{"@context":"https://appsecsanta.com/schemas/tools-index-v1","name":"AppSec Santa Tools Index","description":"Machine-readable catalog of 247 application security tools reviewed on AppSec Santa. Designed for AI agents that need to compare, filter, or link to specific tools without crawling individual pages.","url":"https://appsecsanta.com/tools-index.json","license":"https://creativecommons.org/licenses/by/4.0/","attribution":"AppSec Santa (https://appsecsanta.com)","generated":"2026-05-06T11:35:47+03:00","version":1,"count":247,"categories":[{"slug":"sast","name":"SAST","url":"https://appsecsanta.com/sast-tools","description":"Find vulnerabilities in source code before deployment"},{"slug":"sca","name":"SCA","url":"https://appsecsanta.com/sca-tools","description":"Detect risks across your dependency graph"},{"slug":"dast","name":"DAST","url":"https://appsecsanta.com/dast-tools","description":"Test running applications for security flaws"},{"slug":"iast","name":"IAST","url":"https://appsecsanta.com/iast-tools","description":"Detect vulnerabilities during application testing"},{"slug":"rasp","name":"RASP","url":"https://appsecsanta.com/rasp-tools","description":"Block attacks in real time from inside the app"},{"slug":"ai-security","name":"AI Security","url":"https://appsecsanta.com/ai-security-tools","description":"Secure LLM apps against prompt injection, jailbreaks, and data leakage"},{"slug":"api-security","name":"API Security","url":"https://appsecsanta.com/api-security-tools","description":"Discover, test, and protect your APIs"},{"slug":"iac-security","name":"IaC Security","url":"https://appsecsanta.com/iac-security-tools","description":"Catch misconfigurations in Terraform, CloudFormation \u0026 K8s"},{"slug":"aspm","name":"ASPM","url":"https://appsecsanta.com/aspm-tools","description":"Centralize and prioritize findings across tools"},{"slug":"mobile","name":"Mobile Security","url":"https://appsecsanta.com/mobile-security-tools","description":"Scan mobile apps for vulnerabilities and data leaks"},{"slug":"container-security","name":"Container Security","url":"https://appsecsanta.com/container-security-tools","description":"Scan images, secure K8s clusters \u0026 detect runtime threats"},{"slug":"secret-scanning","name":"Secrets","url":"https://appsecsanta.com/secret-scanning-tools","description":"Detect API keys, passwords, and tokens before they leak"}],"tools":[{"slug":"42crunch","name":"42Crunch","category":"api-security","category_name":"API Security","status":"active","license":"Commercial (with Free tier)","website":"https://42crunch.com/","url":"https://appsecsanta.com/42crunch","summary":"OpenAPI Spec Audit \u0026 Conformance","updated":"2026-02-02T00:00:00Z"},{"slug":"7ai","name":"7AI","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://7ai.com/","url":"https://appsecsanta.com/7ai","summary":"AI SOC Agents with Dynamic Reasoning","updated":"2026-04-14T00:00:00Z"},{"slug":"accuknox","name":"AccuKnox","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://accuknox.com","url":"https://appsecsanta.com/accuknox","summary":"ASPM with runtime visibility built on KubeArmor (eBPF/LSM)","updated":"2026-04-29T00:00:00Z"},{"slug":"acunetix","name":"Acunetix","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.acunetix.com","url":"https://appsecsanta.com/acunetix","summary":"Multi-Platform Easy-to-Use DAST","updated":"2026-02-04T00:00:00Z"},{"slug":"acunetix-acusensor","name":"Acunetix AcuSensor","category":"iast","category_name":"IAST","status":"active","license":"Commercial","website":"https://www.acunetix.com/vulnerability-scanner/acusensor-technology/","url":"https://appsecsanta.com/acunetix-acusensor","summary":"Line-of-Code Details","updated":"2026-02-07T00:00:00Z"},{"slug":"art","name":"Adversarial Robustness Toolbox (ART)","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source, MIT)","website":"https://adversarial-robustness-toolbox.readthedocs.io/","url":"https://appsecsanta.com/art","summary":"IBM's ML security library for adversarial attacks and defenses","updated":"2026-03-19T00:00:00Z","github":"https://github.com/Trusted-AI/adversarial-robustness-toolbox","github_stars":5900},{"slug":"agentic-radar","name":"Agentic Radar","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://splx.ai/resources/agentic-radar","url":"https://appsecsanta.com/agentic-radar","summary":"Security Scanner for LLM Agentic Workflows","updated":"2026-04-03T00:00:00Z","github":"https://github.com/splx-ai/agentic-radar","github_stars":942},{"slug":"aikido","name":"Aikido Security","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial (Free tier available)","website":"https://www.aikido.dev","url":"https://appsecsanta.com/aikido","summary":"All-in-One AppSec with 95% Noise Reduction","updated":"2026-02-03T00:00:00Z"},{"slug":"akamai-api-security","name":"Akamai API Security (Noname)","category":"api-security","category_name":"API Security","status":"active","license":"Commercial","website":"https://www.akamai.com/products/api-security","url":"https://appsecsanta.com/akamai-api-security","summary":"Platform-Agnostic API Protection at Scale","updated":"2026-02-04T00:00:00Z"},{"slug":"akto","name":"Akto","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial (Free tier available)","website":"https://www.akto.io","url":"https://appsecsanta.com/akto","summary":"AI Agent \u0026 MCP Security Platform","updated":"2026-02-27T00:00:00Z"},{"slug":"alter-ai","name":"Alter","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://alter.ai/","url":"https://appsecsanta.com/alter-ai","summary":"Zero-Trust Access Control for AI Agents (YC S25)","updated":"2026-04-03T00:00:00Z"},{"slug":"anchore","name":"Anchore","category":"sca","category_name":"SCA","status":"active","license":"Commercial (Open-Source tools available)","website":"https://anchore.com/","url":"https://appsecsanta.com/anchore","summary":"SBOM-First Container Security Platform","updated":"2026-02-25T00:00:00Z","github":"https://github.com/anchore"},{"slug":"grype","name":"Anchore Grype","category":"sca","category_name":"SCA","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://github.com/anchore/grype","url":"https://appsecsanta.com/grype","summary":"Fast Container Vulnerability Scanner","updated":"2026-02-25T00:00:00Z","github":"https://github.com/anchore/grype","github_stars":11500},{"slug":"apiiro","name":"Apiiro","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://apiiro.com","url":"https://appsecsanta.com/apiiro","summary":"Deep Code Analysis ASPM with Risk Graph","updated":"2026-04-14T00:00:00Z"},{"slug":"apisec","name":"APIsec","category":"api-security","category_name":"API Security","status":"active","license":"Freemium","website":"https://www.apisec.ai","url":"https://appsecsanta.com/apisec","summary":"AI-Powered API Pentesting Platform","updated":"2026-02-04T00:00:00Z"},{"slug":"apktool","name":"Apktool","category":"mobile","category_name":"Mobile Security","status":"active","license":"Apache License 2.0 (open source)","website":"https://apktool.org/","url":"https://appsecsanta.com/apktool","summary":"Android APK resource decoding \u0026 rebuild","updated":"2026-03-19T00:00:00Z","github":"https://github.com/iBotPeaches/Apktool","github_stars":24100},{"slug":"appcheck","name":"AppCheck","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://appcheck-ng.com","url":"https://appsecsanta.com/appcheck","summary":"Former Internal Pentest Tool","updated":"2026-02-04T00:00:00Z"},{"slug":"appdome","name":"Appdome","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.appdome.com","url":"https://appsecsanta.com/appdome","summary":"No-Code Mobile Defense Automation","updated":"2026-02-22T00:00:00Z"},{"slug":"appknox","name":"AppKnox","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.appknox.com","url":"https://appsecsanta.com/appknox","summary":"Mobile AppSec trusted by 300+ enterprises","updated":"2026-02-04T00:00:00Z"},{"slug":"apptrana","name":"AppTrana","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.indusface.com/products/apptrana-waap-platform/","url":"https://appsecsanta.com/apptrana","summary":"Fully managed WAAP with integrated DAST and WAF","updated":"2026-04-10T00:00:00Z"},{"slug":"aqua-security","name":"Aqua Security","category":"container-security","category_name":"Container Security","status":"active","license":"Commercial","website":"https://www.aquasec.com/","url":"https://appsecsanta.com/aqua-security","summary":"Full-Lifecycle CNAPP Platform","updated":"2026-02-25T00:00:00Z","github":"https://github.com/aquasecurity"},{"slug":"arachni","name":"Arachni","category":"dast","category_name":"DAST","status":"deprecated","license":"Free (Open-Source, Apache 2.0)","website":"https://www.arachni-scanner.com/","url":"https://appsecsanta.com/arachni","summary":"Archived Web Scanner","updated":"2026-02-15T00:00:00Z","github":"https://github.com/Arachni/arachni","github_stars":3400},{"slug":"arize-ai","name":"Arize AI","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source) and Commercial","website":"https://arize.com/","url":"https://appsecsanta.com/arize-ai","summary":"OpenTelemetry-based AI observability with open-source Phoenix","updated":"2026-04-03T00:00:00Z","github":"https://github.com/Arize-ai/phoenix","github_stars":9100},{"slug":"armorcode","name":"ArmorCode","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.armorcode.com","url":"https://appsecsanta.com/armorcode","summary":"AI-Powered Risk Correlation","updated":"2026-04-20T00:00:00Z"},{"slug":"arnica","name":"Arnica","category":"sca","category_name":"SCA","status":"active","license":"Freemium","website":"https://www.arnica.io/","url":"https://appsecsanta.com/arnica","summary":"Pipelineless SCA with Package Reputation","updated":"2026-02-04T00:00:00Z"},{"slug":"arthur-ai","name":"Arthur AI","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial (with open-source components)","website":"https://www.arthur.ai/","url":"https://appsecsanta.com/arthur-ai","summary":"AI Observability and Bias Detection","updated":"2026-02-10T00:00:00Z"},{"slug":"astra-security","name":"Astra