Jenkins is the leading open source automation server supported by a large and growing community of developers, testers, designers and other people interested in continuous integration, continuous delivery and modern software delivery practices.
SonarQube is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.
Kiuwan Code Security lets you automatically scan your code to identify and remediate vulnerabilities. Compliant with the most stringent security standards, such as OWASP and CWE, Kiuwan Code Security covers all important languages and integrates with leading DevOps tools.
IriusRisk is a platform that allows you to easily create threat models and Measure, view and respond to application security risk through all of the software development and delivery steps.
WhiteSource helps software development and security teams to better secure and manage the open source components in their products.
Vex has been developed by the engineers with rich understanding of vulnerability testing and the scenario creation methods for accurately detecting vulnerabilities.
Veracode Software Composition Analysis detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes.