{"@context":"https://appsecsanta.com/schemas/tools-index-v1","name":"AppSec Santa Tools Index","description":"Machine-readable catalog of 235 application security tool pages on AppSec Santa (204 active; the rest deprecated, acquired, or renamed but kept as historical reference). Designed for AI agents that need to compare, filter, or link to specific tools without crawling individual pages.","url":"https://appsecsanta.com/tools-index.json","license":"https://creativecommons.org/licenses/by/4.0/","attribution":"AppSec Santa (https://appsecsanta.com)","generated":"2026-06-16T01:59:34+03:00","version":1,"count":235,"total_tool_pages":235,"active_tool_count":204,"status_counts":{"active":204,"deprecated":9,"acquired":21,"renamed":1},"categories":[{"slug":"sast","name":"SAST","url":"https://appsecsanta.com/sast-tools","description":"Find vulnerabilities in source code before deployment"},{"slug":"sca","name":"SCA","url":"https://appsecsanta.com/sca-tools","description":"Detect risks across your dependency graph"},{"slug":"dast","name":"DAST","url":"https://appsecsanta.com/dast-tools","description":"Test running applications for security flaws"},{"slug":"iast","name":"IAST","url":"https://appsecsanta.com/iast-tools","description":"Detect vulnerabilities during application testing"},{"slug":"rasp","name":"RASP","url":"https://appsecsanta.com/rasp-tools","description":"Block attacks in real time from inside the app"},{"slug":"ai-security","name":"AI Security","url":"https://appsecsanta.com/ai-security-tools","description":"Secure LLM apps against prompt injection, jailbreaks, and data leakage"},{"slug":"api-security","name":"API Security","url":"https://appsecsanta.com/api-security-tools","description":"Discover, test, and protect your APIs"},{"slug":"iac-security","name":"IaC Security","url":"https://appsecsanta.com/iac-security-tools","description":"Catch misconfigurations in Terraform, CloudFormation \u0026 K8s"},{"slug":"aspm","name":"ASPM","url":"https://appsecsanta.com/aspm-tools","description":"Centralize and prioritize findings across tools"},{"slug":"mobile","name":"Mobile Security","url":"https://appsecsanta.com/mobile-security-tools","description":"Scan mobile apps for vulnerabilities and data leaks"},{"slug":"container-security","name":"Container Security","url":"https://appsecsanta.com/container-security-tools","description":"Scan images, secure K8s clusters \u0026 detect runtime threats"},{"slug":"secret-scanning","name":"Secrets","url":"https://appsecsanta.com/secret-scanning-tools","description":"Detect API keys, passwords, and tokens before they leak"}],"tools":[{"slug":"42crunch","logo":"/images/logos/42crunch.webp","name":"42Crunch","category":"api-security","also_in":[],"category_name":"API Security","status":"active","license":"Commercial (with Free tier)","website":"https://42crunch.com/","url":"https://appsecsanta.com/42crunch","summary":"OpenAPI Spec Audit \u0026 Conformance","updated":"2026-05-19T00:00:00Z"},{"slug":"7ai","logo":"/images/logos/7ai.svg","name":"7AI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://7ai.com/","url":"https://appsecsanta.com/7ai","summary":"AI SOC Agents with Dynamic Reasoning","updated":"2026-04-14T00:00:00Z"},{"slug":"accuknox","logo":"/images/logos/accuknox.png","name":"AccuKnox","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://accuknox.com","url":"https://appsecsanta.com/accuknox","summary":"ASPM with runtime visibility built on KubeArmor (eBPF/LSM)","updated":"2026-04-29T00:00:00Z"},{"slug":"acunetix","logo":"/images/logos/acunetix.webp","name":"Acunetix","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.acunetix.com","url":"https://appsecsanta.com/acunetix","summary":"Multi-Platform Easy-to-Use DAST","updated":"2026-05-19T00:00:00Z"},{"slug":"acunetix-acusensor","logo":"/images/logos/acunetix-acusensor.webp","name":"Acunetix AcuSensor","category":"iast","also_in":[],"category_name":"IAST","status":"active","license":"Commercial","website":"https://www.acunetix.com/vulnerability-scanner/acusensor-technology/","url":"https://appsecsanta.com/acunetix-acusensor","summary":"Line-of-Code Details","updated":"2026-05-19T00:00:00Z"},{"slug":"art","logo":"/images/logos/art.png","name":"Adversarial Robustness Toolbox (ART)","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source, MIT)","website":"https://adversarial-robustness-toolbox.readthedocs.io/","url":"https://appsecsanta.com/art","summary":"IBM's ML security library for adversarial attacks and defenses","updated":"2026-03-19T00:00:00Z","github":"https://github.com/Trusted-AI/adversarial-robustness-toolbox","github_stars":5900},{"slug":"agentic-radar","logo":"/images/logos/agentic-radar.webp","name":"Agentic Radar","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://splx.ai/resources/agentic-radar","url":"https://appsecsanta.com/agentic-radar","summary":"Security Scanner for LLM Agentic Workflows","updated":"2026-04-03T00:00:00Z","github":"https://github.com/splx-ai/agentic-radar","github_stars":942},{"slug":"aikido","logo":"/images/logos/aikido.webp","name":"Aikido Security","category":"aspm","also_in":["sast","sca","dast","container-security","iac-security"],"category_name":"ASPM","status":"active","license":"Commercial (Free tier