Security","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.getastra.com","url":"https://appsecsanta.com/astra-security","summary":"AI-Powered Continuous Pentest Platform","updated":"2026-04-18T00:00:00Z"},{"slug":"augustus","name":"Augustus","category":"ai-security","category_name":"AI Security","status":"active","license":"open-source","website":"https://www.praetorian.com/blog/introducing-augustus-open-source-llm-prompt-injection/","url":"https://appsecsanta.com/augustus","summary":"Production-grade LLM vulnerability scanner with 210+ adversarial probes","updated":"2026-04-03T00:00:00Z","github":"https://github.com/praetorian-inc/augustus","github_stars":172},{"slug":"bandit","name":"Bandit","category":"sast","category_name":"SAST","status":"active","license":"Free (Open-Source)","website":"https://bandit.readthedocs.io","url":"https://appsecsanta.com/bandit","summary":"Open-Source Python Scanner","updated":"2026-02-27T00:00:00Z","github":"https://github.com/PyCQA/bandit","github_stars":7900},{"slug":"beagle-security","name":"Beagle Security","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://beaglesecurity.com","url":"https://appsecsanta.com/beagle-security","summary":"AI-Powered Pentesting Platform","updated":"2026-02-04T00:00:00Z"},{"slug":"bearer","name":"Bearer","category":"sast","category_name":"SAST","status":"acquired","license":"Open Source (ELv2) / Part of Cycode","website":"https://www.bearer.com","url":"https://appsecsanta.com/bearer","summary":"Data-First SAST with Privacy Scanning","updated":"2026-03-04T00:00:00Z","github":"https://github.com/Bearer/bearer","github_stars":2579},{"slug":"betterleaks","name":"Betterleaks","category":"secret-scanning","category_name":"Secrets","status":"active","license":"Free (Open-Source, MIT)","website":"https://betterleaks.com","url":"https://appsecsanta.com/betterleaks","summary":"Gitleaks successor with secrets validation","updated":"2026-03-19T00:00:00Z","github":"https://github.com/betterleaks/betterleaks","github_stars":473},{"slug":"blackduck","name":"Black Duck","category":"sca","category_name":"SCA","status":"active","license":"Commercial","website":"https://www.blackduck.com/software-composition-analysis-tools/black-duck-sca.html","url":"https://appsecsanta.com/blackduck","summary":"SBOM \u0026 License Compliance","updated":"2026-04-20T00:00:00Z"},{"slug":"blackduck-web-scanner","name":"Black Duck Web Scanner","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.blackduck.com","url":"https://appsecsanta.com/blackduck-web-scanner","summary":"Enterprise DAST on the Polaris Platform","updated":"2026-04-10T00:00:00Z"},{"slug":"brakeman","name":"Brakeman","category":"sast","category_name":"SAST","status":"active","license":"Free (Non-Commercial)","website":"https://brakemanscanner.org/","url":"https://appsecsanta.com/brakeman","summary":"Open-Source Ruby on Rails","updated":"2026-02-04T00:00:00Z","github":"https://github.com/presidentbeef/brakeman","github_stars":7200},{"slug":"bright-security","name":"Bright Security","category":"dast","category_name":"DAST","status":"active","license":"Freemium","website":"https://brightsec.com","url":"https://appsecsanta.com/bright-security","summary":"Developer-First CI/CD DAST","updated":"2026-04-14T00:00:00Z"},{"slug":"burp-suite","name":"Burp Suite","category":"dast","category_name":"DAST","status":"active","license":"Freemium","website":"https://portswigger.net/burp","url":"https://appsecsanta.com/burp-suite","summary":"Web Application Pentesting Toolkit","updated":"2026-02-04T00:00:00Z"},{"slug":"calico","name":"Calico","category":"container-security","category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0) + Commercial","website":"https://www.tigera.io/calico/","url":"https://appsecsanta.com/calico","summary":"Kubernetes networking and network security at scale","updated":"2026-03-19T00:00:00Z","github":"https://github.com/projectcalico/calico","github_stars":7100},{"slug":"calypsoai","name":"CalypsoAI","category":"ai-security","category_name":"AI Security","status":"acquired","license":"Commercial","website":"https://calypsoai.com/","url":"https://appsecsanta.com/calypsoai","summary":"Inference-Layer AI Security Platform","updated":"2026-02-10T00:00:00Z"},{"slug":"cast-highlight","name":"CAST Highlight","category":"sca","category_name":"SCA","status":"active","license":"Commercial","website":"https://www.castsoftware.com/products/highlight","url":"https://appsecsanta.com/cast-highlight","summary":"Chrome Extension, SBOM Export","updated":"2026-02-04T00:00:00Z"},{"slug":"cdxgen","name":"cdxgen","category":"sca","category_name":"SCA","status":"active","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/cdxgen/cdxgen","url":"https://appsecsanta.com/cdxgen","summary":"CycloneDX SBOM generator for 20+ languages","updated":"2026-04-14T00:00:00Z","github":"https://github.com/cdxgen/cdxgen","github_stars":936},{"slug":"cequence","name":"Cequence Security","category":"api-security","category_name":"API Security","status":"active","license":"Commercial","website":"https://www.cequence.ai","url":"https://appsecsanta.com/cequence","summary":"Unified API Protection with Native Blocking","updated":"2026-04-14T00:00:00Z"},{"slug":"cerbos","name":"Cerbos","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source) and Commercial","website":"https://www.cerbos.dev/","url":"https://appsecsanta.com/cerbos","summary":"Policy-Based Authorization for AI Agents and MCP Servers","updated":"2026-04-03T00:00:00Z","github":"https://github.com/cerbos/cerbos","github_stars":4300},{"slug":"chainguard","name":"Chainguard","category":"sca","category_name":"SCA","status":"active","license":"Commercial (Free tier available)","website":"https://www.chainguard.dev/","url":"https://appsecsanta.com/chainguard","summary":"Zero-CVE Hardened Container Images","updated":"2026-02-10T00:00:00Z"},{"slug":"checkmarx","name":"Checkmarx","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://checkmarx.com/","url":"https://appsecsanta.com/checkmarx","summary":"Enterprise AppSec platform for Fortune 100","updated":"2026-02-04T00:00:00Z"},{"slug":"checkmarx-aspm","name":"Checkmarx ASPM","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://checkmarx.com/product/aspm/","url":"https://appsecsanta.com/checkmarx-aspm","summary":"ASPM module embedded in the Checkmarx One platform with agentic AI","updated":"2026-04-29T00:00:00Z"},{"slug":"checkmarx-dast","name":"Checkmarx DAST","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://checkmarx.com/checkmarx-dast/","url":"https://appsecsanta.com/checkmarx-dast","summary":"ZAP-Powered Enterprise DAST in Checkmarx One","updated":"2026-04-10T00:00:00Z"},{"slug":"checkmarx-iast","name":"Checkmarx IAST","category":"iast","category_name":"IAST","status":"active","license":"Commercial","website":"https://checkmarx.com/","url":"https://appsecsanta.com/checkmarx-iast","summary":"Unified AppSec Platform Integration","updated":"2026-02-07T00:00:00Z"},{"slug":"checkmarx-sca","name":"Checkmarx SCA","category":"sca","category_name":"SCA","status":"active","license":"Commercial (with Free Trial)","website":"https://checkmarx.com/product/cxsca-open-source-scanning/","url":"https://appsecsanta.com/checkmarx-sca","summary":"Three-Pronged Analysis","updated":"2026-02-02T00:00:00Z"},{"slug":"checkov","name":"Checkov","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://www.checkov.io/","url":"https://appsecsanta.com/checkov","summary":"1,000+ Policies for Terraform, CloudFormation \u0026 K8s","updated":"2026-02-02T00:00:00Z","github":"https://github.com/bridgecrewio/checkov","github_stars":8500},{"slug":"cisco-defenseclaw","name":"Cisco DefenseClaw","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/cisco-ai-defense/defenseclaw","url":"https://appsecsanta.com/cisco-defenseclaw","summary":"Enterprise Security Governance for Agentic AI","updated":"2026-04-03T00:00:00Z","github":"https://github.com/cisco-ai-defense/defenseclaw","github_stars":170},{"slug":"clair","name":"Clair","category":"container-security","category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://github.com/quay/clair","url":"https://appsecsanta.com/clair","summary":"Open-source container image vulnerability scanner","updated":"2026-02-25T00:00:00Z","github":"https://github.com/quay/clair","github_stars":11e3},{"slug":"codacy","name":"Codacy","category":"sast","category_name":"SAST","status":"active","license":"Commercial (Free for open-source, CLI is AGPL-3.0)","website":"https://www.codacy.com","url":"https://appsecsanta.com/codacy","summary":"40+ Languages with AI Code Protection","updated":"2026-02-04T00:00:00Z","github":"https://github.com/codacy/codacy-analysis-cli","github_stars":113},{"slug":"codedx","name":"CodeDx","category":"aspm","category_name":"ASPM","status":"acquired","license":"Commercial","website":"https://www.blackduck.com/software-risk-manager.html","url":"https://appsecsanta.com/codedx","summary":"Multi-scanner vulnerability correlation","updated":"2026-02-03T00:00:00Z"},{"slug":"conftest","name":"Conftest","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://www.conftest.dev/","url":"https://appsecsanta.com/conftest","summary":"Policy-as-Code Testing","updated":"2026-04-14T00:00:00Z","github":"https://github.com/open-policy-agent/conftest","github_stars":3100},{"slug":"contrast-assess","name":"Contrast Assess","category":"iast","category_name":"IAST","status":"active","license":"Commercial","website":"https://www.contrastsecurity.com/contrast-assess","url":"https://appsecsanta.com/contrast-assess","summary":"Runtime IAST with Low False Positives","updated":"2026-02-07T00:00:00Z"},{"slug":"contrast-protect","name":"Contrast Protect","category":"rasp","category_name":"RASP","status":"active","license":"Commercial","website":"https://www.contrastsecurity.com/contrast-protect","url":"https://appsecsanta.com/contrast-protect","summary":"Application Detection and Response (ADR) Beyond RASP","updated":"2026-02-02T00:00:00Z"},{"slug":"contrast-sca","name":"Contrast