Vendor Directory
Explore application security and software supply chain vendors.
APIsec
Uncover API vulnerabilities with unmatched precision
APIsec is your AI-powered partner for API security, designed to find real vulnerabilities through advanced testing tools. The platform automatically maps your API endpoints and employs thousands of AI-powered attack simulations to identify logic flaws and data exposures with speed and accuracy unrivaled by traditional methods. With no false positives, APIsec provides actionable insights and expert guidance, ensuring continuous protection and monitoring of your APIs. Ideal for organizations needing robust API security solutions, APIsec enables users to create a free account and quickly perform initial scans without the need for credit card details.
Advanced Installer
Craft Installers That Define User Experience
Advanced Installer is a Windows installer authoring tool for installing, updating, and configuring products. The site positions the product for developers, ISVs and enterprises and highlights MSI authoring, Installer Analytics and tiered feature sets (Enterprise, Professional, Freeware). Content on the site covers Software Bill of Materials (SBOM) topics and notes that Advanced Installer “uses the Microsoft SBOM tool” to handle SBOMs from container images and filesystems. The product site also references an Application Packaging Academy and feature exploration pages. Descriptions and feature lists on the site indicate a vendor software offering focused on installer packaging with published guidance on SBOM integration.
42Crunch
Secure APIs from design to deployment
42Crunch is the leading API Security platform that automates the testing, fixing, and protection of APIs throughout their development lifecycle. It enables enterprises to enforce API security compliance across distributed teams, providing tools for API semantic validation and data definition. The platform continuously monitors security compliance across IDE, CI/CD, and runtime, allowing teams to collaboratively manage API governance. 42Crunch empowers developers with automated tools that reduce false positives and streamline security processes, ensuring APIs are secure from design through to production. It integrates with popular development tools and can be deployed on any container orchestrator.
ARMUR
Secure your code, safeguard your future
Armur AI offers advanced code vulnerability scanning, specializing in Static Application Security Testing (SAST) and smart contract auditing using LLM agents. The platform supports multiple programming languages including GO, Rust, JavaScript, and Python, enabling thorough static code analysis to identify vulnerabilities early in the development process. Additionally, Armur provides tools for auditing Solidity smart contracts and other blockchain contracts, ensuring robust security measures for decentralized applications. With features like Dynamic Application Security Testing (DAST) and Vulnerability Assessment and Penetration Testing (VAPT), Armur empowers developers and security professionals to secure their code effectively before deployment.
Akto.io
Secure Your AI, Safeguard Your Future
Akto provides a dedicated AI security solution that focuses on securing MCPs (Managed Control Points) and AI agents. The platform offers real-time discovery, security testing, red teaming, and agentic posture management. Recognized by Gartner™ for its innovative approach, Akto allows teams to comprehensively discover, test, and protect all their APIs effectively. As a response to the evolving landscape of cybersecurity challenges, it delivers advanced security features aligned with modern AI security demands, ensuring that organizations can maximize their security posture.
Akeyless Security
Secure your secrets, simplify your workflows
Akeyless offers a modern secrets management platform designed for teams using DevOps, hybrid cloud, and AI workloads. It centralizes and secures static, dynamic, and short-lived secrets, API tokens, and certificates across CI/CD pipelines, eliminating the need for vault management. The solution utilizes Distributed Fragments Cryptography (DFC) to ensure encryption keys are mathematically split across regions and providers, providing users with full control. Akeyless supports automated rotation and just-in-time access, integrating seamlessly with IDEs and cloud environments. This approach enhances security, compliance, and operational efficiency, helping teams mitigate risks associated with secrets sprawl.
AmbiSure Technologies Pvt. Ltd. || Let's Secure IT
Secure your business, protect your future
AmbiSure Technologies Pvt Ltd. presents itself as a dynamic next‑generation cyber security solution provider focused on "helping organizations run their businesses securely." The site references dynamic application security testing (DAST) and promotes "automated and orchestrated scans" and "dynamic analysis at scale," with a mention of Web‑Inspect. Contact details include [email protected] and office addresses in Mumbai and Surat. Messaging emphasizes cyber security solutions and protection of digital assets. The available content on the site is concise and service‑oriented, positioning AmbiSure as a vendor that delivers application security testing and related cyber security services to organizations.
QA Camp
Test with precision, release with confidence
QA CAMP specializes in comprehensive software testing services, including SAST and DAST, to deliver high-quality applications that meet user expectations. With a focus on functional, performance, and API testing, our goal is to ensure reliability and security across different platforms. Our automated testing utilizes advanced frameworks, enhancing efficiency and effectiveness in identifying issues early. We emphasize accessibility testing based on key standards, ensuring inclusivity for diverse user needs. Our commitment to superior quality and communication aids in driving positive project outcomes, equipping teams to navigate complex QA challenges effectively.
Accessibility.com
Empowering digital accessibility for businesses
Accessibility.com was born out of necessity. A strong core of professionals with nearly a century of combined experience in the digital accessibility space recognized the need for tangible and practical guidance to drive digital inclusion and compliance. We're excited to work toward our vision and thank you for your support.
CodeAnt AI
Secure code, seamless development journey
CodeAnt AI offers an AI-powered Code Health Platform designed for developers focused on security, quality, and compliance. Its solutions include intent-aware code reviews, automated security features like SAST, Infrastructure as Code (IaC) scanning, and management of secrets. The platform aims to unify code review, quality, and development metrics, enabling enterprises to fix review debt, improve code velocity, and ensure secure code deployments within their workflows. CodeAnt AI serves a wide range of developers, helping them enhance their coding practices and meet compliance requirements effectively.
