Unify Your Security Tools

Acunetix Scan is a vulnerability scanner specifically designed to detect vulnerabilities in web applications. The tool scans for a wide range of vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), and Local File Inclusion (LFI), among others.

An extension of the Acunetix Scan, the Acunetix 360 is a more comprehensive solution offering full visibility of your web security posture and ensures web and mobile app security integrating with your development environment.

An open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore engine is core to many Anchore deployments, used to analyze and scan Docker and OCI container images for security vulnerabilities and policy issues.

A part of Anchore Enterprise suite, it is designed to bring a policy-based compliance check to ensure your containers meet your organizational requirements. It allows the definition and enforcement of custom policies for CI/CD pipelines.

Grype is Anchore's fast and lightweight OS package and library vulnerability scanner for containers and filesystems.

AnchoreCTL is a command-line tool that leverages Anchore Engine to conduct vulnerability scans, generate policy evaluations, and other Anchore operations. Policies Report generates a detailed report on the policies applied during the analysis.

Similar to the Policies Report, but focuses on generating reports that provide detailed information on any vulnerabilities found during the scanning process by AnchoreCTL.

This is essentially the same as the AppSpider Scan, provided by Rapid7, a company renowned for offering various security solutions including vulnerability management.

AppSpider is a web application security scanning tool. It dynamically assesses apps to identify vulnerabilities, provides reports, and offers remediation guidance. It is suitable for identifying a wide range of vulnerabilities.

A security solution that specializes in container security, providing comprehensive vulnerability scanning and policy enforcement to ensure continuous security and compliance of containerized applications.

An open-source web application security scanner which identifies and mitigates vulnerabilities, enhancing the security of web applications.a

A JavaScript/Node.js tool that leverages the Sonatype OSS Index to identify known vulnerabilities in your JavaScript & Node.js applications, helping developers secure their applications effectively.

An open-source tool that helps you secure AWS environments following best practices defined in the AWS Well-Architected Framework, and other standards, by performing extensive configuration and security checks.

An updated version of AWS Prowler Scan, providing enhanced features and updated security checks to help maintain the security posture of AWS environments.

A centralized service that consolidates findings from various AWS services and third-party products to help you analyze and identify security findings in your AWS environment.

A tool from Microsoft Azure which provides unified security management and advanced threat protection, helping users to adhere to recommended best practices and secure their Azure environments.

A tool designed to find common security issues in Python code. By statically analyzing the source code, it helps developers identify security weaknesses and vulnerabilities in Python applications.

Bearer CLI is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks.

Black Duck® Binary Analysis gives you visibility into open source and third-party dependencies that have been compiled into executables, libraries, containers, and firmware. You can analyze individual files using an intuitive user interface or Black Duck multifactor open source detection, which automates the scanning of binary artifacts.

An interface that allows for integration with the BlackDuck software, which is used to secure and manage open source software in applications and containers, automating the process of identifying and mitigating open source security, license compliance and operational risks.

A tool within the BlackDuck software suite that is utilized for identifying and managing risks associated with the components used in your software applications, helping to pinpoint and mitigate security, license, and operational risks.

A scanning tool from the BlackDuck suite that helps in identifying the open-source components in your software and highlights any associated risks, including potential security vulnerabilities and license compliance issues.

A static analysis tool that scans Ruby on Rails applications for security vulnerabilities, helping developers to secure their Ruby applications by identifying a wide range of security issues.

A functionality that allows for the integration with Bugcrowd's crowdsourced security platform through its API, facilitating the import of data such as vulnerability reports to help manage and streamline security processes.

A tool leveraging Bugcrowd's security platform to scan applications and software for potential vulnerabilities, leveraging the power of the crowd to identify and report on security issues.

A patch-level verification tool for Ruby Bundler that helps in scanning Gemfile.lock files for known security vulnerabilities, helping developers maintain secure dependencies.

Dastardly is a free, lightweight web application security scanner for your CI/CD pipeline.

A tool from PortSwigger, designed to automate the process of scanning web applications for vulnerabilities, allowing for continuous monitoring and reporting to help secure web applications efficiently.

A part of the Burp Suite, it allows for scanning and testing of GraphQL APIs to identify potential vulnerabilities and security issues, helping to secure applications that are utilizing GraphQL technology.

