Visual Basic.
Integrates with Software Risk Manager, Code Sight, and Coverity
The Eclipse IDE is known as a Java IDE, but also includes variants for C/C++, JavaScript/TypeScript, PHP, and more.
Integrates with Software Risk Manager, Code Sight, and Coverity
PyCharm by JetBrains is a Python IDE that brings all Python tools together in one place.
Integrates with Code Sight, and Coverity
Microsoft Visual Studio Code is a streamlined open source code editor with support for development operations like debugging, task running, and version control.
Integrates with Code Sight, and Coverity
IBM Engineering Workflow Management (formerly Rational Team Concert) is a collaborative software development tool that teams use to manage all aspects of their work.
Integrates with Coverity
The QNX Momentics Tool Suite by Blackberry offers an Eclipse-based IDE and command-line tools that will be familiar to anyone who’s worked with Linux.
Integrates with Coverity
WebStorm by JetBrains is a JavaScript IDE for intelligent code completion, on-the-fly error detection, powerful navigation, and refactoring for JavaScript, TypeScript, stylesheet languages, and other popular frameworks.
Integrates with Code Sight, and Coverity
IntelliJ IDEA by JetBrains is an IDE for JVM that helps maximize developer productivity with intelligent coding assistance and ergonomic design.
Integrates with Software Risk Manager, Code Sight, and Coverity
RubyMine by JetBrains is an IDE that helps Ruby on Rails developers be more productive in every aspect of Ruby/Rails project development.
Integrates with Code Sight, and Coverity
Wind River Workbench is a complete suite of developer tools for software running on Wind River Systems platforms.
Integrates with Coverity
The Bazel build system by Google helps developers build and test software of any size.
Integrates with Black Duck
Apache Maven is an open source software project management and comprehension tool that can manage a project's build, reporting, and documentation from a central piece of information.
Integrates with Black Duck, and Coverity
Pip by the Python Packaging Authority (PyPA) is the open source package installer for Python that installs packages from the Python Package Index and other indexes.
Integrates with Black Duck
Yarn is an open source package manager that also functions as a project manager.
Integrates with Black Duck, and Coverity
Bower manages web site components including frameworks, libraries, assets, and utilities.
Integrates with Coverity
Comprehensive Perl Archive Network (CPAN) is a large collection of Perl software and documentation.
Integrates with Black Duck
The open source npm registry is the center of JavaScript code-sharing and the largest software registry in the world.
Integrates with Black Duck, and Coverity
The Yocto Project (YP) is a Linux Foundation collaborative open source project that creates custom Linux distributions.
Integrates with Black Duck
Conan by JFrog is an open source, decentralized, and multiplatform package manager used to create and share native binaries.
Integrates with Black Duck
Gogradle is an open source Gradle plugin that provides modern build support for Golang.
Integrates with Black Duck
Rebar3 is an Erlang tool that makes it easy to create, develop, and release Erlang libraries, applications, and systems in a repeatable manner.
Integrates with Black Duck
CocoaPods is an open source dependency manager for Swift and Objective-C Cocoa projects.
Integrates with Black Duck
Conda is an open source package management system and environment management system that runs on Windows, macOS, and Linux.
Integrates with Black Duck
Lerna is an open source tool for managing JavaScript projects with multiple packages.
Integrates with Black Duck
Packrat by Rstudio is an open source dependency management system for the R programming language.
Integrates with Black Duck
Amazon Web Services (AWS) CodeBuild is a fully managed, continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Integrates with Black Duck
CircleCI by Circle Internet Services automates your development process with continuous integration in its cloud or on your own infrastructure.
Integrates with Black Duck
Trigger security scans based on code changes, provide actionable developer feedback through GitHub code scanning or annotated pull requests, and fail the pipeline if critical security issues are found.
Integrates with Black Duck, and Coverity
sbt is an open source software build tool for building, testing, and deploying Scala and Java projects.
Integrates with Black Duck
Trigger security scans based on code changes, provide actionable developer feedback through annotated pull requests, and fail the pipeline if critical security issues are found.
Integrates with Black Duck, Coverity, and Seeker
Using the Black Duck Security Scan Extension for Azure DevOps, users can automate application security tasks in the CI pipeline. This is facilitated by the Black Duck Bridge CLI and simplified, standardized product functions like:
- Perform scans on push and/or pull events, - Add security-related pull request comments, - Create projects and project versions on the fly, - Break the build based on policies, - Configure sensitive data, - Create SARIF reports for non-MR/PR scans
For more information and product-specific capabilities, please check out our documentation.