Qodo
Automate Code Reviews, Accelerate Quality Assurance
Qodo is an AI code review platform designed for engineering teams to enhance code quality without sacrificing speed. It provides over 15 agentic workflows that automate reviews directly within IDEs, including support for GitHub, GitLab, and CLI. Qodo detects issues, enforces compliance rules, and validates fixes in real-time before code reaches repositories. By integrating review agents, it helps teams address security risks and ensure compliance with coding standards from day one, enabling cleaner code and a more efficient development process.
Toradex
Crafting Tomorrow's Embedded Solutions Today
Toradex produces embedded computing hardware and accompanying software for Single Board Computers (SBCs), Computer on Modules (CoM) and System on Modules. The site emphasizes production-ready software, strong integration between hardware and software, and software support including Long Term Supported (LTS) production releases. Product lifecycle states (In Development, Sample Production, Volume Production, Last Time Buy, End-of-Life) and software release cadence are documented. A site page titled "SBOM Reports" and mention of a Hardware Security Module (HSM) appear in the record, indicating published supply-chain or security-related artifacts alongside their hardware and software offerings.
SCANOSS
Navigate Open Source with Confidence
SCANOSS is an affordable, open OSS Inventory & Software Intelligence platform designed specifically for DevSecOps and supply chains. It provides actionable insights on open source software licenses and security vulnerabilities associated with undeclared OSS, legacy components, and AI-generated code. This platform enables organizations to manage their software supply chain more effectively, addressing potential security risks and compliance challenges inherent in modern software development practices. SCANOSS supports teams of all sizes, offering customizable pricing options to suit various organizational needs.
Appdome
Guarding Your Apps with AI Precision
Appdome describes an AI-native protection platform for mobile businesses that protects Android and iOS apps, APIs and identity. The product claims to build 400+ protections in apps on demand and to stop app fraud, bots, ATOs, malware and API abuse. Appdome emphasizes a no-code, automated approach that integrates into the mobile DevOps pipeline—“Build Your Own Security Pipeline for All Android & iOS Apps”—and provides continuous lifecycle defense with role-based access, event logs, build and defense release records and Certified Secure DevSecOps Certification. The platform also presents Extended Threat Management (XTM) and ThreatScope for threat monitoring, analytics and visibility into the active attack surface.
Quali
Transforming cloud complexity into seamless solutions
Quali provides agentic AI tools for DevOps, platform engineering, and infrastructure teams to build, provision, and manage cloud environments. The product offers out-of-the-box IaC modules, leverages resources in repositories to create reusable environment definitions, and can turn ecosystem resources into no-code assets and source files defining cloud environments. Teams can launch designed environments via a self-service portal with role-based access and integrations. Quali automates Terraform infrastructure, imports and manages Helm charts, and distributes access to cloud accounts. It introduces a control layer to monitor and optimize cloud infrastructure in CI/CD pipelines and provides continuous monitoring for configuration drift and violations of cloud governance policies. Activity and associated costs are tracked by users and teams to help act on efficiency opportunities.
Veracode
Secure your code, accelerate your innovation
Veracode offers an Application Risk Management platform to secure the software development life cycle (SDLC). It provides tools that help identify, prioritize, and mitigate application risks efficiently through AI-driven insights. The platform allows for the integration and automation of security within the development pipeline. Veracode has decades of leadership in software security expertise and has been recognized in the Gartner Magic Quadrant for Application Security Testing. Its services support organizations in managing application security risks and in maintaining software velocity while addressing vulnerabilities effectively.
Dscifer
Guarding your code, securing your future
Dscifer specializes in comprehensive Cyber Security and Risk Management solutions. They provide services to help organizations manage software security through testing of applications, architecture reviews, source code analysis, and security controls implementation throughout the software development lifecycle (SDLC). Their experts improve application security by assessing known and unknown risks, delivering validated test results, and providing actionable recommendations. Dscifer also focuses on training development teams to build secure programs, identifying threats through threat modeling, and enhancing overall code quality while reducing vulnerabilities.
Cloudsmith
Secure your software supply chain effortlessly
Cloudsmith is a fully-managed, enterprise-scale solution for controlling, securing, and distributing software packages and containers. It provides supply chain security software with observability and governance, helping organizations protect their end users by mitigating compliance issues before they reach production systems. With a single, observable home for every package and container, Cloudsmith boosts productivity with global artifact distribution and powerful analytics. Streamline operations and drive innovation with integrated analytics, logging, and audit trail tools, making it the ideal platform for enterprises looking to enhance their software supply chain security.
Timesys is Now Lynx
Secure your embedded software journey
Timesys offers solutions for building, securing, and maintaining embedded Linux, Android, and open-source operating systems. Their services include SBOM Management, Vulnerability Monitoring, and Remediation, specifically tailored for embedded software markets. Additionally, they provide development tools that support SBOM generation. Their team also offers bespoke engineering services, test automation, and remote access infrastructure to enhance client control and security. Timesys focuses on supporting mission-critical applications with a modular approach ensuring security and compliance in software management.
OX Security
Secure code, safeguarded applications, simplified.
OX Security offers VibeSec, an AI-native application security platform designed to secure software from code to runtime. It provides continuous action against application security risks, reducing manual efforts and false positives significantly. With advanced scanning capabilities covering SAST and SCA, as well as container security, VibeSec automates risk remediation based on contextual prioritization. It features a comprehensive PBOM technology that enhances security monitoring, tracks code and application integrity, and reduces attack surfaces. VibeSec empowers development teams to address vulnerabilities swiftly through a unified view of security insights, tailored to their specific business objectives.