Vendor Directory
Explore application security and software supply chain vendors.
42Crunch
Secure APIs from design to deployment
42Crunch is the leading API Security platform that automates the testing, fixing, and protection of APIs throughout their development lifecycle. It enables enterprises to enforce API security compliance across distributed teams, providing tools for API semantic validation and data definition. The platform continuously monitors security compliance across IDE, CI/CD, and runtime, allowing teams to collaboratively manage API governance. 42Crunch empowers developers with automated tools that reduce false positives and streamline security processes, ensuring APIs are secure from design through to production. It integrates with popular development tools and can be deployed on any container orchestrator.
N-Stalker (acquired by Conviso)
Integrating security at every development stage
Conviso AppSec specializes in Application Security with a comprehensive platform designed to manage your AppSec posture. The Conviso Platform integrates security into the development cycle, centralizing processes in a modular and scalable manner tailored to your business's maturity. It provides continuous and automated security, enabling real-time threat detection with an AI-powered agent integrated into developers' workflows. With features that support secure design, active protection, and regulatory compliance, Conviso AppSec is positioned to help organizations protect against fraud and cyberattacks effectively.
Security Compass
Modeling Threats, Building Secure Futures
Security Compass offers threat modeling and secure development solutions. The site highlights threat modeling, “implementation-ready requirements for developers and agents,” and “secure development training,” positioned to “design compliant software” and aligned to “evolving AI and security standards.” The company notes the acquisition of Devici, a threat modeling platform, and promotes a Partner Portal and consultation options. Pricing language indicates “Pricing is in USD” with volume-based discounts and an invitation to “Contact us for a consultation.” The site also encourages subscription to a monthly Security Digest newsletter. Beyond platform capabilities, Security Compass presents training and partner/consultation channels for customers seeking secure development and application-security practices.
Apiiro
Guarding your code, securing your future
Apiiro is a unified application security platform designed to optimize enterprise security with its diamond-grade Application Security Posture Management (ASPM). It integrates multiple capabilities for risk and vulnerability management across applications, infrastructure, and code quality scanners. The platform features automated security controls validation tailored to organizational SDLC policies and leverages a proprietary Risk Graph for complete visibility and remediation prioritization. With new AI-enhanced SAST capabilities, Apiiro supports large-scale code analysis and provides guards at every phase of the software development lifecycle, ensuring comprehensive security for modern applications and software supply chains.
CODIFIC
Building Security into Every Line of Code
Codific positions itself around secure software development and security-by-design practices. The site states Codific builds secure HR‑Tech, Ed‑Tech and Medtech collaboration tools by leveraging security by design and privacy by design principles. Content highlights embedding security into the SDLC (S‑SDLC) using OWASP SAMM and the SAMMY platform to assess, validate, and plan improvements. The record notes alignment with ISO 27001, SOC 2 Type II, GDPR and CCPA, and lists practices such as secure coding practices, automated scanning, threat modeling and CI/CD security checks. The site also references OWASP SAMM training (OWASP SAMM London Training Days).
Legit Security
Automate AppSec, Secure Your Code Today
Legit Security is an AI-native Application Security Posture Management (ASPM) platform designed to automate discovery, prioritization, and remediation of AppSec issues in software development. It enables security teams to manage risks associated with AI-generated code and critical vulnerabilities effectively. By providing a real-time view of software assets, their security controls, and vulnerabilities, Legit facilitates integrated systems to enhance security measures. The platform aims to reduce development costs and accelerate the software delivery process while ensuring comprehensive security oversight.
Tromzo
Secure your software, streamline your success
Tromzo is presented as an AI-powered platform for application and software supply chain security that centralizes security data from scanners into a unified security data lake. The platform leverages deep code context and reachability analysis to triage, prioritize, and remediate vulnerabilities, and uses AI agents to autonomously assess reachability, exploitability, and impact. Tromzo provides tailored remediation recommendations, compliance-ready dashboards to track risk reduction, and positions itself to support developers and product security teams across the modern SDLC. The record emphasizes actionable context from a code-to-cloud graph and autonomous remediation agents to accelerate remediation of critical risks across the software supply chain.
CrowdStrike
Defend Your Digital World with Precision
CrowdStrike is a global cybersecurity leader with an advanced cloud-native platform designed to protect endpoints, cloud workloads, identities, and data. Their Application Security Posture Management (ASPM) offering allows organizations to prevent unauthorized access and detect malicious activities across various devices. With tailored bundles available for different industries and sizes, CrowdStrike ensures robust protection against malware, ransomware, and sophisticated threats while providing visibility and control for safe usage of removable media devices. Their expertise extends into the cyber insurance sector, reinforcing their commitment to comprehensive cybersecurity solutions.
ArmorCode Inc.
Vulnerability Insights for Strategic Security Decisions
ArmorCode's Unified Exposure Management Platform assists security teams in unifying, prioritizing, and remediating vulnerabilities across applications, code, cloud, infrastructure, and AI significantly faster. The platform leverages insights from raw vulnerability data to provide tailored, business-relevant information for stakeholders, ranging from developers to executives. This approach not only accelerates remediation efforts but also aligns with industry predictions on the integration of AI in software engineering, showcasing a forward-thinking solution for enhancing security postures.
IriusRisk
Transforming security through intelligent threat modeling
IriusRisk is an AI threat modeling tool focused on secure design and supply chain security. The product helps users generate threat model diagrams using user stories, documentation, meeting transcripts or code, and produces models complete with threats and security controls. An AI Assistant called Jeff augments secure design workflows. In minutes users can craft a threat model, pinpoint risks, and receive tailored countermeasures while spotting compliance gaps. IriusRisk integrates into existing CI/CD tools, issue trackers and scanning software. Frameworks such as PCI DSS, NIST and GDPR can be applied to threat models so countermeasures switch from recommended to required. The platform emphasizes shifting security left and automating secure design.