available)","website":"https://www.aikido.dev","url":"https://appsecsanta.com/aikido","summary":"All-in-One AppSec with 95% Noise Reduction","updated":"2026-05-19T00:00:00Z"},{"slug":"akamai-api-security","logo":"/images/logos/akamai-api-security.webp","name":"Akamai API Security (Noname)","category":"api-security","also_in":[],"category_name":"API Security","status":"active","license":"Commercial","website":"https://www.akamai.com/products/api-security","url":"https://appsecsanta.com/akamai-api-security","summary":"Platform-Agnostic API Protection at Scale","updated":"2026-05-19T00:00:00Z"},{"slug":"akto","logo":"/images/logos/akto.webp","name":"Akto","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial (Free tier available)","website":"https://www.akto.io","url":"https://appsecsanta.com/akto","summary":"AI Agent \u0026 MCP Security Platform","updated":"2026-05-19T00:00:00Z"},{"slug":"alter-ai","logo":"/images/logos/alter-ai.webp","name":"Alter","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://alterauth.com/","url":"https://appsecsanta.com/alter-ai","summary":"Zero-Trust Access Control for AI Agents (YC S25)","updated":"2026-06-03T00:00:00Z"},{"slug":"anchore","logo":"/images/logos/anchore.webp","name":"Anchore","category":"sca","also_in":["container-security"],"category_name":"SCA","status":"active","license":"Commercial (Open-Source tools available)","website":"https://anchore.com/","url":"https://appsecsanta.com/anchore","summary":"SBOM-First Container Security Platform","updated":"2026-02-25T00:00:00Z","github":"https://github.com/anchore"},{"slug":"grype","logo":"/images/logos/grype.svg","name":"Anchore Grype","category":"sca","also_in":["container-security"],"category_name":"SCA","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://github.com/anchore/grype","url":"https://appsecsanta.com/grype","summary":"Fast Container Vulnerability Scanner","updated":"2026-05-19T00:00:00Z","github":"https://github.com/anchore/grype","github_stars":11500},{"slug":"apiiro","logo":"/images/logos/apiiro.webp","name":"Apiiro","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://apiiro.com","url":"https://appsecsanta.com/apiiro","summary":"Deep Code Analysis ASPM with Risk Graph","updated":"2026-05-11T00:00:00Z"},{"slug":"apisec","logo":"/images/logos/apisec.webp","name":"APIsec","category":"api-security","also_in":[],"category_name":"API Security","status":"active","license":"Freemium","website":"https://www.apisec.ai","url":"https://appsecsanta.com/apisec","summary":"AI-Powered API Pentesting Platform","updated":"2026-02-04T00:00:00Z"},{"slug":"apktool","logo":"/images/logos/apktool.png","name":"Apktool","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Apache License 2.0 (open source)","website":"https://apktool.org/","url":"https://appsecsanta.com/apktool","summary":"Android APK resource decoding \u0026 rebuild","updated":"2026-03-19T00:00:00Z","github":"https://github.com/iBotPeaches/Apktool","github_stars":24100},{"slug":"appcheck","logo":"/images/logos/appcheck.webp","name":"AppCheck","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://appcheck-ng.com","url":"https://appsecsanta.com/appcheck","summary":"Former Internal Pentest Tool","updated":"2026-05-19T00:00:00Z"},{"slug":"appdome","logo":"/images/logos/appdome.webp","name":"Appdome","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.appdome.com","url":"https://appsecsanta.com/appdome","summary":"No-Code Mobile Defense Automation","updated":"2026-05-19T00:00:00Z"},{"slug":"appknox","logo":"/images/logos/appknox.webp","name":"AppKnox","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.appknox.com","url":"https://appsecsanta.com/appknox","summary":"Mobile AppSec trusted by 300+ enterprises","updated":"2026-02-04T00:00:00Z"},{"slug":"apptrana","logo":"/images/logos/apptrana.svg","name":"AppTrana","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.indusface.com/products/apptrana-waap-platform/","url":"https://appsecsanta.com/apptrana","summary":"Fully managed WAAP with integrated DAST and WAF","updated":"2026-04-10T00:00:00Z"},{"slug":"aqua-security","logo":"/images/logos/aqua-security.png","name":"Aqua Security","category":"container-security","also_in":["iac-security"],"category_name":"Container Security","status":"active","license":"Commercial","website":"https://www.aquasec.com/","url":"https://appsecsanta.com/aqua-security","summary":"Full-Lifecycle CNAPP Platform","updated":"2026-02-25T00:00:00Z","github":"https://github.com/aquasecurity"},{"slug":"arachni","logo":"/images/logos/arachni.webp","name":"Arachni","category":"dast","also_in":[],"category_name":"DAST","status":"deprecated","license":"Free (Open-Source, Apache 2.0)","website":"https://www.arachni-scanner.com/","url":"https://appsecsanta.com/arachni","summary":"Archived Web Scanner","updated":"2026-02-15T00:00:00Z","github":"https://github.com/Arachni/arachni","github_stars":3400},{"slug":"arize-ai","logo":"/images/logos/arize-ai.png","name":"Arize AI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source) and Commercial","website":"https://arize.com/","url":"https://appsecsanta.com/arize-ai","summary":"OpenTelemetry-based AI observability with open-source