SCA","category":"sca","category_name":"SCA","status":"active","license":"Commercial (with Free Trial)","website":"https://www.contrastsecurity.com/contrast-sca","url":"https://appsecsanta.com/contrast-sca","summary":"Runtime Library Prioritization","updated":"2026-02-02T00:00:00Z"},{"slug":"contrast-scan","name":"Contrast Scan","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://www.contrastsecurity.com/contrast-scan","url":"https://appsecsanta.com/contrast-scan","summary":"SAST with Runtime Context","updated":"2026-02-02T00:00:00Z"},{"slug":"contrast-security","name":"Contrast Security","category":"iast","category_name":"IAST","status":"renamed","license":"Commercial","website":"https://www.contrastsecurity.com/","url":"https://appsecsanta.com/contrast-security","summary":"Runtime-Powered Application Security","updated":"2026-02-15T00:00:00Z"},{"slug":"corellium","name":"Corellium","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.corellium.com","url":"https://appsecsanta.com/corellium","summary":"ARM-based virtual iOS \u0026 Android devices for security research","updated":"2026-03-23T00:00:00Z"},{"slug":"corgea","name":"Corgea","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://corgea.com/","url":"https://appsecsanta.com/corgea","summary":"AI-native SAST with automatic vulnerability detection and code fix generation","updated":"2026-03-23T00:00:00Z"},{"slug":"coverity","name":"Coverity","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://www.blackduck.com/static-analysis-tools-sast/coverity","url":"https://appsecsanta.com/coverity","summary":"Deep Analysis for Complex Codebases","updated":"2026-02-04T00:00:00Z"},{"slug":"crowdstrike-falcon-aidr","name":"CrowdStrike Falcon AIDR","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.crowdstrike.com/en-us/platform/falcon-aidr-ai-detection-and-response/","url":"https://appsecsanta.com/crowdstrike-falcon-aidr","summary":"AI Detection \u0026 Response for the Falcon Platform","updated":"2026-04-03T00:00:00Z"},{"slug":"crowdstrike-falcon-aspm","name":"CrowdStrike Falcon ASPM","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.crowdstrike.com/platform/cloud-security/aspm/","url":"https://appsecsanta.com/crowdstrike-falcon-aspm","summary":"Runtime-driven ASPM with shadow AI detection, inside the Falcon platform","updated":"2026-04-29T00:00:00Z"},{"slug":"cycode","name":"Cycode","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://cycode.com","url":"https://appsecsanta.com/cycode","summary":"Complete ASPM with 94% Fewer False Positives","updated":"2026-02-04T00:00:00Z"},{"slug":"cylake","name":"Cylake","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.cylake.com/","url":"https://appsecsanta.com/cylake","summary":"AI-Native Cybersecurity with Data Sovereignty","updated":"2026-04-22T00:00:00Z"},{"slug":"dastardly","name":"Dastardly","category":"dast","category_name":"DAST","status":"active","license":"Free","website":"https://portswigger.net/burp/documentation/dastardly","url":"https://appsecsanta.com/dastardly","summary":"Free CI/CD DAST from PortSwigger","updated":"2026-02-04T00:00:00Z","github":"https://github.com/PortSwigger/dastardly-github-action","github_stars":295},{"slug":"data-theorem","name":"Data Theorem Mobile Secure","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.datatheorem.com/products/mobile-secure/","url":"https://appsecsanta.com/data-theorem","summary":"Full-stack mobile AppSec","updated":"2026-04-14T00:00:00Z"},{"slug":"datadog-asm","name":"Datadog Application Security","category":"rasp","category_name":"RASP","status":"active","license":"Commercial","website":"https://www.datadoghq.com/product/application-security-management/","url":"https://appsecsanta.com/datadog-asm","summary":"APM-Integrated Runtime Protection","updated":"2026-02-04T00:00:00Z"},{"slug":"datadog-iast","name":"Datadog Code Security (IAST)","category":"iast","category_name":"IAST","status":"active","license":"Commercial","website":"https://www.datadoghq.com/product/iast/","url":"https://appsecsanta.com/datadog-iast","summary":"APM-Integrated Vulnerability Detection","updated":"2026-02-07T00:00:00Z"},{"slug":"dazz","name":"Dazz","category":"aspm","category_name":"ASPM","status":"acquired","license":"Commercial","website":"https://www.dazz.io","url":"https://appsecsanta.com/dazz","summary":"Unified Remediation Platform","updated":"2026-02-22T00:00:00Z"},{"slug":"deepsource","name":"DeepSource","category":"sast","category_name":"SAST","status":"active","license":"Commercial (Free tier available)","website":"https://deepsource.com","url":"https://appsecsanta.com/deepsource","summary":"AI-Powered Code Analysis with Autofix","updated":"2026-02-04T00:00:00Z"},{"slug":"deepteam","name":"DeepTeam","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/confident-ai/deepteam","url":"https://appsecsanta.com/deepteam","summary":"LLM Red Teaming Framework","updated":"2026-02-04T00:00:00Z","github":"https://github.com/confident-ai/deepteam","github_stars":1277},{"slug":"defectdojo","name":"DefectDojo","category":"aspm","category_name":"ASPM","status":"active","license":"Free (Open-Source)","website":"https://www.defectdojo.com","url":"https://appsecsanta.com/defectdojo","summary":"Open-Source ASPM with 200+ Tool Parsers","updated":"2026-02-02T00:00:00Z","github":"https://github.com/DefectDojo/django-DefectDojo","github_stars":4500},{"slug":"detect-secrets","name":"detect-secrets","category":"secret-scanning","category_name":"Secrets","status":"active","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/Yelp/detect-secrets","url":"https://appsecsanta.com/detect-secrets","summary":"Baseline secret management","updated":"2026-02-12T00:00:00Z","github":"https://github.com/Yelp/detect-secrets","github_stars":4300},{"slug":"detectify","name":"Detectify","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://detectify.com","url":"https://appsecsanta.com/detectify","summary":"Crowdsourced Vulnerability Intel","updated":"2026-02-04T00:00:00Z"},{"slug":"docker-scout","name":"Docker Scout","category":"container-security","category_name":"Container Security","status":"active","license":"Freemium","website":"https://docs.docker.com/scout/","url":"https://appsecsanta.com/docker-scout","summary":"Docker-Native Security Scanning","updated":"2026-02-25T00:00:00Z"},{"slug":"drozer","name":"Drozer","category":"mobile","category_name":"Mobile Security","status":"active","license":"BSD 3-Clause License (open source)","website":"https://labs.reversec.com/tools/drozer/","url":"https://appsecsanta.com/drozer","summary":"Android attack surface assessment framework","updated":"2026-03-19T00:00:00Z","github":"https://github.com/ReversecLabs/drozer","github_stars":4500},{"slug":"dynatrace","name":"Dynatrace","category":"rasp","category_name":"RASP","status":"active","license":"Commercial","website":"https://www.dynatrace.com/platform/application-security/","url":"https://appsecsanta.com/dynatrace","summary":"Full-Stack Observability with Built-in Security","updated":"2026-02-02T00:00:00Z"},{"slug":"endor-labs","name":"Endor Labs","category":"sca","category_name":"SCA","status":"active","license":"Commercial","website":"https://www.endorlabs.com","url":"https://appsecsanta.com/endor-labs","summary":"AI-Native AppSec with 97% Noise Reduction","updated":"2026-02-02T00:00:00Z"},{"slug":"escape","name":"Escape","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://escape.tech","url":"https://appsecsanta.com/escape","summary":"Business Logic Security Testing","updated":"2026-02-04T00:00:00Z"},{"slug":"eschecker","name":"esChecker","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://eshard.com/eschecker/","url":"https://appsecsanta.com/eschecker","summary":"DAST + IAST for Mobile, OWASP MASVS","updated":"2026-02-04T00:00:00Z"},{"slug":"falco","name":"Falco","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://falco.org/","url":"https://appsecsanta.com/falco","summary":"Cloud-native runtime security","updated":"2026-02-25T00:00:00Z","github":"https://github.com/falcosecurity/falco","github_stars":8700},{"slug":"faraday","name":"Faraday","category":"aspm","category_name":"ASPM","status":"active","license":"Freemium (Free Community Edition, paid plans available)","website":"https://faradaysec.com/","url":"https://appsecsanta.com/faraday","summary":"Open-Source ASPM with 80+ Tool Integrations","updated":"2026-04-30T00:00:00Z","github":"https://github.com/infobyte/faraday","github_stars":6200},{"slug":"fluid-attacks","name":"Fluid Attacks","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://fluidattacks.com/","url":"https://appsecsanta.com/fluid-attacks","summary":"AI + Human Expert Security Testing","updated":"2026-02-04T00:00:00Z"},{"slug":"fortify-webinspect","name":"Fortify WebInspect","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.opentext.com/products/fortify-webinspect","url":"https://appsecsanta.com/fortify-webinspect","summary":"OpenText Enterprise DAST","updated":"2026-02-04T00:00:00Z"},{"slug":"fortify-webinspect-agent","name":"Fortify WebInspect Agent (IAST)","category":"iast","category_name":"IAST","status":"active","license":"Commercial","website":"https://www.opentext.com/products/fortify-webinspect","url":"https://appsecsanta.com/fortify-webinspect-agent","summary":"Runtime Code-Level Reporting","updated":"2026-02-07T00:00:00Z"},{"slug":"fossa","name":"FOSSA","category":"sca","category_name":"SCA","status":"active","license":"Freemium","website":"https://fossa.com/","url":"https://appsecsanta.com/fossa","summary":"Enterprise License Compliance","updated":"2026-02-02T00:00:00Z","github":"https://github.com/fossas/fossa-cli"},{"slug":"frida","name":"Frida","category":"mobile","category_name":"Mobile Security","status":"active","license":"wxWindows Library Licence (open source)","website":"https://frida.re/","url":"https://appsecsanta.com/frida","summary":"Runtime mobile app instrumentation","updated":"2026-03-31T00:00:00Z","github":"https://github.com/frida/frida","github_stars":19700},{"slug":"fuzzyai","name":"FuzzyAI","category":"ai-security","category_name":"AI