Integrates with Polaris, Black Duck, Coverity, and Seeker
Using the Black Duck Security Scan Extension for Azure DevOps, users can automate application security tasks in the CI pipeline. This is facilitated by the Black Duck Bridge CLI and simplified, standardized product functions like:
- Perform scans on push and/or pull events, - Add security-related pull request comments, - Create projects and project versions on the fly, - Break the build based on policies, - Configure sensitive data, - Create SARIF reports for non-MR/PR scans
For more information and product-specific capabilities, please check out our documentation.
Integrates with Polaris, Black Duck, Coverity, and Seeker
CloudBees Software Delivery Automation is a centralized solution that manages Jenkins Controllers, providing scalable security, compliance, and efficiency of Jenkins in enterprises.
Integrates with Black Duck
Trigger security scans based on code changes, provide actionable developer feedback in the GitLab security center or annotated pull requests, and fail the pipeline if critical security issues are found.
Integrates with Black Duck
TeamCity by JetBrains is a general-purpose CI/CD solution that allows flexibility for many types of workflows and development practices.
Integrates with Black Duck, and Software Risk Manager
Trigger security scans based on code changes, provide actionable developer feedback through annotated pull requests, and fail the pipeline if critical security issues are found.
Integrates with Black Duck, and Software Risk Manager
CodeShip by CloudBees is a software-as-a-service (SaaS) solution that empowers engineering teams to implement and optimize CI and CD in the cloud.
Integrates with Black Duck
Gradle is a build automation tool that helps teams build, automate, and deliver better software faster.
Integrates with Black Duck, and Coverity
Travis CI is a continuous integration platform that enables teams to test and ship applications with confidence.
Integrates with Black Duck
Bamboo by Atlassian for continuous integration, deployment, and delivery ties automated builds, tests, and releases together in a single workflow.
Integrates with Black Duck, and Software Risk Manager
Concourse by VMware is an open source CI/CD platform that is flexible and can be used for many kinds of automation.
Integrates with Black Duck
Run security scan as part of your CI/CD pipeline and prevent security issues from escaping to production.
Integrates with Black Duck, Software Risk Manager, Coverity, and Seeker
Wind River Studio is a cloud-native platform for the development, deployment, operations, and servicing of mission-critical intelligent edge systems that require security, safety, and reliability.
Integrates with Coverity
Amazon Elastic Container Registry (ECR) is a fully managed container registry that stores, manages, shares, and deploys your container images and artifacts anywhere.
Integrates with Black Duck
The Google Container Registry is a single place to manage Docker images, perform vulnerability analysis, and decide who can access what with fine-grained access control.
Integrates with Black Duck
Artifactory by JFrog is a repository manager that fully supports packages, container images, and Helm charts as they move across the entire DevOps pipeline.
Integrates with Black Duck
The Nexus Repository by Sonatype enables you to manage binaries and build artifacts across your software supply chain.
Integrates with Black Duck
The Azure Container Registry by Microsoft enables you to build, store, secure, scan, replicate, and manage container images and artifacts with a fully managed, geo-replicated instance of OCI distribution.
Integrates with Black Duck
The Docker Registry is a stateless, highly scalable, server-side application that stores and lets you distribute Docker images.
Integrates with Black Duck
Manage Black Duck security findings from within Azure Boards, and provide developers with actionable remediation giudance.
Integrates with Black Duck
Secure Code Warrior® is an integrated platform that provides secure coding training and tools that helps shift developer focus from vulnerability reaction to prevention.
Integrates with Software Risk Manager, Coverity, and Seeker
Slack is a channel-based messaging platform that enables teams to work together more effectively while connecting all their software tools and services.
Integrates with Software Risk Manager, Seeker, and Black Duck
Bugzilla is server software designed to help you manage software development.
Integrates with Coverity
Software Package Data Exchange (SPDX) by the Linux Foundation reduces redundant work by providing a common format for companies and communities to share important data, streamlining and improving compliance.
Integrates with Black Duck
Manage Black Duck security findings from within Jira, and provide developers with actionable remediation guidance.
Integrates with Software Risk Manager, Black Duck, Coverity, and Seeker
Microsoft Teams enables you to meet, chat, call, and collaborate in one place.
Integrates with Software Risk Manager, and Black Duck
Acunetix by Invicti Security is an automated web application security testing tool that audits web applications by checking for exploitable vulnerabilities.
Integrates with Software Risk Manager,
The Aqua Cloud Native Security Platform (CNAPP) protects your entire stack, on any cloud, across virtual machines (VMs), containers, and serverless.
Integrates with Software Risk Manager
Checkmarx Interactive Application Security Testing (CxIAST) automates the detection of runtime vulnerabilities during functional testing.
Integrates with Software Risk Manager
The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.
Integrates with Software Risk Manager
Contrast Assess is an interactive application security testing solution that infuses software with vulnerability assessment capabilities so that security flaws are automatically identified.
Integrates with Software Risk Manager
Errcheck is an open source program that searches for unchecked errors in Go programs.
Integrates with Software Risk Manager
Fortify Software Security Center by CyberRes, a Micro Focus line of business, is a suite of tightly integrated solutions that fix and prevent security vulnerabilities in applications.
Integrates with Software Risk Manager
Gendarme by Mono (sponsored by Microsoft) is an open source, extensible, rule-based tool that finds problems in .NET applications and libraries.
Integrates with Software Risk Manager
HCL AppScan delivers scalable application security testing and risk management capabilities to help enterprises manage risk and compliance.
Integrates with Software Risk Manager
JSHint is an open source static analysis tool that detects errors and potential problems in JavaScript code.
Integrates with Software Risk Manager, and Coverity
Netsparker by Invicti is an automated, fully configurable web application security scanner that enables you to scan websites, web applications, and web services for security flaws.
Integrates with Software Risk Manager
NowSecure INTEL provides third-party mobile app vetting to assess the security of any app on the Apple App Store or Google Play Store, to help you determine whether to allow the app within your environment.
Integrates with Software Risk Manager
Parasoft C/C++test is a unified, fully integrated testing solution for C/C++ software development.
Integrates with Software Risk Manager
PHP_CodeSniffer is an open source tool for finding violations of PHP coding standards.
Integrates with Software Risk Manager
Qualys Vulnerability Management (VM) provides global visibility into where IT assets are vulnerable and how to protect them.
Integrates with Software Risk Manager
Scalastyle is an open source Scala-style checker that examines Scala code and indicates potential problems with it.
Integrates with Software Risk Manager
Snyk Container is a vulnerability management tool for container and Kubernetes security to help developers find and fix vulnerabilities in cloud-native applications.
Integrates with Software Risk Manager
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.
Integrates with Software Risk Manager
DefenseCode ThunderScan is a static application security testing (SAST) solution that performs deep and extensive security analysis of application source code.
Integrates with Software Risk Manager
Veracode Software Composition Analysis (SCA) detects open source vulnerabilities to manage open source risk.
Integrates with Software Risk Manager
Visual Studio Code Analysis is the Microsoft Visual Studio built-in static source code analyzer for .NET and C++.
Integrates with Software Risk Manager, and Coverity
Anchore Enterprise is a complete container security workflow solution.
Integrates with Software Risk Manager
Arachni is an open source web application security scanner framework that creates automated security reports for your website as it evolves.
Integrates with Software Risk Manager
Checkmarx Software Composition Analysis (CxSCA) provides accurate, relevant, and actionable open source risk insight.
Integrates with Software Risk Manager
Code Cracker is an open source analyzer library for C# and Visual Basic that uses Roslyn to produce refactorings, code analysis, and more.
Integrates with Software Risk Manager
Cppcheck is an open source static analysis tool for the C and C++ programming languages.
Integrates with Software Risk Manager
Error Prone is an open source static analysis tool for Java that can help find potential issues within the Android codebase.
Integrates with Software Risk Manager
Fortify Static Code Analyzer by CyberRes, a Micro Focus line of business, is a static application security testing tool that enables developers to find and fix security defects in real time during the coding process.
Integrates with Software Risk Manager
Gocyclo calculates cyclomatic complexities of functions in Go source code.
Integrates with Software Risk Manager
The Microsoft Threat Modeling Tool makes threat modeling easier for all developers through a standard notation for visualizing system components, data flows, and security boundaries.
Integrates with Software Risk Manager
Nexus Lifecycle by Sonatype is a software composition analysis tool that continuously monitors and identifies potential issues and uses your policies to automatically fix them for you.
Integrates with Software Risk Manager
NowSecure Workstation is a preconfigured hardware and software kit that compresses mobile app vulnerability assessment down to hours and enables repeatable, standards-based testing with pre-formatted reporting.
