Components that fetch the resources which you need to scan.
Components that scan your resources and produce security alerts.
Generate a Dependency-Check report from source code.
Our powerful portal empowers you to identify and prioritize vulnerabilities, providing you with the tools you need to take proactive measures against potential cyber threats.
Generates scorecards for open source projects to show how they adhere with best practices.
Generate a CycloneDX SBOM from source code.
Research platform for mobile applications in Android, iOS and Windows Mobile.
Secret scanner for repositories.
Generate a Dependency-Track report from source code.
SAST scanner that analyses Python source code to look for security issues.
Dependency scanner for Python projects.
SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.
Generate a FindSecBugs report from source code.
Generate a KICS report from source code.
Analyse Go source code to look for security issues.
Retrieve a GitHub Code Scanning report from a GitHub repository.
Generate a Terraform-Tfsec report from source code.
Generate a Testssl.sh report from a target URL.
Static analysis for JavaScript and TypeScript projects.
DAST scanner that analyses web applications for security issues.
Generate a Trivy report from a Docker image.
Produces findings using Blackduck.
Produces findings using Checkmarx.
Dependency scanner for Golang projects.
Analyse source code using Semgrep to look for security issues.
Dependency scanner for Node.js projects.
Components that enrich your security alerts with more details and turn them into actionable events.
Identifies a code owner for each finding.
Adds context from deps.dev for each third-party dependency.
Adds relevant training resources to findings.
Performs a reachability check on a supplied repository using AppThreat/atom.
Compares multiple inputs and removes duplicates.
Adds knowledge base information (e.g. OWASP Cheat Sheets) to findings.
Enforces security policies defined in OPA for each finding.
Adds information to findings using a language model.
Deduplicates findings from multiple tools.
Adds security standard information to findings using OpenCRE.
Components that consume and display your security alerts.
Pushes findings to an S3 bucket as PDFs.
Pushes findings to a DefectDojo vulnerability management instance.
Pushes findings to a Dependency-Track instance.
Uploads scan results to GitHub Advanced Security.
Prints findings to stdout in JSON format.
Pushes findings to a Slack channel.
Pushes findings to a Jira instance.
Pushes findings to an S3 bucket.
Pushes findings to a BigQuery database.
Pushes findings to an ArangoDB database.
Pushes findings to a MongoDB database.
Pushes findings to an Elasticsearch database.
Log aggregator for Kibana