Security","status":"active","license":"open-source","website":"https://github.com/cyberark/FuzzyAI","url":"https://appsecsanta.com/fuzzyai","summary":"CyberArk's open-source LLM jailbreak fuzzer","updated":"2026-03-23T00:00:00Z","github":"https://github.com/cyberark/FuzzyAI","github_stars":1300},{"slug":"galileo-ai","name":"Galileo AI","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://galileo.ai/","url":"https://appsecsanta.com/galileo-ai","summary":"AI Evaluation Intelligence with Luna Models","updated":"2026-04-03T00:00:00Z"},{"slug":"garak","name":"Garak","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/NVIDIA/garak","url":"https://appsecsanta.com/garak","summary":"NVIDIA's LLM Vulnerability Scanner","updated":"2026-02-02T00:00:00Z","github":"https://github.com/NVIDIA/garak","github_stars":7e3},{"slug":"ghidra","name":"Ghidra","category":"mobile","category_name":"Mobile Security","status":"active","license":"Apache License 2.0 (open source)","website":"https://ghidra-sre.org/","url":"https://appsecsanta.com/ghidra","summary":"NSA Reverse Engineering Framework","updated":"2026-05-05T00:00:00Z","github":"https://github.com/NationalSecurityAgency/ghidra","github_stars":67300},{"slug":"giskard","name":"Giskard","category":"ai-security","category_name":"AI Security","status":"active","license":"Freemium (Open-Source + Commercial)","website":"https://www.giskard.ai/","url":"https://appsecsanta.com/giskard","summary":"LLM testing and red teaming framework","updated":"2026-03-19T00:00:00Z","github":"https://github.com/Giskard-AI/giskard","github_stars":5200},{"slug":"gitguardian","name":"GitGuardian","category":"secret-scanning","category_name":"Secrets","status":"active","license":"Freemium","website":"https://www.gitguardian.com/","url":"https://appsecsanta.com/gitguardian","summary":"Enterprise Secrets Detection","updated":"2026-04-18T00:00:00Z"},{"slug":"github-codeql","name":"GitHub CodeQL","category":"sast","category_name":"SAST","status":"active","license":"Free for open-source, Commercial for private repos","website":"https://codeql.github.com/","url":"https://appsecsanta.com/github-codeql","summary":"Semantic Analysis, GitHub Native","updated":"2026-02-02T00:00:00Z"},{"slug":"dependabot","name":"GitHub Dependabot","category":"sca","category_name":"SCA","status":"active","license":"Free (GitHub native)","website":"https://docs.github.com/en/code-security/dependabot","url":"https://appsecsanta.com/dependabot","summary":"GitHub-Native Dependency Security","updated":"2026-02-04T00:00:00Z"},{"slug":"gitlab-dast","name":"GitLab DAST","category":"dast","category_name":"DAST","status":"active","license":"Commercial (GitLab Ultimate)","website":"https://docs.gitlab.com/ee/user/application_security/dast/","url":"https://appsecsanta.com/gitlab-dast","summary":"Native GitLab CI/CD Integration","updated":"2026-02-04T00:00:00Z"},{"slug":"gitlab-sast","name":"GitLab SAST","category":"sast","category_name":"SAST","status":"active","license":"Included with GitLab (Free tier: limited, Premium/Ultimate: full features)","website":"https://docs.gitlab.com/user/application_security/sast/","url":"https://appsecsanta.com/gitlab-sast","summary":"Built-in CI scanning","updated":"2026-02-12T00:00:00Z"},{"slug":"gitleaks","name":"Gitleaks","category":"secret-scanning","category_name":"Secrets","status":"active","license":"Free (Open-Source, MIT)","website":"https://gitleaks.io/","url":"https://appsecsanta.com/gitleaks","summary":"Git secret scanner","updated":"2026-02-12T00:00:00Z","github":"https://github.com/gitleaks/gitleaks","github_stars":25900},{"slug":"gosec","name":"gosec","category":"sast","category_name":"SAST","status":"active","license":"Free/OSS","website":"https://securego.io/","url":"https://appsecsanta.com/gosec","summary":"Go Security Linter","updated":"2026-02-04T00:00:00Z","github":"https://github.com/securego/gosec","github_stars":8700},{"slug":"graudit","name":"Graudit","category":"sast","category_name":"SAST","status":"active","license":"Free (Open-Source, GPL-3.0)","website":"https://github.com/wireghoul/graudit","url":"https://appsecsanta.com/graudit","summary":"Grep-Based Code Auditing","updated":"2026-02-04T00:00:00Z","github":"https://github.com/wireghoul/graudit","github_stars":1700},{"slug":"guardrails-ai","name":"Guardrails AI","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source) and Commercial","website":"https://www.guardrailsai.com/","url":"https://appsecsanta.com/guardrails-ai","summary":"Open-Source LLM Validation with Guardrails Hub","updated":"2026-04-03T00:00:00Z","github":"https://github.com/guardrails-ai/guardrails","github_stars":6600},{"slug":"guardsquare","name":"Guardsquare","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial (ProGuard is Open Source)","website":"https://www.guardsquare.com","url":"https://appsecsanta.com/guardsquare","summary":"Deep Code Obfuscation for Mobile Apps","updated":"2026-02-22T00:00:00Z"},{"slug":"harbor","name":"Harbor","category":"container-security","category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://goharbor.io/","url":"https://appsecsanta.com/harbor","summary":"CNCF Graduated, 30.5k Stars","updated":"2026-02-25T00:00:00Z","github":"https://github.com/goharbor/harbor","github_stars":30500},{"slug":"hcl-appscan","name":"HCL AppScan","category":"sast","category_name":"SAST","status":"active","license":"Commercial (AppScan CodeSweep is Free)","website":"https://www.hcl-software.com/appscan","url":"https://appsecsanta.com/hcl-appscan","summary":"Enterprise SAST with Free CodeSweep","updated":"2026-02-04T00:00:00Z"},{"slug":"hcl-appscan-dast","name":"HCL AppScan (DAST)","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.hcl-software.com/appscan","url":"https://appsecsanta.com/hcl-appscan-dast","summary":"Enterprise DAST with federal compliance","updated":"2026-02-04T00:00:00Z"},{"slug":"hcl-appscan-iast","name":"HCL AppScan IAST","category":"iast","category_name":"IAST","status":"active","license":"Commercial","website":"https://www.hcl-software.com/appscan/solutions/interactive-application-security-testing-iast","url":"https://appsecsanta.com/hcl-appscan-iast","summary":"Patented False Positive Reduction","updated":"2026-02-07T00:00:00Z"},{"slug":"hdiv-detection","name":"Hdiv Detection","category":"iast","category_name":"IAST","status":"acquired","license":"Commercial","website":"https://github.com/hdiv/hdiv","url":"https://appsecsanta.com/hdiv-detection","summary":"Runtime IAST with Zero False Positives (Acquired by Datadog)","updated":"2026-02-04T00:00:00Z"},{"slug":"hdiv-protection","name":"Hdiv Protection","category":"rasp","category_name":"RASP","status":"acquired","license":"Commercial","website":"https://web.archive.org/web/2023*/https://www.hdivsecurity.com/","url":"https://appsecsanta.com/hdiv-protection","summary":"Hdiv Suite (Acquired by Datadog)","updated":"2026-02-02T00:00:00Z"},{"slug":"hiddenlayer","name":"HiddenLayer AISec","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://hiddenlayer.com","url":"https://appsecsanta.com/hiddenlayer","summary":"ML Model Security Platform — 48+ CVEs, 25+ Patents","updated":"2026-04-14T00:00:00Z"},{"slug":"holistic-ai","name":"Holistic AI","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.holisticai.com/","url":"https://appsecsanta.com/holistic-ai","summary":"End-to-end AI governance for compliance and risk management","updated":"2026-04-03T00:00:00Z"},{"slug":"hopper","name":"Hopper Disassembler","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial (Free trial available)","website":"https://www.hopperapp.com/","url":"https://appsecsanta.com/hopper","summary":"Native macOS reverse engineering","updated":"2026-04-20T00:00:00Z"},{"slug":"horusec","name":"Horusec","category":"sast","category_name":"SAST","status":"active","license":"Free/OSS (Apache 2.0)","website":"https://github.com/ZupIT/horusec","url":"https://appsecsanta.com/horusec","summary":"Multi-Language Open-Source Orchestrator","updated":"2026-02-04T00:00:00Z","github":"https://github.com/ZupIT/horusec","github_stars":1200},{"slug":"imperva-api-security","name":"Imperva API Security","category":"api-security","category_name":"API Security","status":"active","license":"Commercial","website":"https://www.imperva.com/products/api-security/","url":"https://appsecsanta.com/imperva-api-security","summary":"ML-driven API discovery and runtime protection, part of Thales","updated":"2026-03-23T00:00:00Z"},{"slug":"imperva-rasp","name":"Imperva RASP","category":"rasp","category_name":"RASP","status":"active","license":"Commercial","website":"https://www.imperva.com/products/runtime-application-self-protection-rasp/","url":"https://appsecsanta.com/imperva-rasp","summary":"Combines with Imperva WAF","updated":"2026-02-02T00:00:00Z"},{"slug":"infer","name":"Infer","category":"sast","category_name":"SAST","status":"active","license":"MIT","website":"https://fbinfer.com/","url":"https://appsecsanta.com/infer","summary":"Meta's Inter-Procedural Static Analyzer","updated":"2026-03-19T00:00:00Z","github":"https://github.com/facebook/infer","github_stars":15500},{"slug":"intruder","name":"Intruder","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.intruder.io","url":"https://appsecsanta.com/intruder","summary":"Unified Exposure Management Platform","updated":"2026-02-04T00:00:00Z"},{"slug":"invicti","name":"Invicti","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.invicti.com","url":"https://appsecsanta.com/invicti","summary":"Proof-Based Scanning","updated":"2026-02-04T00:00:00Z"},{"slug":"invicti-aspm","name":"Invicti ASPM","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.invicti.com/product/application-security-posture-management-aspm","url":"https://appsecsanta.com/invicti-aspm","summary":"Proof-Based ASPM with 99.98% Accuracy and 110+ Integrations","updated":"2026-02-06T00:00:00Z","github":"https://github.com/kondukto-io/kdt"},{"slug":"invicti-shark","name":"Invicti Shark (IAST)","category":"iast","category_name":"IAST","status":"active","license":"Commercial","website":"https://www.invicti.com/features/iast-scanning","url":"https://appsecsanta.com/invicti-shark","summary":"DAST+IAST Combined Scanning","updated":"2026-02-07T00:00:00Z"},{"slug":"jadx","name":"Jadx","category":"mobile","category_name":"Mobile Security","status":"active","license":"Apache License 2.0 (open source)","website":"https://github.com/skylot/jadx","url":"https://appsecsanta.com/jadx","summary":"Android DEX to Java decompiler","updated":"2026-02-12T00:00:00Z","github":"https://github.com/skylot/jadx","github_stars":48100},{"slug":"jfrog-xray","name":"JFrog Xray","category":"sca","category_name":"SCA","status":"active","license":"Commercial (Pro X, Enterprise X, or Enterprise+ subscription)","website":"https://jfrog.com/xray/","url":"https://appsecsanta.com/jfrog-xray","summary":"Binary Management Integration","updated":"2026-04-20T00:00:00Z"},{"slug":"jit","name":"Jit","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.jit.io","url":"https://appsecsanta.com/jit","summary":"AI Agent Platform for Product Security","updated":"2026-02-03T00:00:00Z"},{"slug":"k2-cyber-security","name":"K2 Cyber Security","category":"rasp","category_name":"RASP","status":"acquired","license":"Commercial","website":"https://newrelic.com","url":"https://appsecsanta.com/k2-cyber-security","summary":"RASP and IAST platform","updated":"2026-02-02T00:00:00Z"},{"slug":"kics","name":"KICS","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://kics.io/","url":"https://appsecsanta.com/kics","summary":"2,400+ Rego Queries for 22+ IaC Platforms","updated":"2026-02-02T00:00:00Z","github":"https://github.com/Checkmarx/kics","github_stars":2500},{"slug":"kingfisher","name":"Kingfisher","category":"secret-scanning","category_name":"Secrets","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://mongodb.github.io/kingfisher/","url":"https://appsecsanta.com/kingfisher","summary":"Validate and revoke leaked secrets","updated":"2026-04-27T00:00:00Z","github":"https://github.com/mongodb/kingfisher","github_stars":1e3},{"slug":"kiuwan","name":"Kiuwan Code Security","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://www.kiuwan.com/code-security-sast/","url":"https://appsecsanta.com/kiuwan","summary":"30+ Languages Including Legacy","updated":"2026-02-02T00:00:00Z"},{"slug":"klocwork","name":"Klocwork","category":"sast","category_name":"SAST","status":"active","license":"Commercial (with Free Trial)","website":"https://www.perforce.com/products/klocwork","url":"https://appsecsanta.com/klocwork","summary":"Safety-Certified C/C++ Analysis","updated":"2026-02-04T00:00:00Z"},{"slug":"knostic","name":"Knostic","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.knostic.ai/","url":"https://appsecsanta.com/knostic","summary":"Need-to-know access control for enterprise LLMs","updated":"2026-03-23T00:00:00Z"},{"slug":"kube-bench","name":"kube-bench","category":"container-security","category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://github.com/aquasecurity/kube-bench","url":"https://appsecsanta.com/kube-bench","summary":"CIS Benchmark Compliance, 7.9k Stars","updated":"2026-02-25T00:00:00Z","github":"https://github.com/aquasecurity/kube-bench","github_stars":7900},{"slug":"kubearmor","name":"KubeArmor","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://kubearmor.io/","url":"https://appsecsanta.com/kubearmor","summary":"LSM-based runtime enforcement","updated":"2026-02-25T00:00:00Z","github":"https://github.com/kubearmor/KubeArmor","github_stars":2100},{"slug":"kubescape","name":"Kubescape","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://kubescape.io","url":"https://appsecsanta.com/kubescape","summary":"CNCF Project, 25k+ Users","updated":"2026-02-09T00:00:00Z","github":"https://github.com/kubescape/kubescape","github_stars":11100},{"slug":"kyverno","name":"Kyverno","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://kyverno.io/","url":"https://appsecsanta.com/kyverno","summary":"Kubernetes-native policy management","updated":"2026-02-12T00:00:00Z","github":"https://github.com/kyverno/kyverno","github_stars":7400},{"slug":"lacework","name":"Lacework","category":"iac-security","category_name":"IaC Security","status":"acquired","license":"Commercial","website":"https://www.fortinet.com/products/forticnapp","url":"https://appsecsanta.com/lacework","summary":"Behavioral analytics CNAPP (Now FortiCNAPP)","updated":"2026-02-14T00:00:00Z"},{"slug":"lakera","name":"Lakera Guard","category":"ai-security","category_name":"AI Security","status":"acquired","license":"Commercial (with Free tier)","website":"https://www.lakera.ai/","url":"https://appsecsanta.com/lakera","summary":"Gandalf Game Creator, Enterprise API","updated":"2026-02-02T00:00:00Z"},{"slug":"lasso-security","name":"Lasso Security","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.lasso.security/","url":"https://appsecsanta.com/lasso-security","summary":"End-to-End GenAI Security with Shadow AI Discovery","updated":"2026-04-03T00:00:00Z"},{"slug":"legit-security","name":"Legit Security","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.legitsecurity.com","url":"https://appsecsanta.com/legit-security","summary":"AI-Native Software Supply Chain ASPM","updated":"2026-02-22T00:00:00Z"},{"slug":"levo-ai","name":"Levo.ai","category":"api-security","category_name":"API Security","status":"active","license":"Commercial","website":"https://www.levo.ai","url":"https://appsecsanta.com/levo-ai","summary":"eBPF-Powered API Auto-Discovery","updated":"2026-02-22T00:00:00Z"},{"slug":"llm-guard","name":"LLM Guard","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/protectai/llm-guard","url":"https://appsecsanta.com/llm-guard","summary":"Open-Source LLM Guardrails","updated":"2026-05-05T00:00:00Z","github":"https://github.com/protectai/llm-guard","github_stars":2500},{"slug":"mayhem","name":"Mayhem","category":"dast","category_name":"DAST","status":"acquired","license":"commercial","website":"https://www.mayhem.security/","url":"https://appsecsanta.com/mayhem","summary":"DARPA challenge-winning autonomous fuzzing platform","updated":"2026-03-23T00:00:00Z"},{"slug":"mcp-scan","name":"MCP-Scan","category":"ai-security","category_name":"AI Security","status":"acquired","license":"Free (Open-Source)","website":"https://github.com/invariantlabs-ai/mcp-scan","url":"https://appsecsanta.com/mcp-scan","summary":"Security Scanner for MCP Servers and Agent Skills","updated":"2026-04-03T00:00:00Z","github":"https://github.com/invariantlabs-ai/mcp-scan","github_stars":2e3},{"slug":"mend-sast","name":"Mend SAST","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://www.mend.io/sast/","url":"https://appsecsanta.com/mend-sast","summary":"Agentic SAST for AI-Generated Code","updated":"2026-04-14T00:00:00Z"},{"slug":"mend-sca","name":"Mend SCA","category":"sca","category_name":"SCA","status":"active","license":"Commercial","website":"https://www.mend.io/","url":"https://appsecsanta.com/mend-sca","summary":"Forrester Strong Performer, Auto-Remediation","updated":"2026-02-04T00:00:00Z"},{"slug":"mindgard","name":"Mindgard","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://mindgard.ai/","url":"https://appsecsanta.com/mindgard","summary":"DAST-AI Continuous Red Teaming","updated":"2026-02-10T00:00:00Z"},{"slug":"mitmproxy","name":"mitmproxy","category":"mobile","category_name":"Mobile Security","status":"active","license":"MIT License (open source)","website":"https://www.mitmproxy.org/","url":"https://appsecsanta.com/mitmproxy","summary":"Free CLI HTTPS intercepting proxy for mobile and API testing","updated":"2026-04-20T00:00:00Z","github":"https://github.com/mitmproxy/mitmproxy","github_stars":43162},{"slug":"mobsf","name":"MobSF","category":"mobile","category_name":"Mobile Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/MobSF/Mobile-Security-Framework-MobSF","url":"https://appsecsanta.com/mobsf","summary":"Open-Source All-in-One Mobile","updated":"2026-03-24T00:00:00Z","github":"https://github.com/MobSF/Mobile-Security-Framework-MobSF","github_stars":20700},{"slug":"modsecurity","name":"ModSecurity","category":"rasp","category_name":"RASP","status":"active","license":"Apache License 2.0","website":"https://modsecurity.org","url":"https://appsecsanta.com/modsecurity","summary":"Open-Source WAF Engine","updated":"2026-02-12T00:00:00Z","github":"https://github.com/owasp-modsecurity/ModSecurity","github_stars":9500},{"slug":"mondoo","name":"Mondoo","category":"iac-security","category_name":"IaC Security","status":"active","license":"Source Available (BUSL-1.1) / Commercial (Platform)","website":"https://mondoo.com","url":"https://appsecsanta.com/mondoo","summary":"Policy as Code for Full-Stack Security","updated":"2026-02-22T00:00:00Z","github":"https://github.com/mondoohq/cnspec","github_stars":399},{"slug":"neuraltrust","name":"NeuralTrust","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://neuraltrust.ai/","url":"https://appsecsanta.com/neuraltrust","summary":"AI Gateway, Red Teaming \u0026 Agent Security","updated":"2026-04-03T00:00:00Z","github":"https://github.com/NeuralTrust"},{"slug":"neuvector","name":"NeuVector","category":"container-security","category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://www.suse.com/neuvector/","url":"https://appsecsanta.com/neuvector","summary":"Full-lifecycle container security with Layer 7 firewall","updated":"2026-02-25T00:00:00Z","github":"https://github.com/neuvector/neuvector","github_stars":1300},{"slug":"nikto","name":"Nikto","category":"dast","category_name":"DAST","status":"active","license":"Free (Open-Source)","website":"https://github.com/sullo/nikto","url":"https://appsecsanta.com/nikto","summary":"Fast Web Server Scanner","updated":"2026-04-20T00:00:00Z","github":"https://github.com/sullo/nikto","github_stars":10279},{"slug":"nodejsscan","name":"NodeJSScan","category":"sast","category_name":"SAST","status":"active","license":"Free/OSS","website":"https://github.com/ajinabraham/nodejsscan","url":"https://appsecsanta.com/nodejsscan","summary":"Node.js Security