Integrates with Software Risk Manager
Parasoft dotTEST is a C# and .NET static analysis tool that verifies C# and VB.NET code quality and checks compliance with industry and security standards.
Integrates with Software Risk Manager
The phpcs-security-audit analyzer is a set of PHP_CodeSniffer rules for finding security vulnerabilities and weaknesses in PHP code.
Integrates with Software Risk Manager
Qualys Web Application Scanning (WAS) is a robust cloud solution for continuous web app discovery and detection of vulnerabilities and misconfigurations.
Integrates with Software Risk Manager
SD Elements by Security Compass provides tailored security requirements, design advice, secure coding standards, and step-by-step testing instructions on how to build secure applications from the ground up.
Integrates with Software Risk Manager
Snyk Open Source automatically detects vulnerabilities and accelerates fixing them throughout your development process.
Integrates with Software Risk Manager
Staticcheck is an open source linter for the Go programming language that uses static analysis to finds bugs and performance issues, offers simplifications, and enforces style rules.
Integrates with Software Risk Manager
Trustwave App Scanner automates the process of finding security vulnerabilities in web applications and services.
Integrates with Software Risk Manager
Veracode Static Analysis provides fast, automated feedback to developers in the IDE and CI/CD pipeline, conducts a full policy scan before deployment, and gives clear guidance on how to find, prioritize, and fix issues fast.
Integrates with Software Risk Manager
WhiteSource software composition analysis (SCA) for security and license automates open source management workflows.
Integrates with Software Risk Manager
The Android Studio Lint tool by Google scans Android project sources for potential bugs.
Integrates with Software Risk Manager
Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications that statically analyzes Rails application code to find security issues at any stage of development.
Integrates with Software Risk Manager
Checkmarx Static Application Security Testing (CxSAST) is a static analysis solution that identifies security vulnerabilities in custom code.
Integrates with Software Risk Manager
CodePeer by AdaCore is an Ada source code analyzer that detects runtime and logic errors and assesses potential bugs before program execution.
Integrates with Software Risk Manager
Deepfactor enables engineering teams to quickly discover and resolve security vulnerabilities, software supply chain risks, and compliance violations early in development and testing.
Integrates with Black Duck
OWASP Dependency-Check is an open source software composition analysis (SCA) tool that detects publicly disclosed vulnerabilities within a project's dependencies.
Integrates with Software Risk Manager
ESLint is an open source static analysis tool that identifies problematic patterns in JavaScript code.
Integrates with Software Risk Manager
Fortify WebInspect is an automated and configurable web application security testing tool that mimics real-world hacking techniques and attacks.
Integrates with Software Risk Manager
JFrog Xray is a universal impact analysis product that enhances artifact security, container security, and open source software license compliance across your DevSecOps pipeline.
Integrates with Software Risk Manager
Mobile Secure by Data Theorem is a continuous automated security service that finds vulnerabilities and data privacy issues within mobile (iOS and Android) applications.
Integrates with Software Risk Manager
Nmap (Network Mapper) is a free and open source license security scanner utility for network discovery and security auditing.
Integrates with Software Risk Manager
OCLint is an open source static analysis tool for improving quality and reducing defects by inspecting C, C++, and Objective-C code for potential problems.
Integrates with Software Risk Manager
Parasoft Jtest is an integrated Java testing tool for application software development.
Integrates with Software Risk Manager
Prisma Cloud by Palo Alto Networks is a cloud-native security platform that secures infrastructure, applications, data, and entitlements across hybrid and multicloud environments.
Integrates with Software Risk Manager
Retire.js helps you detect the use of JavaScript library versions with known vulnerabilities.
Integrates with Software Risk Manager
Security Code Scan (SCS) is an open source static code analyzer for .NET.
Integrates with Software Risk Manager
Snyk Open Source License Compliance Management helps you maintain a rapid development pace while remaining compliant with the open source software licenses in your projects.
Integrates with Software Risk Manager
Tenable.io container security provides visibility into the security of container images, identifying vulnerabilities, malware, and policy violations through integration with the build process.
Integrates with Software Risk Manager
Veracode Dynamic Analysis scans web applications, finds exploitable vulnerabilities, and addresses issues immediately.
Integrates with Software Risk Manager
Vet examines Go source code and reports suspicious constructs.
Integrates with Software Risk Manager
AppSpider by Rapid7 is a dynamic application security testing solution that enables you to scan web and mobile applications for vulnerabilities.
Integrates with Software Risk Manager
Burp Suite by PortSwigger is a set of tools used to penetration test web applications.