Phoenix","updated":"2026-04-03T00:00:00Z","github":"https://github.com/Arize-ai/phoenix","github_stars":9100},{"slug":"armorcode","logo":"/images/logos/armorcode.webp","name":"ArmorCode","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.armorcode.com","url":"https://appsecsanta.com/armorcode","summary":"AI-Powered Risk Correlation","updated":"2026-04-20T00:00:00Z"},{"slug":"arnica","logo":"/images/logos/arnica.webp","name":"Arnica","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Freemium","website":"https://www.arnica.io/","url":"https://appsecsanta.com/arnica","summary":"Pipelineless SCA with Package Reputation","updated":"2026-05-19T00:00:00Z"},{"slug":"arthur-ai","logo":"/images/logos/arthur-ai.png","name":"Arthur AI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial (with open-source components)","website":"https://www.arthur.ai/","url":"https://appsecsanta.com/arthur-ai","summary":"AI Observability and Bias Detection","updated":"2026-05-19T00:00:00Z"},{"slug":"astra-security","logo":"/images/logos/astra-security.webp","name":"Astra Security","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.getastra.com","url":"https://appsecsanta.com/astra-security","summary":"AI-Powered Continuous Pentest Platform","updated":"2026-04-18T00:00:00Z"},{"slug":"augustus","logo":"/images/logos/augustus.webp","name":"Augustus","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"open-source","website":"https://www.praetorian.com/blog/introducing-augustus-open-source-llm-prompt-injection/","url":"https://appsecsanta.com/augustus","summary":"Production-grade LLM vulnerability scanner with 210+ adversarial probes","updated":"2026-04-03T00:00:00Z","github":"https://github.com/praetorian-inc/augustus","github_stars":172},{"slug":"bandit","logo":"/images/logos/bandit.webp","name":"Bandit","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free (Open-Source)","website":"https://bandit.readthedocs.io","url":"https://appsecsanta.com/bandit","summary":"Open-Source Python Scanner","updated":"2026-05-26T00:00:00Z","github":"https://github.com/PyCQA/bandit","github_stars":7900},{"slug":"beagle-security","logo":"/images/logos/beagle-security.webp","name":"Beagle Security","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://beaglesecurity.com","url":"https://appsecsanta.com/beagle-security","summary":"AI-Powered Pentesting Platform","updated":"2026-02-04T00:00:00Z"},{"slug":"bearer","logo":"/images/logos/bearer.webp","name":"Bearer","category":"sast","also_in":[],"category_name":"SAST","status":"acquired","license":"Open Source (ELv2) / Part of Cycode","website":"https://www.bearer.com","url":"https://appsecsanta.com/bearer","summary":"Data-First SAST with Privacy Scanning","updated":"2026-03-04T00:00:00Z","github":"https://github.com/Bearer/bearer","github_stars":2579},{"slug":"betterleaks","logo":"/images/logos/betterleaks.png","name":"Betterleaks","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Free (Open-Source, MIT)","website":"https://betterleaks.com","url":"https://appsecsanta.com/betterleaks","summary":"Gitleaks successor with secrets validation","updated":"2026-03-19T00:00:00Z","github":"https://github.com/betterleaks/betterleaks","github_stars":473},{"slug":"blackduck","logo":"/images/logos/blackduck.svg","name":"Black Duck","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Commercial","website":"https://www.blackduck.com/software-composition-analysis-tools/black-duck-sca.html","url":"https://appsecsanta.com/blackduck","summary":"SBOM \u0026 License Compliance","updated":"2026-06-10T00:00:00Z"},{"slug":"blackduck-web-scanner","logo":"/images/logos/blackduck-web-scanner.svg","name":"Black Duck Web Scanner","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.blackduck.com","url":"https://appsecsanta.com/blackduck-web-scanner","summary":"Enterprise DAST on the Polaris Platform","updated":"2026-04-10T00:00:00Z"},{"slug":"brakeman","logo":"/images/logos/brakeman.webp","name":"Brakeman","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free (Non-Commercial)","website":"https://brakemanscanner.org/","url":"https://appsecsanta.com/brakeman","summary":"Open-Source Ruby on Rails","updated":"2026-02-04T00:00:00Z","github":"https://github.com/presidentbeef/brakeman","github_stars":7200},{"slug":"bright-security","logo":"/images/logos/bright-security.webp","name":"Bright Security","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Freemium","website":"https://brightsec.com","url":"https://appsecsanta.com/bright-security","summary":"Developer-First CI/CD DAST","updated":"2026-04-14T00:00:00Z"},{"slug":"burp-suite","logo":"/images/logos/burp-suite.webp","name":"Burp Suite","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Freemium","website":"https://portswigger.net/burp","url":"https://appsecsanta.com/burp-suite","summary":"Web Application Pentesting Toolkit","updated":"2026-06-03T00:00:00Z"},{"slug":"caido","logo":"/images/logos/caido.webp","name":"Caido","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"","website":"https://caido.io","url":"https://appsecsanta.com/caido","summary":"Modern Proxy, Rust Engine, Free Tier","updated":"2026-06-08T00:00:00Z"},{"slug":"calico","logo":"/images/logos/calico.png","name":"Calico","category":"container-security","also_in":[],"category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0) + Commercial","website":"https://www.tigera.io/calico/","url":"https://appsecsanta.com/calico","summary":"Kubernetes