An extension of the Burp Suite, enabling integration with the REST API to facilitate automated scanning processes and other functionalities, allowing for a more streamlined approach to web application security.

A tool part of the Burp Suite used for scanning web applications for security vulnerabilities. It works by performing automatic and manual testing of the web applications to identify potential security issues.

A Rust language tool that leverages Cargo, Rust's package manager, to audit Rust projects for known vulnerabilities reported in the RustSec advisory database, helping developers maintain secure and vulnerability-free Rust applications.

Stands for Open Source Analysis; it is a tool that allows organizations to manage the risk associated with the use of open-source components in software, helping in identifying and mitigating potential security and license compliance issues.

An extended functionality of the Checkmarx Scan that provides a detailed report on the vulnerabilities identified, helping teams to get a deeper understanding of the security issues in their code.

An open-source tool for infrastructure as code (IaC) static code analysis that scans cloud infrastructure configured using Terraform, CloudFormation, Kubernetes, and other frameworks for security misconfigurations and compliance violations.

A combination of Clair, an open-source vulnerability scanner for containers, and Klar, a CLI tool that integrates with Clair for vulnerability analyses, providing a detailed report on potential security issues in Docker containers.

An open-source project that performs static analyses of container images to identify security vulnerabilities and other issues, helping organizations maintain secure container environments.

An open-source tool that performs static code analysis on AWS, Azure, and GCP infrastructures to identify security misconfigurations and compliance violations, helping in securing cloud environments effectively.

An open-source tool suite that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities, helping in maintaining a secure codebase by managing the vulnerabilities effectively.

A component of the NeuVector container security platform that focuses on ensuring compliance with various regulatory and security standards, helping organizations to maintain compliant container environments.

A REST API provided by the NeuVector container security platform that allows for integration with other systems and automation of security tasks, aiding in the streamlined management of container security.

A vulnerability management solution from Rapid7 that scans networks to identify vulnerabilities and compliance issues, offering detailed reports and remediation advice to help organizations strengthen their security posture.

An open-source web server scanner that performs comprehensive tests against web servers to identify security vulnerabilities and configuration issues, assisting in securing web servers against potential attacks.

A versatile open-source network scanner used for network discovery and security auditing, helping administrators and security professionals to identify open ports, running services, and other information about networked systems.

A security scanning solution that focuses on identifying vulnerabilities in Node.js applications, helping developers to maintain secure JavaScript and Node.js codebases.

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing.

A command-line utility from npm, Inc. that analyzes Node.js project dependencies to identify known vulnerabilities, helping developers to maintain secure and up-to-date project dependencies.

An open-source scanner that helps in vulnerability identification using customizable templates, allowing security researchers and penetration testers to identify known vulnerabilities efficiently and at scale.

A tool leveraging OpenSCAP library, used for scanning hosts to identify vulnerabilities based on known CVEs and configuration issues, aiding organizations in maintaining secure and compliant environments.

A report format utilized by the OpenVAS vulnerability scanning software, where the scan results and details of the identified vulnerabilities are exported as a CSV file, facilitating easier data analysis and reporting.

A report format utilized by the OpenVAS vulnerability scanning software, where the scan results and details of the identified vulnerabilities are exported as a XML file, facilitating easier data analysis and reporting.

An import functionality of the OSS Review Toolkit (ORT) that enables the incorporation of evaluated models — representing a concluded open source compliance review process, into the ORT environment, helping in the management of open source compliance.An import functionality of the OSS Review Toolkit (ORT) that enables the incorporation of evaluated models — representing a concluded open source compliance review process, into the ORT environment, helping in the management of open source compliance.

A tool that allows for the importation of software composition analysis (SCA) scans conducted using the DevAudit tool against the OSS Index vulnerability database, aiding in the identification and management of open-source vulnerabilities.

Use OSV-Scanner to find existing vulnerabilities affecting your project’s dependencies.

A vulnerability assessment tool by Outpost24 that scans networks, applications, and devices to identify security vulnerabilities and provide remediation advice, helping organizations to improve their security posture.

An auditing tool designed to analyze PHP applications for security vulnerabilities, using a set of predefined rules to identify potential security risks and help maintain secure PHP codebases.

