DevSecOps & Pipeline Security
Tools for integrating security into the development pipeline and DevOps processes.

Bridgecrew
Bridgecrew automates the identification and remediation of misconfigurations in cloud infrastructure, leveraging its open-source tool Checkov for static analysis of IaC templates.

Checkov
Checkov is a static code analysis tool for infrastructure-as-code (IaC) configurations, ensuring security and compliance across various cloud platforms.

Mend.io
Mend.io is a platform that integrates security into the software development lifecycle, focusing on open-source dependencies and codebases.

tfsec
A security scanner for Terraform configurations that identifies potential vulnerabilities through static analysis.

Snyk Cloud
Snyk Cloud secures cloud environments by integrating security checks into the development lifecycle, automating scans and continuous monitoring of cloud configurations.

DefectDojo
A unified DevSecOps platform for managing vulnerabilities and security posture across multiple tools and projects.

Snyk Cloud Security
A platform for securing cloud-native applications and infrastructure by integrating security into the software development lifecycle.

zizmor
A static analysis tool for GitHub Actions that identifies common security issues in CI/CD setups.

Spectral
A DevSecOps tool that integrates security into the software development lifecycle, focusing on secret protection and code security.

Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Fortify on Demand
A cloud-based application security service that integrates security testing into the DevOps toolchain.

KICS
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.