networking and network security at scale","updated":"2026-03-19T00:00:00Z","github":"https://github.com/projectcalico/calico","github_stars":7100},{"slug":"calypsoai","logo":"/images/logos/calypsoai.webp","name":"CalypsoAI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"acquired","license":"Commercial","website":"https://calypsoai.com/","url":"https://appsecsanta.com/calypsoai","summary":"Inference-Layer AI Security Platform","updated":"2026-02-10T00:00:00Z"},{"slug":"cast-highlight","logo":"/images/logos/cast-highlight.webp","name":"CAST Highlight","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Commercial","website":"https://www.castsoftware.com/products/highlight","url":"https://appsecsanta.com/cast-highlight","summary":"Chrome Extension, SBOM Export","updated":"2026-02-04T00:00:00Z"},{"slug":"cdxgen","logo":"/images/logos/cdxgen.png","name":"cdxgen","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/cdxgen/cdxgen","url":"https://appsecsanta.com/cdxgen","summary":"CycloneDX SBOM generator for 20+ languages","updated":"2026-04-14T00:00:00Z","github":"https://github.com/cdxgen/cdxgen","github_stars":936},{"slug":"cequence","logo":"/images/logos/cequence.png","name":"Cequence Security","category":"api-security","also_in":[],"category_name":"API Security","status":"active","license":"Commercial","website":"https://www.cequence.ai","url":"https://appsecsanta.com/cequence","summary":"Unified API Protection with Native Blocking","updated":"2026-04-14T00:00:00Z"},{"slug":"cerbos","logo":"/images/logos/cerbos.webp","name":"Cerbos","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source) and Commercial","website":"https://www.cerbos.dev/","url":"https://appsecsanta.com/cerbos","summary":"Policy-Based Authorization for AI Agents and MCP Servers","updated":"2026-04-03T00:00:00Z","github":"https://github.com/cerbos/cerbos","github_stars":4300},{"slug":"chainguard","logo":"/images/logos/chainguard.png","name":"Chainguard","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Commercial (Free tier available)","website":"https://www.chainguard.dev/","url":"https://appsecsanta.com/chainguard","summary":"Zero-CVE Hardened Container Images","updated":"2026-05-19T00:00:00Z"},{"slug":"checkmarx","logo":"/images/logos/checkmarx.webp","name":"Checkmarx","category":"sast","also_in":["iast","sca","iac-security","container-security","api-security","dast"],"category_name":"SAST","status":"active","license":"Commercial","website":"https://checkmarx.com/","url":"https://appsecsanta.com/checkmarx","summary":"Enterprise AppSec platform for Fortune 100","updated":"2026-05-11T00:00:00Z"},{"slug":"checkov","logo":"/images/logos/checkov.webp","name":"Checkov","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://www.checkov.io/","url":"https://appsecsanta.com/checkov","summary":"1,000+ Policies for Terraform, CloudFormation \u0026 K8s","updated":"2026-05-19T00:00:00Z","github":"https://github.com/bridgecrewio/checkov","github_stars":8500},{"slug":"cisco-defenseclaw","logo":"/images/logos/cisco-defenseclaw.webp","name":"Cisco DefenseClaw","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/cisco-ai-defense/defenseclaw","url":"https://appsecsanta.com/cisco-defenseclaw","summary":"Enterprise Security Governance for Agentic AI","updated":"2026-04-03T00:00:00Z","github":"https://github.com/cisco-ai-defense/defenseclaw","github_stars":170},{"slug":"clair","logo":"/images/logos/clair.png","name":"Clair","category":"container-security","also_in":[],"category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://github.com/quay/clair","url":"https://appsecsanta.com/clair","summary":"Open-source container image vulnerability scanner","updated":"2026-02-25T00:00:00Z","github":"https://github.com/quay/clair","github_stars":11e3},{"slug":"codacy","logo":"/images/logos/codacy.webp","name":"Codacy","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial (Free for open-source, CLI is AGPL-3.0)","website":"https://www.codacy.com","url":"https://appsecsanta.com/codacy","summary":"40+ Languages with AI Code Protection","updated":"2026-02-04T00:00:00Z","github":"https://github.com/codacy/codacy-analysis-cli","github_stars":113},{"slug":"codedx","logo":"/images/logos/codedx.webp","name":"CodeDx","category":"aspm","also_in":[],"category_name":"ASPM","status":"acquired","license":"Commercial","website":"https://www.blackduck.com/software-risk-manager.html","url":"https://appsecsanta.com/codedx","summary":"Multi-scanner vulnerability correlation","updated":"2026-02-03T00:00:00Z"},{"slug":"conftest","logo":"/images/logos/conftest.webp","name":"Conftest","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://www.conftest.dev/","url":"https://appsecsanta.com/conftest","summary":"Policy-as-Code Testing","updated":"2026-04-14T00:00:00Z","github":"https://github.com/open-policy-agent/conftest","github_stars":3100},{"slug":"contrast-security","logo":"/images/logos/contrast-security.webp","name":"Contrast Security","category":"iast","also_in":["rasp","sca"],"category_name":"IAST","status":"active","license":"Commercial","website":"https://www.contrastsecurity.com/","url":"https://appsecsanta.com/contrast-security","summary":"Runtime-Powered Application