Scanner","updated":"2026-02-04T00:00:00Z","github":"https://github.com/ajinabraham/nodejsscan","github_stars":2500},{"slug":"noma-security","name":"Noma Security","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://noma.security/","url":"https://appsecsanta.com/noma-security","summary":"Unified AI Agent Security with 1,300% ARR Growth","updated":"2026-04-03T00:00:00Z"},{"slug":"noname-security","name":"Noname Security","category":"api-security","category_name":"API Security","status":"acquired","license":"Commercial","website":"https://www.akamai.com","url":"https://appsecsanta.com/noname-security","summary":"API Security Platform (Acquired by Akamai)","updated":"2026-02-15T00:00:00Z"},{"slug":"nowsecure","name":"NowSecure","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.nowsecure.com","url":"https://appsecsanta.com/nowsecure","summary":"Privacy \u0026 Data Protection Analysis","updated":"2026-02-04T00:00:00Z"},{"slug":"nuclei","name":"Nuclei","category":"dast","category_name":"DAST","status":"active","license":"Free (Open-Source)","website":"https://docs.projectdiscovery.io/","url":"https://appsecsanta.com/nuclei","summary":"Template-Based OSS Scanner","updated":"2026-04-21T00:00:00Z","github":"https://github.com/projectdiscovery/nuclei","github_stars":28015},{"slug":"nemo-guardrails","name":"NVIDIA NeMo Guardrails","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/NVIDIA/NeMo-Guardrails","url":"https://appsecsanta.com/nemo-guardrails","summary":"NVIDIA's Programmable LLM Guardrails","updated":"2026-02-04T00:00:00Z","github":"https://github.com/NVIDIA/NeMo-Guardrails","github_stars":5600},{"slug":"objection","name":"Objection","category":"mobile","category_name":"Mobile Security","status":"active","license":"GPL-3.0 (open source)","website":"https://github.com/sensepost/objection","url":"https://appsecsanta.com/objection","summary":"Mobile pentesting without jailbreak","updated":"2026-03-31T00:00:00Z","github":"https://github.com/sensepost/objection","github_stars":8900},{"slug":"onyx-security","name":"Onyx Security","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://onyx.security/","url":"https://appsecsanta.com/onyx-security","summary":"Secure AI Control Plane for Enterprise Agents","updated":"2026-04-03T00:00:00Z"},{"slug":"opa-gatekeeper","name":"OPA Gatekeeper","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://open-policy-agent.github.io/gatekeeper/","url":"https://appsecsanta.com/opa-gatekeeper","summary":"OPA-based admission control","updated":"2026-04-14T00:00:00Z","github":"https://github.com/open-policy-agent/gatekeeper","github_stars":4100},{"slug":"openai-guardrails","name":"OpenAI Guardrails","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://openai.github.io/openai-guardrails-python/","url":"https://appsecsanta.com/openai-guardrails","summary":"Drop-In Safety Wrapper for OpenAI Agents","updated":"2026-04-03T00:00:00Z","github":"https://github.com/openai/openai-guardrails-python","github_stars":195},{"slug":"opengrep","name":"OpenGrep","category":"sast","category_name":"SAST","status":"active","license":"LGPL-2.1","website":"https://opengrep.dev","url":"https://appsecsanta.com/opengrep","summary":"Community Fork, Taint Analysis, 30+ Languages","updated":"2026-02-18T00:00:00Z","github":"https://github.com/opengrep/opengrep","github_stars":2144},{"slug":"openrasp","name":"OpenRASP","category":"rasp","category_name":"RASP","status":"deprecated","license":"Free (Open-Source)","website":"https://github.com/baidu/openrasp","url":"https://appsecsanta.com/openrasp","summary":"Most Popular Open-Source RASP","updated":"2026-02-02T00:00:00Z","github":"https://github.com/baidu/openrasp","github_stars":2900},{"slug":"debricked","name":"OpenText Core SCA (Debricked)","category":"sca","category_name":"SCA","status":"active","license":"Freemium","website":"https://debricked.com/","url":"https://appsecsanta.com/debricked","summary":"Fortify Integration, Developer-Friendly","updated":"2026-04-23T00:00:00Z"},{"slug":"fortify-static-code-analyzer","name":"OpenText Fortify","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://www.opentext.com/products/static-application-security-testing","url":"https://appsecsanta.com/fortify-static-code-analyzer","summary":"33+ Languages including COBOL and ABAP","updated":"2026-04-20T00:00:00Z"},{"slug":"orca-security","name":"Orca Security","category":"iac-security","category_name":"IaC Security","status":"active","license":"Commercial","website":"https://orca.security","url":"https://appsecsanta.com/orca-security","summary":"Patented SideScanning technology","updated":"2026-02-12T00:00:00Z"},{"slug":"ostorlab","name":"Ostorlab","category":"mobile","category_name":"Mobile Security","status":"active","license":"Freemium","website":"https://ostorlab.co","url":"https://appsecsanta.com/ostorlab","summary":"Open-Source Core + Enterprise","updated":"2026-04-21T00:00:00Z","github":"https://github.com/Ostorlab/oxo","github_stars":560},{"slug":"osv-scanner","name":"OSV-Scanner","category":"sca","category_name":"SCA","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://google.github.io/osv-scanner/","url":"https://appsecsanta.com/osv-scanner","summary":"Google-Backed OSV Database Scanner","updated":"2026-03-31T00:00:00Z","github":"https://github.com/google/osv-scanner"},{"slug":"oversecured","name":"Oversecured","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://oversecured.com","url":"https://appsecsanta.com/oversecured","summary":"99.8% Detection Accuracy","updated":"2026-05-05T00:00:00Z"},{"slug":"owasp-dependency-check","name":"OWASP Dependency-Check","category":"sca","category_name":"SCA","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://owasp.org/www-project-dependency-check/","url":"https://appsecsanta.com/owasp-dependency-check","summary":"Long-Standing Open-Source SCA","updated":"2026-02-02T00:00:00Z","github":"https://github.com/dependency-check/DependencyCheck","github_stars":7400},{"slug":"dependency-track","name":"OWASP Dependency-Track","category":"sca","category_name":"SCA","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://dependencytrack.org/","url":"https://appsecsanta.com/dependency-track","summary":"SBOM-First Vulnerability Management","updated":"2026-02-04T00:00:00Z","github":"https://github.com/DependencyTrack/dependency-track","github_stars":3600},{"slug":"ox-security","name":"OX Security","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.ox.security","url":"https://appsecsanta.com/ox-security","summary":"Active ASPM with PBOM","updated":"2026-04-30T00:00:00Z"},{"slug":"parasoft","name":"Parasoft","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://www.parasoft.com/","url":"https://appsecsanta.com/parasoft","summary":"Compliance-first SAST for automotive, aerospace \u0026 medical device software","updated":"2026-03-23T00:00:00Z"},{"slug":"pentest-tools","name":"Pentest Tools","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://pentest-tools.com/","url":"https://appsecsanta.com/pentest-tools","summary":"Cloud-Based Pentest Platform","updated":"2026-02-04T00:00:00Z"},{"slug":"phoenix-security","name":"Phoenix Security","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://phoenix.security","url":"https://appsecsanta.com/phoenix-security","summary":"Threat-centric ASPM with ownership attribution and AI PR remediation","updated":"2026-04-29T00:00:00Z"},{"slug":"phpstan","name":"PHPStan","category":"sast","category_name":"SAST","status":"active","license":"MIT","website":"https://phpstan.org/","url":"https://appsecsanta.com/phpstan","summary":"PHP Static Analysis with Progressive Strictness","updated":"2026-04-21T00:00:00Z","github":"https://github.com/phpstan/phpstan","github_stars":13900},{"slug":"phylum","name":"Phylum","category":"sca","category_name":"SCA","status":"acquired","license":"Commercial (acquired by Veracode)","website":"https://www.phylum.io/","url":"https://appsecsanta.com/phylum","summary":"Malicious Package Detection Engine","updated":"2026-02-22T00:00:00Z","github":"https://github.com/phylum-dev"},{"slug":"pmd","name":"PMD","category":"sast","category_name":"SAST","status":"active","license":"Free/OSS","website":"https://pmd.github.io/","url":"https://appsecsanta.com/pmd","summary":"Multi-Language Code Analyzer","updated":"2026-02-04T00:00:00Z","github":"https://github.com/pmd/pmd","github_stars":5300},{"slug":"prisma-cloud","name":"Prisma Cloud","category":"iac-security","category_name":"IaC Security","status":"active","license":"Commercial","website":"https://www.paloaltonetworks.com/prisma/cloud","url":"https://appsecsanta.com/prisma-cloud","summary":"Unified CNAPP with Checkov-powered IaC scanning","updated":"2026-02-14T00:00:00Z"},{"slug":"probely","name":"Probely","category":"dast","category_name":"DAST","status":"acquired","license":"Commercial","website":"https://snyk.io/product/dast-api-web/","url":"https://appsecsanta.com/probely","summary":"Now Snyk DAST - DevOps-Friendly with API Scanning","updated":"2026-02-04T00:00:00Z"},{"slug":"prompt-inspector","name":"Prompt Inspector","category":"ai-security","category_name":"AI Security","status":"deprecated","license":"Free (Open-Source) and Commercial","website":"https://promptinspector.io/","url":"https://appsecsanta.com/prompt-inspector","summary":"Multi-layer prompt injection detection for LLM applications","updated":"2026-04-03T00:00:00Z","github":"https://github.com/aunicall/prompt-inspector"},{"slug":"prompt-security","name":"Prompt Security","category":"ai-security","category_name":"AI Security","status":"acquired","license":"Commercial","website":"https://prompt.security/","url":"https://appsecsanta.com/prompt-security","summary":"GenAI Firewall, Shadow AI Detection","updated":"2026-02-10T00:00:00Z"},{"slug":"promptfoo","name":"Promptfoo","category":"ai-security","category_name":"AI Security","status":"acquired","license":"Free (Open-Source) and Commercial","website":"https://www.promptfoo.dev/","url":"https://appsecsanta.com/promptfoo","summary":"LLM Evaluation \u0026 Red Teaming