DevSecOps & Pipeline Security

Tools for integrating security into the development pipeline and DevOps processes.

Tools

Bridgecrew

Bridgecrew

DevSecOps & Pipeline Security

Bridgecrew automates the identification and remediation of misconfigurations in cloud infrastructure, leveraging its open-source tool Checkov for static analysis of IaC templates.

Multi-Cloud
Proprietary
Cloud Service Only
zizmor

zizmor

DevSecOps & Pipeline Security

A static analysis tool for GitHub Actions that identifies common security issues in CI/CD setups.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Mend.io

Mend.io

DevSecOps & Pipeline Security

Mend.io is a platform that integrates security into the software development lifecycle, focusing on open-source dependencies and codebases.

Multi-Cloud
Proprietary
Cloud Service Only
KICS

KICS

DevSecOps & Pipeline Security

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Checkmarx SAST

Checkmarx SAST

DevSecOps & Pipeline Security

A static application security testing tool that identifies and mitigates security vulnerabilities early in the software development life cycle.

Multi-Cloud
Proprietary
Cloud Service Only
DefectDojo

DefectDojo

DevSecOps & Pipeline Security

A unified DevSecOps platform for managing vulnerabilities and security posture across multiple tools and projects.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Snyk Cloud

Snyk Cloud

DevSecOps & Pipeline Security

Snyk Cloud secures cloud environments by integrating security checks into the development lifecycle, automating scans and continuous monitoring of cloud configurations.

Multi-Cloud
Proprietary
Cloud Service Only
Terrascan

Terrascan

Archived
DevSecOps & Pipeline Security

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Snyk Cloud Security

Snyk Cloud Security

DevSecOps & Pipeline Security

A platform for securing cloud-native applications and infrastructure by integrating security into the software development lifecycle.

Multi-Cloud
Proprietary
Cloud Service Only
tfsec

tfsec

DevSecOps & Pipeline Security

A security scanner for Terraform configurations that identifies potential vulnerabilities through static analysis.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Spectral

Spectral

DevSecOps & Pipeline Security

A DevSecOps tool that integrates security into the software development lifecycle, focusing on secret protection and code security.

Multi-Cloud
Proprietary
Cloud Service Only
Checkov

Checkov

DevSecOps & Pipeline Security

Checkov is a static code analysis tool for infrastructure-as-code (IaC) configurations, ensuring security and compliance across various cloud platforms.

Multi-Cloud
Open Source
Self Hosted + Cloud Options