Security","updated":"2026-05-11T00:00:00Z"},{"slug":"corellium","logo":"/images/logos/corellium.png","name":"Corellium","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.corellium.com","url":"https://appsecsanta.com/corellium","summary":"ARM-based virtual iOS \u0026 Android devices for security research","updated":"2026-03-23T00:00:00Z"},{"slug":"corgea","logo":"/images/logos/corgea.webp","name":"Corgea","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial","website":"https://corgea.com/","url":"https://appsecsanta.com/corgea","summary":"AI-native SAST with automatic vulnerability detection and code fix generation","updated":"2026-03-23T00:00:00Z"},{"slug":"coverity","logo":"/images/logos/coverity.svg","name":"Coverity","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial","website":"https://www.blackduck.com/static-analysis-tools-sast/coverity","url":"https://appsecsanta.com/coverity","summary":"Deep Analysis for Complex Codebases","updated":"2026-06-10T00:00:00Z"},{"slug":"crowdstrike-falcon-aidr","logo":"/images/logos/crowdstrike-falcon-aidr.webp","name":"CrowdStrike Falcon AIDR","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.crowdstrike.com/en-us/platform/falcon-aidr-ai-detection-and-response/","url":"https://appsecsanta.com/crowdstrike-falcon-aidr","summary":"AI Detection \u0026 Response for the Falcon Platform","updated":"2026-04-03T00:00:00Z"},{"slug":"crowdstrike-falcon-aspm","logo":"/images/logos/crowdstrike-falcon-aspm.webp","name":"CrowdStrike Falcon ASPM","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.crowdstrike.com/platform/cloud-security/aspm/","url":"https://appsecsanta.com/crowdstrike-falcon-aspm","summary":"Runtime-driven ASPM with shadow AI detection, inside the Falcon platform","updated":"2026-04-29T00:00:00Z"},{"slug":"cycode","logo":"/images/logos/cycode.webp","name":"Cycode","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://cycode.com","url":"https://appsecsanta.com/cycode","summary":"Complete ASPM with 94% Fewer False Positives","updated":"2026-05-11T00:00:00Z"},{"slug":"cylake","logo":"/images/logos/cylake.png","name":"Cylake","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.cylake.com/","url":"https://appsecsanta.com/cylake","summary":"AI-Native Cybersecurity with Data Sovereignty","updated":"2026-04-22T00:00:00Z"},{"slug":"dastardly","logo":"/images/logos/dastardly.webp","name":"Dastardly","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Free","website":"https://portswigger.net/burp/documentation/dastardly","url":"https://appsecsanta.com/dastardly","summary":"Free CI/CD DAST from PortSwigger","updated":"2026-02-04T00:00:00Z","github":"https://github.com/PortSwigger/dastardly-github-action","github_stars":295},{"slug":"data-theorem","logo":"/images/logos/data-theorem.webp","name":"Data Theorem Mobile Secure","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.datatheorem.com/products/mobile-secure/","url":"https://appsecsanta.com/data-theorem","summary":"Full-stack mobile AppSec","updated":"2026-04-14T00:00:00Z"},{"slug":"datadog-asm","logo":"/images/logos/datadog-asm.webp","name":"Datadog Application Security","category":"rasp","also_in":[],"category_name":"RASP","status":"active","license":"Commercial","website":"https://www.datadoghq.com/product/application-security-management/","url":"https://appsecsanta.com/datadog-asm","summary":"APM-Integrated Runtime Protection","updated":"2026-05-19T00:00:00Z"},{"slug":"datadog-iast","logo":"/images/logos/datadog-iast.webp","name":"Datadog Code Security (IAST)","category":"iast","also_in":[],"category_name":"IAST","status":"active","license":"Commercial","website":"https://www.datadoghq.com/product/iast/","url":"https://appsecsanta.com/datadog-iast","summary":"APM-Integrated Vulnerability Detection","updated":"2026-05-19T00:00:00Z"},{"slug":"dazz","logo":"/images/logos/dazz.webp","name":"Dazz","category":"aspm","also_in":[],"category_name":"ASPM","status":"acquired","license":"Commercial","website":"https://www.dazz.io","url":"https://appsecsanta.com/dazz","summary":"Unified Remediation Platform","updated":"2026-02-22T00:00:00Z"},{"slug":"deepsource","logo":"/images/logos/deepsource.webp","name":"DeepSource","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial (Free tier available)","website":"https://deepsource.com","url":"https://appsecsanta.com/deepsource","summary":"AI-Powered Code Analysis with Autofix","updated":"2026-05-19T00:00:00Z"},{"slug":"deepteam","logo":"/images/logos/deepteam.png","name":"DeepTeam","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/confident-ai/deepteam","url":"https://appsecsanta.com/deepteam","summary":"LLM Red Teaming Framework","updated":"2026-02-04T00:00:00Z","github":"https://github.com/confident-ai/deepteam","github_stars":1277},{"slug":"defectdojo","logo":"/images/logos/defectdojo.webp","name":"DefectDojo","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Free (Open-Source)","website":"https://www.defectdojo.com","url":"https://appsecsanta.com/defectdojo","summary":"Open-Source ASPM with 200+ Tool Parsers","updated":"2026-02-02T00:00:00Z","github":"https://github.com/DefectDojo/django-DefectDojo","github_stars":4500},{"slug":"detect-secrets","logo":"/images/logos/detect-secrets.webp","name":"detect-secrets","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/Yelp/detect-secrets","url":"https://appsecsanta.com/detect-secrets","summary":"Baseline secret management","updated":"2026-02-12T00:00:00Z","github":"https://github.com/Yelp/detect-secrets","github_stars":4300},{"slug":"detectify","logo":"/images/logos/detectify.webp","name":"Detectify","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://detectify.com","url":"https://appsecsanta.com/detectify","summary":"Crowdsourced Vulnerability Intel","updated":"2026-05-19T00:00:00Z"},{"slug":"docker-scout","logo":"/images/logos/docker-scout.webp","name":"Docker Scout","category":"container-security","also_in":[],"category_name":"Container Security","status":"active","license":"Freemium","website":"https://docs.docker.com/scout/","url":"https://appsecsanta.com/docker-scout","summary":"Docker-Native Security Scanning","updated":"2026-05-19T00:00:00Z"},{"slug":"drozer","logo":"/images/logos/drozer.webp","name":"Drozer","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"BSD 3-Clause License (open source)","website":"https://labs.reversec.com/tools/drozer/","url":"https://appsecsanta.com/drozer","summary":"Android attack surface assessment framework","updated":"2026-03-19T00:00:00Z","github":"https://github.com/ReversecLabs/drozer","github_stars":4500},{"slug":"dynatrace","logo":"/images/logos/dynatrace.webp","name":"Dynatrace","category":"rasp","also_in":[],"category_name":"RASP","status":"active","license":"Commercial","website":"https://www.dynatrace.com/platform/application-security/","url":"https://appsecsanta.com/dynatrace","summary":"Full-Stack Observability with Built-in Security","updated":"2026-05-19T00:00:00Z"},{"slug":"endor-labs","logo":"/images/logos/endor-labs.webp","name":"Endor Labs","category":"sca","also_in":["sast","container-security"],"category_name":"SCA","status":"active","license":"Commercial","website":"https://www.endorlabs.com","url":"https://appsecsanta.com/endor-labs","summary":"AI-Native AppSec with 97% Noise Reduction","updated":"2026-05-11T00:00:00Z"},{"slug":"escape","logo":"/images/logos/escape.webp","name":"Escape","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://escape.tech","url":"https://appsecsanta.com/escape","summary":"Business Logic Security Testing","updated":"2026-05-19T00:00:00Z"},{"slug":"eschecker","logo":"/images/logos/eschecker.webp","name":"esChecker","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://eshard.com/eschecker/","url":"https://appsecsanta.com/eschecker","summary":"DAST + IAST for Mobile, OWASP MASVS","updated":"2026-02-04T00:00:00Z"},{"slug":"falco","logo":"/images/logos/falco.svg","name":"Falco","category":"iac-security","also_in":["container-security"],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://falco.org/","url":"https://appsecsanta.com/falco","summary":"Cloud-native runtime security","updated":"2026-02-25T00:00:00Z","github":"https://github.com/falcosecurity/falco","github_stars":8700},{"slug":"faraday","logo":"/images/logos/faraday.webp","name":"Faraday","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Freemium (Free Community Edition, paid plans available)","website":"https://faradaysec.com/","url":"https://appsecsanta.com/faraday","summary":"Open-Source ASPM with 80+ Tool Integrations","updated":"2026-04-30T00:00:00Z","github":"https://github.com/infobyte/faraday","github_stars":6200},{"slug":"fluid-attacks","logo":"/images/logos/fluid-attacks.webp","name":"Fluid Attacks","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://fluidattacks.com/","url":"https://appsecsanta.com/fluid-attacks","summary":"AI + Human Expert Security Testing","updated":"2026-05-19T00:00:00Z"},{"slug":"fortify-webinspect","logo":"/images/logos/fortify-webinspect.webp","name":"Fortify WebInspect","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.opentext.com/products/fortify-webinspect","url":"https://appsecsanta.com/fortify-webinspect","summary":"OpenText Enterprise DAST","updated":"2026-05-19T00:00:00Z"},{"slug":"fortify-webinspect-agent","logo":"/images/logos/fortify-webinspect-agent.webp","name":"Fortify WebInspect Agent (IAST)","category":"iast","also_in":[],"category_name":"IAST","status":"active","license":"Commercial","website":"https://www.opentext.com/products/fortify-webinspect","url":"https://appsecsanta.com/fortify-webinspect-agent","summary":"Runtime Code-Level Reporting","updated":"2026-05-19T00:00:00Z"},{"slug":"fossa","logo":"/images/logos/fossa.webp","name":"FOSSA","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Freemium","website":"https://fossa.com/","url":"https://appsecsanta.com/fossa","summary":"Enterprise License Compliance","updated":"2026-05-11T00:00:00Z","github":"https://github.com/fossas/fossa-cli"},{"slug":"frida","logo":"/images/logos/frida.svg","name":"Frida","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"wxWindows Library Licence (open source)","website":"https://frida.re/","url":"https://appsecsanta.com/frida","summary":"Runtime mobile app instrumentation","updated":"2026-03-31T00:00:00Z","github":"https://github.com/frida/frida","github_stars":19700},{"slug":"fuzzyai","logo":"/images/logos/fuzzyai.png","name":"FuzzyAI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"open-source","website":"https://github.com/cyberark/FuzzyAI","url":"https://appsecsanta.com/fuzzyai","summary":"CyberArk's open-source LLM jailbreak fuzzer","updated":"2026-03-23T00:00:00Z","github":"https://github.com/cyberark/FuzzyAI","github_stars":1300},{"slug":"galileo-ai","logo":"/images/logos/galileo-ai.webp","name":"Galileo AI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://galileo.ai/","url":"https://appsecsanta.com/galileo-ai","summary":"AI Evaluation Intelligence with Luna Models","updated":"2026-04-03T00:00:00Z"},{"slug":"garak","logo":"/images/logos/garak.png","name":"Garak","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/NVIDIA/garak","url":"https://appsecsanta.com/garak","summary":"NVIDIA's LLM Vulnerability Scanner","updated":"2026-05-19T00:00:00Z","github":"https://github.com/NVIDIA/garak","github_stars":7e3},{"slug":"ghidra","logo":"/images/logos/ghidra.webp","name":"Ghidra","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Apache License 2.0 (open source)","website":"https://ghidra-sre.org/","url":"https://appsecsanta.com/ghidra","summary":"NSA Reverse Engineering Framework","updated":"2026-05-05T00:00:00Z","github":"https://github.com/NationalSecurityAgency/ghidra","github_stars":67300},{"slug":"giskard","logo":"/images/logos/giskard.png","name":"Giskard","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Freemium (Open-Source + Commercial)","website":"https://www.giskard.ai/","url":"https://appsecsanta.com/giskard","summary":"LLM testing and red teaming framework","updated":"2026-03-19T00:00:00Z","github":"https://github.com/Giskard-AI/giskard","github_stars":5200},{"slug":"git-secrets","logo":"/images/logos/git-secrets.webp","name":"git-secrets","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/awslabs/git-secrets","url":"https://appsecsanta.com/git-secrets","summary":"Git hook secret prevention","updated":"2026-06-11T00:00:00Z","github":"https://github.com/awslabs/git-secrets","github_stars":13300},{"slug":"gitguardian","logo":"/images/logos/gitguardian.webp","name":"GitGuardian","category":"secret-scanning","also_in":["sca"],"category_name":"Secrets","status":"active","license":"Freemium","website":"https://www.gitguardian.com/","url":"https://appsecsanta.com/gitguardian","summary":"Enterprise Secrets Detection","updated":"2026-05-11T00:00:00Z"},{"slug":"github-codeql","logo":"/images/logos/github-codeql.webp","name":"GitHub CodeQL","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free for open-source, Commercial for private repos","website":"https://codeql.github.com/","url":"https://appsecsanta.com/github-codeql","summary":"Semantic Analysis, GitHub Native","updated":"2026-05-19T00:00:00Z"},{"slug":"dependabot","logo":"/images/logos/dependabot.webp","name":"GitHub Dependabot","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Free (GitHub native)","website":"https://docs.github.com/en/code-security/dependabot","url":"https://appsecsanta.com/dependabot","summary":"GitHub-Native Dependency Security","updated":"2026-05-19T00:00:00Z"},{"slug":"github-secret-scanning","logo":"/images/logos/github-secret-scanning.webp","name":"GitHub Secret Scanning","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Commercial (free for public repositories)","website":"https://docs.github.com/en/code-security/secret-scanning","url":"https://appsecsanta.com/github-secret-scanning","summary":"Native GitHub secret detection","updated":"2026-06-11T00:00:00Z"},{"slug":"gitlab-dast","logo":"/images/logos/gitlab-dast.webp","name":"GitLab DAST","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial (GitLab Ultimate)","website":"https://docs.gitlab.com/ee/user/application_security/dast/","url":"https://appsecsanta.com/gitlab-dast","summary":"Native GitLab CI/CD Integration","updated":"2026-05-19T00:00:00Z"},{"slug":"gitlab-sast","logo":"/images/logos/gitlab-sast.webp","name":"GitLab SAST","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Included with GitLab (Free tier: limited, Premium/Ultimate: full features)","website":"https://docs.gitlab.com/user/application_security/sast/","url":"https://appsecsanta.com/gitlab-sast","summary":"Built-in CI scanning","updated":"2026-05-19T00:00:00Z"},{"slug":"gitleaks","logo":"/images/logos/gitleaks.webp","name":"Gitleaks","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Free (Open-Source, MIT)","website":"https://gitleaks.io/","url":"https://appsecsanta.com/gitleaks","summary":"Git secret scanner","updated":"2026-02-12T00:00:00Z","github":"https://github.com/gitleaks/gitleaks","github_stars":25900},{"slug":"gosec","logo":"/images/logos/gosec.webp","name":"gosec","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free/OSS","website":"https://securego.io/","url":"https://appsecsanta.com/gosec","summary":"Go Security Linter","updated":"2026-05-19T00:00:00Z","github":"https://github.com/securego/gosec","github_stars":8700},{"slug":"graudit","logo":"/images/logos/graudit.webp","name":"Graudit","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free (Open-Source, GPL-3.0)","website":"https://github.com/wireghoul/graudit","url":"https://appsecsanta.com/graudit","summary":"Grep-Based Code Auditing","updated":"2026-02-04T00:00:00Z","github":"https://github.com/wireghoul/graudit","github_stars":1700},{"slug":"guardrails-ai","logo":"/images/logos/guardrails-ai.webp","name":"Guardrails AI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source) and