Integrations

Snyk is a developer-first security company that helps organizations use open source and stay secure.  Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images.
Rapid7 InsightVM combines complete ecosystem visibility, an unparalleled understanding of the attacker mindset, and the agility of SecOps so you can act before impact.
Qualys Cloud Platform gives you a continuous, always-on assessment of your global security and compliance posture, with 2-second visibility across all your IT assets, wherever they reside.

Jenkins is the leading open source automation server supported by a large and growing community of developers, testers, designers and other people interested in continuous integration, continuous delivery and modern software delivery practices.

SonarQube is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.

Kiuwan Code Security lets you automatically scan your code to identify and remediate vulnerabilities. Compliant with the most stringent security standards, such as OWASP and CWE, Kiuwan Code Security covers all important languages and integrates with leading DevOps tools.

IriusRisk is a platform that allows you to easily create threat models and Measure, view and respond to application security risk through all of the software development and delivery steps.  

Coverity® identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix.

WhiteSource helps software development and security teams to better secure and manage the open source components in their products.

SD Elements product features include light-weight automated threat modeling, application security requirements checklists, and continuous integration.

Vex has been developed by the engineers with rich understanding of vulnerability testing and the scenario creation methods for accurately detecting vulnerabilities.

Veracode Software Composition Analysis detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes.