DevSecOps & Pipeline Security
Tools for integrating security into the development pipeline and DevOps processes.

Bridgecrew
Bridgecrew automates the identification and remediation of misconfigurations in cloud infrastructure, leveraging its open-source tool Checkov for static analysis of IaC templates.

Checkov
Checkov is a static code analysis tool for infrastructure-as-code (IaC) configurations, ensuring security and compliance across various cloud platforms.

Mend.io
Mend.io is a platform that integrates security into the software development lifecycle, focusing on open-source dependencies and codebases.

tfsec
A security scanner for Terraform configurations that identifies potential vulnerabilities through static analysis.

Checkmarx SAST
A static application security testing tool that identifies and mitigates security vulnerabilities early in the software development life cycle.

DefectDojo
A unified DevSecOps platform for managing vulnerabilities and security posture across multiple tools and projects.

Snyk Cloud
Snyk Cloud secures cloud environments by integrating security checks into the development lifecycle, automating scans and continuous monitoring of cloud configurations.

zizmor
A static analysis tool for GitHub Actions that identifies common security issues in CI/CD setups.

Snyk Cloud Security
A platform for securing cloud-native applications and infrastructure by integrating security into the software development lifecycle.

Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Spectral
A DevSecOps tool that integrates security into the software development lifecycle, focusing on secret protection and code security.

KICS
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.