CLI","updated":"2026-02-02T00:00:00Z","github":"https://github.com/promptfoo/promptfoo","github_stars":13200},{"slug":"protect-ai-guardian","name":"Protect AI Guardian","category":"ai-security","category_name":"AI Security","status":"acquired","license":"Commercial","website":"https://protectai.com/guardian","url":"https://appsecsanta.com/protect-ai-guardian","summary":"MLSecOps Platform (Now Palo Alto Networks)","updated":"2026-02-04T00:00:00Z"},{"slug":"protecto","name":"Protecto","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.protecto.ai/","url":"https://appsecsanta.com/protecto","summary":"Context Security \u0026 Data Privacy for AI Agents","updated":"2026-04-03T00:00:00Z"},{"slug":"psalm","name":"Psalm","category":"sast","category_name":"SAST","status":"active","license":"MIT","website":"https://psalm.dev/","url":"https://appsecsanta.com/psalm","summary":"PHP Type Safety + Security Taint Analysis","updated":"2026-03-19T00:00:00Z","github":"https://github.com/vimeo/psalm","github_stars":5800},{"slug":"pt-application-inspector","name":"PT Application Inspector","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://www.ptsecurity.com/ww-en/products/ai/","url":"https://appsecsanta.com/pt-application-inspector","summary":"SAST+DAST+IAST+SCA Combined","updated":"2026-02-04T00:00:00Z"},{"slug":"pyrit","name":"PyRIT","category":"ai-security","category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/Azure/PyRIT","url":"https://appsecsanta.com/pyrit","summary":"Microsoft's AI Red Team Framework","updated":"2026-02-02T00:00:00Z","github":"https://github.com/Azure/PyRIT","github_stars":3400},{"slug":"qodana","name":"Qodana","category":"sast","category_name":"SAST","status":"active","license":"Commercial (Free tier available)","website":"https://www.jetbrains.com/qodana/","url":"https://appsecsanta.com/qodana","summary":"JetBrains IDE Inspections in CI/CD","updated":"2026-02-04T00:00:00Z"},{"slug":"qualys-was","name":"Qualys WAS","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.qualys.com/apps/web-app-scanning/","url":"https://appsecsanta.com/qualys-was","summary":"AI-Powered Cloud DAST","updated":"2026-02-04T00:00:00Z"},{"slug":"qwiet-ai","name":"Qwiet AI","category":"sca","category_name":"SCA","status":"acquired","license":"Commercial","website":"https://www.harness.io/products/security-testing-orchestration","url":"https://appsecsanta.com/qwiet-ai","summary":"Now Harness STO - AI-Powered Reachability Analysis","updated":"2026-02-04T00:00:00Z"},{"slug":"radare2","name":"radare2","category":"mobile","category_name":"Mobile Security","status":"active","license":"LGPL-3.0 (open source)","website":"https://www.radare.org/","url":"https://appsecsanta.com/radare2","summary":"Multi-architecture binary analysis framework","updated":"2026-03-19T00:00:00Z","github":"https://github.com/radareorg/radare2","github_stars":23300},{"slug":"insightappsec","name":"Rapid7 InsightAppSec","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.rapid7.com/products/insightappsec/","url":"https://appsecsanta.com/insightappsec","summary":"Rapid7 Attack Replay DAST","updated":"2026-04-10T00:00:00Z"},{"slug":"rebuff","name":"Rebuff","category":"ai-security","category_name":"AI Security","status":"deprecated","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/protectai/rebuff","url":"https://appsecsanta.com/rebuff","summary":"Open-Source Prompt Injection SDK","updated":"2026-02-02T00:00:00Z","github":"https://github.com/protectai/rebuff","github_stars":1400},{"slug":"stackrox","name":"Red Hat Advanced Cluster Security (StackRox)","category":"container-security","category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0) + Commercial","website":"https://www.redhat.com/en/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes","url":"https://appsecsanta.com/stackrox","summary":"Kubernetes-native security across build, deploy, and runtime","updated":"2026-03-19T00:00:00Z","github":"https://github.com/stackrox/stackrox","github_stars":1300},{"slug":"renovate","name":"Renovate","category":"sca","category_name":"SCA","status":"active","license":"Free (Open-Source, AGPL-3.0)","website":"https://www.mend.io/renovate/","url":"https://appsecsanta.com/renovate","summary":"Automated Dependency Updates","updated":"2026-02-04T00:00:00Z","github":"https://github.com/renovatebot/renovate","github_stars":20700},{"slug":"reshift","name":"Reshift","category":"sast","category_name":"SAST","status":"deprecated","license":"Commercial (Free for a single user)","website":"https://www.reshiftsecurity.com","url":"https://appsecsanta.com/reshift","summary":"Lightweight Node.js Focus","updated":"2026-02-07T00:00:00Z"},{"slug":"revenera-code-insight","name":"Revenera FlexNet Code Insight","category":"sca","category_name":"SCA","status":"active","license":"Commercial","website":"https://www.revenera.com/software-composition-analysis/products/flexnet-code-insight","url":"https://appsecsanta.com/revenera-code-insight","summary":"License Compliance \u0026 IP Protection Leader","updated":"2026-04-23T00:00:00Z"},{"slug":"salt-security","name":"Salt Security","category":"api-security","category_name":"API Security","status":"active","license":"Commercial","website":"https://salt.security/","url":"https://appsecsanta.com/salt-security","summary":"AI/ML-Powered API Discovery \u0026 Protection","updated":"2026-02-02T00:00:00Z"},{"slug":"scanoss","name":"SCANOSS","category":"sca","category_name":"SCA","status":"active","license":"Freemium","website":"https://www.scanoss.com","url":"https://appsecsanta.com/scanoss","summary":"Lightweight Open-Source SCA","updated":"2026-02-02T00:00:00Z","github":"https://github.com/scanoss/scanoss.py","github_stars":38},{"slug":"seeker-iast","name":"Seeker IAST","category":"iast","category_name":"IAST","status":"active","license":"Commercial","website":"https://www.blackduck.com","url":"https://appsecsanta.com/seeker-iast","summary":"Active Vulnerability Verification","updated":"2026-02-07T00:00:00Z"},{"slug":"seemplicity","name":"Seemplicity","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://seemplicity.io","url":"https://appsecsanta.com/seemplicity","summary":"AI-Powered Remediation Operations","updated":"2026-02-03T00:00:00Z"},{"slug":"semgrep","name":"Semgrep","category":"sast","category_name":"SAST","status":"active","license":"LGPL-2.1 (CE) / Commercial (Platform)","website":"https://semgrep.dev","url":"https://appsecsanta.com/semgrep","summary":"Free CE Engine + Commercial AppSec Platform","updated":"2026-04-21T00:00:00Z","github":"https://github.com/semgrep/semgrep","github_stars":14870},{"slug":"sentinel-dynamic","name":"Sentinel Dynamic","category":"dast","category_name":"DAST","status":"renamed","license":"Commercial","website":"https://www.blackduck.com/dast/continuous-dynamic.html","url":"https://appsecsanta.com/sentinel-dynamic","summary":"WhiteHat Security DAST (Now Black Duck Continuous Dynamic)","updated":"2026-02-04T00:00:00Z"},{"slug":"signal-sciences","name":"Signal Sciences","category":"rasp","category_name":"RASP","status":"acquired","license":"Commercial","website":"https://www.fastly.com/products/web-application-api-protection","url":"https://appsecsanta.com/signal-sciences","summary":"Now Fastly Next-Gen WAF","updated":"2026-02-02T00:00:00Z"},{"slug":"skyrelis","name":"Skyrelis","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://skyrelis.com/","url":"https://appsecsanta.com/skyrelis","summary":"Always-On Security for LLM Multi-Agent Workflows","updated":"2026-04-03T00:00:00Z"},{"slug":"snyk","name":"Snyk","category":"sca","category_name":"SCA","status":"active","license":"Freemium","website":"https://snyk.io/","url":"https://appsecsanta.com/snyk","summary":"All-in-One Developer Security","updated":"2026-02-14T00:00:00Z"},{"slug":"snyk-apprisk","name":"Snyk AppRisk","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://snyk.io/product/snyk-apprisk/","url":"https://appsecsanta.com/snyk-apprisk","summary":"ASPM module inside Snyk that prioritises by exploit reachability and business impact","updated":"2026-04-29T00:00:00Z"},{"slug":"snyk-code","name":"Snyk Code","category":"sast","category_name":"SAST","status":"active","license":"Commercial (Free tier available)","website":"https://snyk.io/product/snyk-code/","url":"https://appsecsanta.com/snyk-code","summary":"Developer-First SAST with AI-Powered Fix Suggestions","updated":"2026-02-02T00:00:00Z"},{"slug":"snyk-container","name":"Snyk Container","category":"sca","category_name":"SCA","status":"active","license":"Freemium","website":"https://snyk.io/product/container-vulnerability-management/","url":"https://appsecsanta.com/snyk-container","summary":"Developer-first container security","updated":"2026-02-25T00:00:00Z"},{"slug":"snyk-iac","name":"Snyk IaC","category":"iac-security","category_name":"IaC Security","status":"active","license":"Freemium","website":"https://snyk.io/product/infrastructure-as-code-security/","url":"https://appsecsanta.com/snyk-iac","summary":"IDE, CLI \u0026 CI/CD Integration","updated":"2026-02-04T00:00:00Z"},{"slug":"snyk-open-source","name":"Snyk Open Source","category":"sca","category_name":"SCA","status":"active","license":"Freemium","website":"https://snyk.io/product/open-source-security-management/","url":"https://appsecsanta.com/snyk-open-source","summary":"Developer-First SCA with Automated Fix PRs","updated":"2026-04-10T00:00:00Z","github":"https://github.com/snyk/cli"},{"slug":"socket","name":"Socket","category":"sca","category_name":"SCA","status":"active","license":"Commercial (with Free tier for open source)","website":"https://socket.dev","url":"https://appsecsanta.com/socket","summary":"Detects Malware, Not Just CVEs","updated":"2026-02-02T00:00:00Z"},{"slug":"software-risk-manager","name":"Software Risk Manager","category":"aspm","category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.blackduck.com/software-risk-manager.html","url":"https://appsecsanta.com/software-risk-manager","summary":"150+ Tool Integrations for ASPM","updated":"2026-02-04T00:00:00Z"},{"slug":"sonarlint","name":"SonarLint","category":"sast","category_name":"SAST","status":"active","license":"Free (LGPL-3.0) + Commercial Features with SonarQube/SonarCloud","website":"https://www.sonarsource.com/products/sonarqube/ide/","url":"https://appsecsanta.com/sonarlint","summary":"Real-time IDE analysis","updated":"2026-02-20T00:00:00Z","github":"https://github.com/SonarSource/sonarlint-intellij","github_stars":631},{"slug":"sonarqube","name":"SonarQube","category":"sast","category_name":"SAST","status":"active","license":"Commercial (with Free Community Build)","website":"https://www.sonarqube.org/features/security/","url":"https://appsecsanta.com/sonarqube","summary":"35+ Languages, Code Quality + Security","updated":"2026-05-05T00:00:00Z","github":"https://github.com/SonarSource/sonarqube","github_stars":10300},{"slug":"nexus-lifecycle","name":"Sonatype Lifecycle","category":"sca","category_name":"SCA","status":"active","license":"Commercial","website":"https://www.sonatype.com/products/sonatype-lifecycle","url":"https://appsecsanta.com/nexus-lifecycle","summary":"Repository firewall + SDLC integration","updated":"2026-02-04T00:00:00Z"},{"slug":"spotbugs","name":"SpotBugs","category":"sast","category_name":"SAST","status":"active","license":"Free/OSS (LGPL-2.1)","website":"https://spotbugs.github.io/","url":"https://appsecsanta.com/spotbugs","summary":"Java Bug Pattern Detection","updated":"2026-02-04T00:00:00Z","github":"https://github.com/spotbugs/spotbugs","github_stars":3800},{"slug":"stackhawk","name":"StackHawk","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.stackhawk.com","url":"https://appsecsanta.com/stackhawk","summary":"Developer-First CI/CD DAST","updated":"2026-02-22T00:00:00Z"},{"slug":"syft","name":"Syft","category":"sca","category_name":"SCA","status":"active","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/anchore/syft","url":"https://appsecsanta.com/syft","summary":"SBOM generation tool","updated":"2026-02-27T00:00:00Z","github":"https://github.com/anchore/syft","github_stars":8400},{"slug":"syhunt-dynamic","name":"Syhunt Dynamic","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.syhunt.com/en/index.php?n=Products.SyhuntDynamic","url":"https://appsecsanta.com/syhunt-dynamic","summary":"Multi-Platform DAST with Deep Crawling","updated":"2026-02-04T00:00:00Z"},{"slug":"sysdig-secure","name":"Sysdig Secure","category":"iac-security","category_name":"IaC Security","status":"active","license":"Commercial","website":"https://sysdig.com/","url":"https://appsecsanta.com/sysdig-secure","summary":"Runtime-first cloud security","updated":"2026-02-25T00:00:00Z"},{"slug":"talsec","name":"Talsec","category":"mobile","category_name":"Mobile Security","status":"active","license":"Freemium","website":"https://www.talsec.app/","url":"https://appsecsanta.com/talsec","summary":"RASP+ Protection with 2B+ Devices Protected","updated":"2026-02-04T00:00:00Z","github":"https://github.com/talsec/Free-RASP-Community","github_stars":446},{"slug":"tenable-io","name":"Tenable Web App Scanning","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.tenable.com/products/web-app-scanning","url":"https://appsecsanta.com/tenable-io","summary":"Nessus-Powered Cloud DAST with Attack Surface Management","updated":"2026-02-04T00:00:00Z"},{"slug":"terrascan","name":"Terrascan","category":"iac-security","category_name":"IaC Security","status":"deprecated","license":"Free (Open-Source, Apache 2.0)","website":"https://github.com/tenable/terrascan","url":"https://appsecsanta.com/terrascan","summary":"500+ Policies, OPA Engine","updated":"2026-02-04T00:00:00Z","github":"https://github.com/tenable/terrascan","github_stars":5200},{"slug":"tfsec","name":"tfsec","category":"iac-security","category_name":"IaC Security","status":"deprecated","license":"Free (Open-Source, MIT)","website":"https://aquasecurity.github.io/tfsec/","url":"https://appsecsanta.com/tfsec","summary":"Merged into Trivy","updated":"2026-02-12T00:00:00Z","github":"https://github.com/aquasecurity/tfsec","github_stars":5700},{"slug":"threadfix","name":"ThreadFix","category":"aspm","category_name":"ASPM","status":"deprecated","license":"Commercial","website":"https://coalfire.com/threadfix","url":"https://appsecsanta.com/threadfix","summary":"Kubernetes-Based Vulnerability Management","updated":"2026-04-30T00:00:00Z"},{"slug":"traceable-ai","name":"Traceable AI","category":"api-security","category_name":"API Security","status":"acquired","license":"Commercial","website":"https://www.harness.io/products/security-testing-orchestration","url":"https://appsecsanta.com/traceable-ai","summary":"Now Harness - API Security with Distributed Tracing","updated":"2026-02-02T00:00:00Z"},{"slug":"trivy","name":"Trivy","category":"iac-security","category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://trivy.dev/","url":"https://appsecsanta.com/trivy","summary":"Simple \u0026 Comprehensive Scanner","updated":"2026-02-02T00:00:00Z","github":"https://github.com/aquasecurity/trivy","github_stars":34637},{"slug":"trufflehog","name":"TruffleHog","category":"secret-scanning","category_name":"Secrets","status":"active","license":"Free (Open-Source, AGPL-3.0) + Commercial Plans","website":"https://trufflesecurity.com/trufflehog","url":"https://appsecsanta.com/trufflehog","summary":"Verify live secrets","updated":"2026-04-18T00:00:00Z","github":"https://github.com/trufflesecurity/trufflehog","github_stars":25700},{"slug":"vectara","name":"Vectara","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.vectara.com/","url":"https://appsecsanta.com/vectara","summary":"Governed Enterprise Agent Platform","updated":"2026-04-03T00:00:00Z"},{"slug":"veracode-dast","name":"Veracode Dynamic Analysis","category":"dast","category_name":"DAST","status":"active","license":"Commercial","website":"https://www.veracode.com/products/dynamic-analysis-dast","url":"https://appsecsanta.com/veracode-dast","summary":"Enterprise DAST with Full Platform Integration","updated":"2026-02-04T00:00:00Z"},{"slug":"veracode-sca","name":"Veracode SCA","category":"sca","category_name":"SCA","status":"active","license":"Commercial","website":"https://www.veracode.com/products/software-composition-analysis","url":"https://appsecsanta.com/veracode-sca","summary":"Open-Source Library Scanning","updated":"2026-04-23T00:00:00Z"},{"slug":"veracode-static-analysis","name":"Veracode Static Analysis","category":"sast","category_name":"SAST","status":"active","license":"Commercial","website":"https://www.veracode.com/security/static-code-analysis","url":"https://appsecsanta.com/veracode-static-analysis","summary":"Binary Analysis, No Source Needed","updated":"2026-04-10T00:00:00Z"},{"slug":"w3af","name":"w3af","category":"dast","category_name":"DAST","status":"deprecated","license":"Free (Open-Source, GPLv2)","website":"https://github.com/andresriancho/w3af","url":"https://appsecsanta.com/w3af","summary":"Limited Maintenance Web Scanner","updated":"2026-02-15T00:00:00Z","github":"https://github.com/andresriancho/w3af","github_stars":4400},{"slug":"wallarm","name":"Wallarm","category":"api-security","category_name":"API Security","status":"active","license":"Commercial","website":"https://www.wallarm.com/","url":"https://appsecsanta.com/wallarm","summary":"Integrated WAF + API Protection","updated":"2026-02-02T00:00:00Z"},{"slug":"wapiti","name":"Wapiti","category":"dast","category_name":"DAST","status":"active","license":"Free (Open-Source)","website":"https://wapiti-scanner.github.io/","url":"https://appsecsanta.com/wapiti","summary":"Python-Based Black-Box Web Scanner","updated":"2026-02-04T00:00:00Z","github":"https://github.com/wapiti-scanner/wapiti","github_stars":1600},{"slug":"waratek","name":"Waratek","category":"rasp","category_name":"RASP","status":"active","license":"Commercial","website":"https://www.waratek.com","url":"https://appsecsanta.com/waratek","summary":"Java Runtime Protection \u0026 Virtual Patching","updated":"2026-02-04T00:00:00Z"},{"slug":"whylabs","name":"WhyLabs","category":"ai-security","category_name":"AI Security","status":"acquired","license":"Free (Open-Source) and Commercial","website":"https://whylabs.ai/","url":"https://appsecsanta.com/whylabs","summary":"Privacy-preserving AI observability with open-source whylogs and LangKit","updated":"2026-04-03T00:00:00Z","github":"https://github.com/whylabs/whylogs","github_stars":2700},{"slug":"witnessai","name":"WitnessAI","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://witness.ai/","url":"https://appsecsanta.com/witnessai","summary":"Intent-Based AI Security \u0026 Governance","updated":"2026-04-03T00:00:00Z"},{"slug":"wiz","name":"Wiz","category":"iac-security","category_name":"IaC Security","status":"active","license":"Commercial","website":"https://www.wiz.io","url":"https://appsecsanta.com/wiz","summary":"Leader in agentless CNAPP","updated":"2026-02-12T00:00:00Z"},{"slug":"xage-security","name":"Xage Security","category":"ai-security","category_name":"AI Security","status":"active","license":"Commercial","website":"https://xage.com/","url":"https://appsecsanta.com/xage-security","summary":"Identity-Based Zero Trust for AI at Protocol Layer","updated":"2026-04-03T00:00:00Z"},{"slug":"zap","name":"ZAP (Zed Attack Proxy)","category":"dast","category_name":"DAST","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://www.zaproxy.org/","url":"https://appsecsanta.com/zap","summary":"Free Open-Source DAST Scanner","updated":"2026-02-04T00:00:00Z","github":"https://github.com/zaproxy/zaproxy","github_stars":14700},{"slug":"zerothreat","name":"ZeroThreat","category":"dast","category_name":"DAST","status":"active","license":"Freemium","website":"https://zerothreat.ai","url":"https://appsecsanta.com/zerothreat","summary":"AI-powered DAST with automated pentesting","updated":"2026-02-14T00:00:00Z"},{"slug":"zimperium-zscan","name":"Zimperium zScan","category":"mobile","category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://zimperium.com/maps/zscan","url":"https://appsecsanta.com/zimperium-zscan","summary":"Anti-Reversing \u0026 Tampering Validation","updated":"2026-02-04T00:00:00Z"}]}