A security checker tool for PHP Symfony applications, which scans the project dependencies for known vulnerabilities, aiding developers in maintaining secure and compliant Symfony projects.

A tool that scans Python environments and analyzes installed packages against known vulnerability databases to identify security issues, helping Python developers to maintain secure code by managing vulnerable dependencies.

A source code analyzer for Java, JavaScript, Salesforce.com Apex, PL/SQL, XML, XSL and others, used to detect coding issues, potential bugs, and other discrepancies in code bases, encouraging the maintenance of high-quality code.

A utility tool for scanning Kubernetes clusters to identify potential issues and unused resources, promoting best practices and helping system administrators maintain efficient and secure Kubernetes environments.

This parser imports the Progpilot SAST JSON output.

A Static Application Security Testing (SAST) tool by PWN which analyzes source code to identify security vulnerabilities early in the development process, helping to maintain secure applications.

A comprehensive vulnerability management scanning solution by Qualys that helps organizations identify, assess, and manage vulnerabilities in their network environments, promoting a secure and compliant infrastructure.

A web application security scanning solution by Qualys that identifies vulnerabilities and security issues in web applications, providing insights and recommendations to secure web applications effectively.

Red Hat® Satellite is an infrastructure management product specifically designed to keep Red Hat Enterprise Linux® environments and other Red Hat infrastructure running efficiently, with security, and compliant with various standards.

A scanner tool that identifies JavaScript files with known vulnerabilities in your web applications, utilizing a database of known vulnerabilities from Retire.js repository, assisting developers in maintaining secure JavaScript applications.

A tool that facilitates the importation of vulnerability data and other security findings from the Risk Recon platform through its API, aiding organizations in integrating Risk Recon insights into their vulnerability management processes.

A Ruby static code analyzer based on the community Ruby style guide, aiding Ruby developers in maintaining clean and idiomatic Ruby code by identifying and optionally fixing style issues and bugs in Ruby programs.

A security scanning tool that identifies secrets and credentials in codebases, leveraging various scanning techniques to help organizations find and mitigate potential security risks arising from hardcoded secrets in their applications.

A standardized format for the interchange of static analysis results, facilitating the integration of various static analysis tools into a wide range of development and security platforms, promoting interoperable and scalable static analysis workflows.

A security scanning solution by Scantist that identifies vulnerabilities in open-source components used in software development projects, helping organizations manage open-source risks and maintain secure software supply chains.

A multi-cloud security-auditing tool that scans cloud infrastructure and identifies security misconfigurations, helping organizations maintain secure and compliant cloud environments.

A report generated by Semgrep, a customizable, open-source code scanning tool, that outlines the findings in a JSON format, facilitating integration with other tools and in-depth analysis of the scan results.

An open-source security knowledge base including Security Knowledge Framework (SKF) which is an open-source web application that helps you learn and integrate security by design in your web application.

Snyk output file (snyk test --json > snyk.json) can be imported in JSON format.

A tool that identifies and fixes vulnerabilities and license violations in open-source dependencies and container images, helping to secure the application and its open-source components.

A static application security testing (SAST) tool that identifies vulnerabilities in the source code of applications, supporting a wide range of programming languages, and helping to secure applications from the development phase.

A static code analysis solution that detects bugs, vulnerabilities, and code smells in source code, helping development teams to maintain high code quality and secure applications.

An extended feature of the SonarQube scan that provides detailed reports on the source code analysis, offering in-depth insights and facilitating a comprehensive understanding of the codebase’s health.

A security solution that scans applications to identify open-source risk, policy violations, and security vulnerabilities, helping organizations maintain secure applications by managing risks associated with open-source components.

A static code analysis tool used to identify bugs in Java code, helping developers maintain high-quality code by finding and fixing bugs early in the development process.

ssh-audit is a tool for ssh server & client configuration auditing.

A suite of tools and services by SSL Labs that analyses the configuration of SSL web servers and identifies weaknesses, promoting secure server configurations.

A tool that identifies SSL/TLS versions and cipher suites supported by a server, helping in the configuration review and security assessment of SSL-enabled services.

A Python tool that scans SSL/TLS services to identify misconfigurations and vulnerabilities, providing detailed reports to help maintain secure SSL/TLS configurations.

