Aikido Security

Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform

It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production.

It is a solution that helps development teams manage risks that come with the use of open source. It gives you complete visibility into open source management, combining sophisticated, multi-factor open source detection capabilities with the Black Duck KnowledgeBase.

The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.

It is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs.

ShiftLeft CORE provides fast and accurate application security findings built directly into the development workflow.

It is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners.

A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.

It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.

Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary.

An extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters.

SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.

It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide.

A mighty, modern CSS linter that helps you enforce consistent conventions and avoid errors in your stylesheets.

It is a community-driven tool to detect errors and potential problems in JavaScript code. It is open source and can easily adjust in the environment you expect your code to execute.

After each Git push, Code Climate analyzes your code for complexity, duplication, and common smells to determine changes in quality and surface technical debt hotspots.

It is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

It detects possible bugs in Java programs. Potential errors are classified in four ranks: scariest, scary, troubling and of concern. This is a hint to the developer about their possible impact or severity.

It is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

Ensighten is a comprehensive website security company, offering next generation compliance, enforcement and client-side protection against data loss, ad injection and intrusion.

It focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

Codacy automates code reviews and monitors code quality on every commit and pull request on more than 40 programming languages reporting back the impact of every commit or PR, issues concerning code style, best practices and security.

Phabricator is a collection of open source web applications that help software companies build better software.

It is a file format and collection of text editor plugins. It helps maintain consistent coding styles for multiple developers working on the same project across various editors and IDEs.

It is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, it squiggles flaws so that they can be fixed before committing code.

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

We make the best rated Two-Factor Authentication smartphone app for consumers, a Rest API for developers and a strong authentication platform for the enterprise.

It is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

It is a free service that protects your website from spam and abuse. It uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.

It is a Python utility / library to sort imports alphabetically, and automatically separated into sections. It provides a command line utility, Python library and plugins for various editors to quickly sort all your imports.

It is a tool to help keep your SCSS files clean and readable by running it against a collection of configurable linter rules. You can run it manually from the command line, or integrate it into your SCM hooks.

It is a tool to enforce Swift style and conventions, loosely based on GitHub's Swift Style Guide.It hooks into Clang and SourceKit to use the AST representation of your source files for more accurate results.

Sqreen is a security platform that helps engineering team protect their web applications, API and micro-services in real-time. The solution installs with a simple application library and doesn't require engineering resources to operate. Security anomalies triggered are reported with technical context to help engineers fix the code. Ops team can assess the impact of attacks and monitor suspicious user accounts involved.

It is an addictive Inversion of Control container for .NET Core, ASP.NET Core, .NET 4.5.1+, Universal Windows apps, and more. It provides activation events to let you know when components are being activated or released, allowing for a lot of customization with little code.

It is a free code coverage library for Java, which has been created based on the lessons learned from using and integration existing libraries for many years.

Gerrit is a self-hosted pre-commit code review tool. It serves as a Git hosting server with option to comment incoming changes. It is highly configurable and extensible with default guarding policies, webhooks, project access control and more.

It is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network.

It is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.

Dependabot helps you keep your dependencies up to date. Every day, it checks your dependency files for outdated requirements and opens individual PRs for any it finds. You review, merge, and get to work on the latest, most secure releases.

It is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.

Scrutinizer is a continuous inspection platform helping you to create better software.

Free static analysis security tool for Ruby on Rails. Zero-setup security scans for Rails applications based on source code analysis.

It is a provider of state-of-the-art application security solution: static code analysis software, seamlessly integrated into development process.

It provides open-source C# and Visual Basic compilers with rich code analysis APIs. It enables building code analysis tools with the same APIs that are used by Visual Studio.

It is a machine learning service for automated code reviews and application performance recommendations. It helps you find the most expensive lines of code that hurt application performance and keep you up all night troubleshooting, then gives you specific recommendations to fix or improve your code.

It is a Style guide, with linter & automatic code fixer. It is a way to enforce consistent style in your project. It automatically formats code.

It is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

It is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. It is provided primarily as a browser-based web application accessible through their domain, but there are also command-line adaptations.

It is a Web-based application primarily aimed at enterprise, and certain features that enable peer review of a code base may be considered enterprise social software.