Integrates with Software Risk Manager
Checkstyle is an open source static analysis tool that checks if Java source code is compliant with specified coding rules.
Integrates with Software Risk Manager
CodeSonar by GrammaTech is a static analysis tool used to find and fix bugs and security vulnerabilities in source and binary code.
Integrates with Software Risk Manager
OWASP Dependency-Track is an intelligent component analysis platform that enables you to identify and reduce risk in the software supply chain.
Integrates with Software Risk Manager
OWASP Find Security Bugs is a SpotBugs plugin for security audits of Java web and Android applications.
Integrates with Software Risk Manager
GDS PMD Secure Coding Ruleset is a set of custom rules for the PMD static analyzer that finds security weaknesses.
Integrates with Software Risk Manager
Gosec is a Golang security checker static analysis tool that inspects source code for security problems by scanning the Go AST.
Integrates with Software Risk Manager
Jlint checks Java code for bugs, inconsistencies, and synchronization problems by performing data flow analysis and building the lock graph.
Integrates with Software Risk Manager
Nessus is a vulnerability assessment solution that scans network computers for vulnerabilities.
Integrates with Software Risk Manager
NowSecure Auto makes it easy to integrate security testing into your mobile software development life cycle by automating the static, dynamic, and interactive analysis of your Android and iOS apps.
Integrates with Software Risk Manager
OWASP Zed Attack Proxy (ZAP) is an open source web application security scanner.
Integrates with Software Risk Manager
PHP Mess Detector (PHPMD) looks for potential quality problems within a given PHP source codebase.
Integrates with Software Risk Manager
Pylint is a source code, bug, and quality checker for the Python programming language.
Integrates with Software Risk Manager
SafeSQL is an open source static analysis tool for Go that protects against SQL injections.
Integrates with Software Risk Manager
Sentinel by NTT Security AppSec Solutions (formerly WhiteHat Security) is a software-as-a-service platform that enables businesses to deploy a scalable application security program across the entire software development life cycle.
Integrates with Software Risk Manager
SpotBugs is an open source program that uses static analysis to look for bugs in Java code.
Integrates with Software Risk Manager, and Coverity
Tenable.sc consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture.
Integrates with Software Risk Manager
Veracode Manual Penetration Testing (MPT) combines the skills of penetration testers with automated security testing scan results to reduce application risk, meet compliance requirements, and help teams understand and report on security posture.
Integrates with Software Risk Manager
Vex vulnerability explorer is a web application security scanner.
Integrates with Software Risk Manager
Brinqa is a unified risk management tool that enables stakeholders, governance organizations, and infrastructure and security teams to manage technology risk effectively.
Integrates with Black Duck, and Coverity
ZeroNorth brings security, DevOps, and business teams together to improve application security performance and reduce organizational risk.
Integrates with Black Duck, and Coverity
Kenna Security, part of Cisco, is modern, risk-based vulnerability management software.
Integrates with Black Duck, and Coverity
SonarQube by SonarSource is a vulnerability management tool for code quality and security.
Integrates with Software Risk Manager, and Coverity
ThreadFix by the Denim Group provides a comprehensive risk view from applications and their supporting infrastructure.
Integrates with Black Duck, and Coverity
The Amazon Web Services (AWS) cloud computing platform provides the flexibility to launch applications regardless of use case or industry.
Integrates with Seeker
Kubernetes (K8s) open source container-orchestration system that provides automated container deployment, scaling, and management.
Integrates with Black Duck
Cloud Foundry by the Cloud Native Computing Foundation (CNCF) provides a model for cloud-native application delivery on top of Kubernetes.
Integrates with Seeker
Microsoft Azure is a cloud platform that helps you build, run, and manage applications across multiple clouds, on premises, hybrid, or at the edge, with the tools and frameworks of your choice.
Integrates with Black Duck
Google Cloud is a suite of cloud computing services, including data management, hybrid and multicloud, and AI and ML, that consist of physical assets and virtual resources contained in Google data centers.
Integrates with Black Duck
Red Hat OpenShift is a hybrid cloud platform that works anywhere, so you can build anything.
Integrates with Black Duck, and Seeker
IBM Cloud Pak for Applications is an enterprise-ready, containerized software solution for modernizing existing applications and developing new cloud-native apps that run on Red Hat OpenShift.
Integrates with Black Duck
VMware Tanzu is a suite of products and solutions that enables you to build, run, and manage Kubernetes-controlled, container-based applications.
Integrates with Seeker