A feature in SSLyze that outputs the scan results in JSON format, facilitating integration with other tools and automated analysis of SSL/TLS configurations.

A dynamic application security testing (DAST) tool by StackHawk that scans running applications and APIs to identify security issues, assisting in maintaining secure web applications.

Sysdig Secure is part of Sysdig’s container intelligence platform. Sysdig provides a unified platform to deliver security, monitoring, and forensics in a cloud, container and microservices-friendly architecture integrated with Docker and Kubernetes.

A tool that identifies potential secrets in the code before it is pushed to the repository, helping to prevent secret leakage and maintain secure codebases.

A vulnerability management solution that identifies vulnerabilities in networks and applications, providing detailed reports to help organizations maintain a secure and compliant environment.

A vulnerability management solution that identifies vulnerabilities in networks and applications, providing detailed reports to help organizations maintain a secure and compliant environment.

A static code analysis tool that scans Infrastructure as Code (IaC) to identify security misconfigurations and compliance violations, promoting secure and compliant infrastructure code.

A free tool that checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and more.

A static analysis tool that scans Terraform templates to identify security issues, helping to maintain secure and compliant Terraform configurations.

Threagile enables teams to execute Agile Threat Modeling as seamless as possible, even highly-integrated into DevSecOps environments.

A component of Trivy vulnerability scanner designed for use in Kubernetes environments, facilitating automated scanning of container images and helping to maintain secure Kubernetes deployments.

A simple and comprehensive vulnerability scanner for containers and other artifacts, designed to scan for vulnerabilities in various file systems and application dependencies.A simple and comprehensive vulnerability scanner for containers and other artifacts, designed to scan for vulnerabilities in various file systems and application dependencies.

A Python tool that searches through git repositories for high entropy strings, which often indicate secret keys, helping to prevent secrets leakage in codebases.

An iteration of the Trufflehog scanner with additional features and improvements, offering enhanced performance in identifying secrets and sensitive information in code repositories.

A service that integrates with Trustwave Fusion platform, allowing for automated security scanning through its API, facilitating continuous security monitoring and vulnerability management.

A feature in Prisma Cloud by Palo Alto Networks that scans container images for vulnerabilities, helping to secure containerized applications by identifying and mitigating vulnerabilities in container images.

A tool that scans code repositories for vulnerabilities using various plugins and integrations, helping organizations to identify and remediate vulnerabilities in their codebases.

A suite of security tools by Veracode that scans applications for vulnerabilities in a range of programming languages, helping to secure applications throughout the SDLC.

A tool by Veracode that identifies vulnerabilities in open-source components used in applications, helping developers maintain secure open-source usage.

An AI-powered database and security analysis tool that collects and analyzes vulnerabilities from various sources, providing actionable insights for vulnerability management and security assessments.

An open-source web application vulnerability scanner that identifies various vulnerabilities by “black-box” testing, helping organizations secure their web applications against different threats.

A security information and event management (SIEM) tool that provides log analysis, intrusion detection, vulnerability detection, and other security monitoring capabilities for IT environments.

A feature in the WFuzz tool that exports the results of a security testing process in JSON format, enabling easier integration with other systems and detailed reporting on web application vulnerabilities.

A static code analysis tool that identifies hard-coded secrets and sensitive information in source code, helping to prevent security issues arising from secret leakage.

A cloud-based application security platform that identifies vulnerabilities in applications throughout their lifecycle, providing solutions to help maintain secure applications.

This parser imports scan results from wiz. You have to use Report Type Standard when you export the results. The file format will be .csv which is parsable within DefectDojo.

A black-box WordPress vulnerability scanner that identifies known vulnerabilities in WordPress installations, helping to maintain secure WordPress sites.

A static code analysis tool that identifies security vulnerabilities in web applications, aiding developers in finding and fixing security issues in the early stages of development.

A command in the Yarn package manager that identifies known vulnerabilities in project dependencies, helping to maintain secure Node.js applications by managing vulnerability risks in dependencies.

A security scanning tool part of OWASP ZAP (Zed Attack Proxy) project that identifies vulnerabilities in web applications, facilitating secure development and deployment of web applications.