Vendor Directory
Explore application security and software supply chain vendors.
APIsec
Uncover API vulnerabilities with unmatched precision
APIsec is your AI-powered partner for API security, designed to find real vulnerabilities through advanced testing tools. The platform automatically maps your API endpoints and employs thousands of AI-powered attack simulations to identify logic flaws and data exposures with speed and accuracy unrivaled by traditional methods. With no false positives, APIsec provides actionable insights and expert guidance, ensuring continuous protection and monitoring of your APIs. Ideal for organizations needing robust API security solutions, APIsec enables users to create a free account and quickly perform initial scans without the need for credit card details.
Dark Sky Technology, Inc.
Secure your software, uncover hidden risks
Dark Sky Technology provides a robust platform for managing Software Bills of Materials (SBOMs) to enhance secure software development. Their tool efficiently blocks risky open-source components while uncovering threats that are often unnoticed by traditional Software Composition Analysis (SCA) tools. This solution is designed for small teams as well as large enterprises, offering flexible deployment options, including hosted, private cloud, and on-premises solutions. The platform allows straightforward, transparent pricing without user counting or API call limitations, catering to dynamic project needs. Discover insights into how SBOMs support compliance and security in software development.
FOSSA
Secure your software supply chain with confidence
FOSSA offers a platform focused on software supply chain security, combining SCA, SBOM capabilities, and container security. The product scans direct and transitive dependencies to unlimited depth and identifies deep vulnerabilities in transitive dependencies. Built-in reachability analysis is used to eliminate common false positives, and the platform surfaces prioritized vulnerability fixes using a proprietary algorithm and proprietary vulnerability database. FOSSA positions itself as a consolidated solution for SCA, BCA, and container security that scales to thousands of developers and provides comprehensive reporting across SCA, BCA, and containers to support regulatory compliance. The platform is described as used by enterprise security teams and intended to consolidate security tooling.
MergeBase
Secure your software supply chain effortlessly
MergeBase is a Software Composition Analysis (SCA) platform focused on reducing software supply chain risk and helping teams meet compliance requirements. The developer-oriented SCA solution emphasizes the lowest false positive rate and complete DevOps coverage from coding and building to deployment and runtime. MergeBase combines SCA, a comprehensive SBOM engine, and patented AI-powered Runtime SCA, and includes container scanning, vulnerability management, AutoPatching, and full reports that integrate into security workflows. Delivered as SaaS and SOC 2 certified, the platform supports many languages (Java, Python, JavaScript, Go, C/C++, Rust, and others) and targets organizations managing open source risk and their software supply chain attack surface.
FossID
Secure your code, innovate with confidence
FossID provides robust Software Composition Analysis (SCA) solutions designed to enhance open-source software adoption while ensuring security and compliance. Our powerful SCA capabilities facilitate deep static analysis of your source code, helping to prevent intellectual property leakage. With flexible workflows and secure deployment options, FossID aids organizations in innovating responsibly. Our services are tailored to help clients fast-track their software security success. Ensure your software integrity and compliance with FossID's expertise.
Mend.io
Secure your code, safeguard your future
Mend.io presents an AI-native application security platform purpose-built to secure AI-generated code and embedded AI components. The product focuses on managing open source application risk by identifying, mapping, and analyzing open source vulnerabilities and malicious packages. Mend SCA prioritizes remediations based on application and enterprise risk and alerts developers within their environment with actionable information such as vulnerable code, data flows, and training resources. The offering is positioned for AppSec teams and developers who rely on open source packages and need tools to remediate effectively, reduce the number of introduced issues, and maintain up-to-date information about vulnerabilities in fast development cycles.