Black Duck

It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production.

It is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees, regex wrestling, or painful DSLs.

It is a developer-first software security app. It scans your source code & cloud to show you which vulnerabilities are actually important to solve. We speed up triaging by massively reducing false positives and making CVEs human-readable.

ShiftLeft CORE provides fast and accurate application security findings built directly into the development workflow.

It is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners.

A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.

It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.

Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary.

An extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters.

SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.

It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

A mighty, modern CSS linter that helps you enforce consistent conventions and avoid errors in your stylesheets.

RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide.

It is a community-driven tool to detect errors and potential problems in JavaScript code. It is open source and can easily adjust in the environment you expect your code to execute.

It is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

It is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

After each Git push, Code Climate analyzes your code for complexity, duplication, and common smells to determine changes in quality and surface technical debt hotspots.

It detects possible bugs in Java programs. Potential errors are classified in four ranks: scariest, scary, troubling and of concern. This is a hint to the developer about their possible impact or severity.

Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform

It focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

Ensighten is a comprehensive website security company, offering next generation compliance, enforcement and client-side protection against data loss, ad injection and intrusion.

It is a Python utility / library to sort imports alphabetically, and automatically separated into sections. It provides a command line utility, Python library and plugins for various editors to quickly sort all your imports.

Codacy automates code reviews and monitors code quality on every commit and pull request on more than 40 programming languages reporting back the impact of every commit or PR, issues concerning code style, best practices and security.

It is a free service that protects your website from spam and abuse. It uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.

It is a file format and collection of text editor plugins. It helps maintain consistent coding styles for multiple developers working on the same project across various editors and IDEs.

It is a free code coverage library for Java, which has been created based on the lessons learned from using and integration existing libraries for many years.

Phabricator is a collection of open source web applications that help software companies build better software.

It provides open-source C# and Visual Basic compilers with rich code analysis APIs. It enables building code analysis tools with the same APIs that are used by Visual Studio.

It is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, it squiggles flaws so that they can be fixed before committing code.

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

Free static analysis security tool for Ruby on Rails. Zero-setup security scans for Rails applications based on source code analysis.

We make the best rated Two-Factor Authentication smartphone app for consumers, a Rest API for developers and a strong authentication platform for the enterprise.

It is a tool to enforce Swift style and conventions, loosely based on GitHub's Swift Style Guide.It hooks into Clang and SourceKit to use the AST representation of your source files for more accurate results.

It is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

It is a tool to help keep your SCSS files clean and readable by running it against a collection of configurable linter rules. You can run it manually from the command line, or integrate it into your SCM hooks.

It is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.

Sqreen is a security platform that helps engineering team protect their web applications, API and micro-services in real-time. The solution installs with a simple application library and doesn't require engineering resources to operate. Security anomalies triggered are reported with technical context to help engineers fix the code. Ops team can assess the impact of attacks and monitor suspicious user accounts involved.

Gerrit is a self-hosted pre-commit code review tool. It serves as a Git hosting server with option to comment incoming changes. It is highly configurable and extensible with default guarding policies, webhooks, project access control and more.

It is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network.

It is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.

Manipulating the IL of an assembly as part of a build requires a significant amount of plumbing code. This plumbing code involves knowledge of both the MSBuild and Visual Studio APIs. It attempts to eliminate that plumbing code through an extensible add-in model.

Scrutinizer is a continuous inspection platform helping you to create better software.

It is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. It is provided primarily as a browser-based web application accessible through their domain, but there are also command-line adaptations.

It is a provider of state-of-the-art application security solution: static code analysis software, seamlessly integrated into development process.

It is a Style guide, with linter & automatic code fixer. It is a way to enforce consistent style in your project. It automatically formats code.

It is a machine learning service for automated code reviews and application performance recommendations. It helps you find the most expensive lines of code that hurt application performance and keep you up all night troubleshooting, then gives you specific recommendations to fix or improve your code.

It is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

It is a Web-based application primarily aimed at enterprise, and certain features that enable peer review of a code base may be considered enterprise social software.

It is a simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). It is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.

It is a cloud-native endpoint security platform combines Next-Gen Av, EDR, Threat Intelligence, Threat Hunting, and much more.