Commercial","website":"https://www.guardrailsai.com/","url":"https://appsecsanta.com/guardrails-ai","summary":"Open-Source LLM Validation with Guardrails Hub","updated":"2026-04-03T00:00:00Z","github":"https://github.com/guardrails-ai/guardrails","github_stars":6600},{"slug":"guardsquare","logo":"/images/logos/guardsquare.webp","name":"Guardsquare","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial (ProGuard is Open Source)","website":"https://www.guardsquare.com","url":"https://appsecsanta.com/guardsquare","summary":"Deep Code Obfuscation for Mobile Apps","updated":"2026-02-22T00:00:00Z"},{"slug":"harbor","logo":"/images/logos/harbor.png","name":"Harbor","category":"container-security","also_in":[],"category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://goharbor.io/","url":"https://appsecsanta.com/harbor","summary":"CNCF Graduated, 30.5k Stars","updated":"2026-05-19T00:00:00Z","github":"https://github.com/goharbor/harbor","github_stars":30500},{"slug":"hcl-appscan-dast","logo":"/images/logos/hcl-appscan-dast.webp","name":"HCL AppScan","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.hcl-software.com/appscan","url":"https://appsecsanta.com/hcl-appscan-dast","summary":"Enterprise DAST with federal compliance","updated":"2026-05-30T00:00:00Z"},{"slug":"hcl-appscan","logo":"/images/logos/hcl-appscan.webp","name":"HCL AppScan","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial (AppScan CodeSweep is Free)","website":"https://www.hcl-software.com/appscan","url":"https://appsecsanta.com/hcl-appscan","summary":"Enterprise SAST with Free CodeSweep","updated":"2026-05-19T00:00:00Z"},{"slug":"hcl-appscan-iast","logo":"/images/logos/hcl-appscan-iast.webp","name":"HCL AppScan IAST","category":"iast","also_in":[],"category_name":"IAST","status":"active","license":"Commercial","website":"https://www.hcl-software.com/appscan/solutions/interactive-application-security-testing-iast","url":"https://appsecsanta.com/hcl-appscan-iast","summary":"Patented False Positive Reduction","updated":"2026-05-19T00:00:00Z"},{"slug":"hdiv-detection","logo":"/images/logos/hdiv-detection.webp","name":"Hdiv Detection","category":"iast","also_in":[],"category_name":"IAST","status":"acquired","license":"Commercial","website":"https://github.com/hdiv/hdiv","url":"https://appsecsanta.com/hdiv-detection","summary":"Runtime IAST with Zero False Positives (Acquired by Datadog)","updated":"2026-02-04T00:00:00Z"},{"slug":"hdiv-protection","logo":"/images/logos/hdiv-protection.webp","name":"Hdiv Protection","category":"rasp","also_in":[],"category_name":"RASP","status":"acquired","license":"Commercial","website":"https://web.archive.org/web/2023*/https://www.hdivsecurity.com/","url":"https://appsecsanta.com/hdiv-protection","summary":"Hdiv Suite (Acquired by Datadog)","updated":"2026-02-02T00:00:00Z"},{"slug":"hiddenlayer","logo":"/images/logos/hiddenlayer.webp","name":"HiddenLayer AISec","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://hiddenlayer.com","url":"https://appsecsanta.com/hiddenlayer","summary":"ML Model Security Platform — 48+ CVEs, 25+ Patents","updated":"2026-04-14T00:00:00Z"},{"slug":"holistic-ai","logo":"/images/logos/holistic-ai.webp","name":"Holistic AI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.holisticai.com/","url":"https://appsecsanta.com/holistic-ai","summary":"End-to-end AI governance for compliance and risk management","updated":"2026-04-03T00:00:00Z"},{"slug":"hopper","logo":"/images/logos/hopper.webp","name":"Hopper Disassembler","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial (Free trial available)","website":"https://www.hopperapp.com/","url":"https://appsecsanta.com/hopper","summary":"Native macOS reverse engineering","updated":"2026-04-20T00:00:00Z"},{"slug":"horusec","logo":"/images/logos/horusec.png","name":"Horusec","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free/OSS (Apache 2.0)","website":"https://github.com/ZupIT/horusec","url":"https://appsecsanta.com/horusec","summary":"Multi-Language Open-Source Orchestrator","updated":"2026-02-04T00:00:00Z","github":"https://github.com/ZupIT/horusec","github_stars":1200},{"slug":"imperva-api-security","logo":"/images/logos/imperva-api-security.png","name":"Imperva API Security","category":"api-security","also_in":[],"category_name":"API Security","status":"active","license":"Commercial","website":"https://www.imperva.com/products/api-security/","url":"https://appsecsanta.com/imperva-api-security","summary":"ML-driven API discovery and runtime protection, part of Thales","updated":"2026-03-23T00:00:00Z"},{"slug":"imperva-rasp","logo":"/images/logos/imperva-rasp.png","name":"Imperva RASP","category":"rasp","also_in":[],"category_name":"RASP","status":"active","license":"Commercial","website":"https://www.imperva.com/products/runtime-application-self-protection-rasp/","url":"https://appsecsanta.com/imperva-rasp","summary":"Combines with Imperva WAF","updated":"2026-02-02T00:00:00Z"},{"slug":"infer","logo":"/images/logos/infer.png","name":"Infer","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"MIT","website":"https://fbinfer.com/","url":"https://appsecsanta.com/infer","summary":"Meta's Inter-Procedural Static Analyzer","updated":"2026-03-19T00:00:00Z","github":"https://github.com/facebook/infer","github_stars":15500},{"slug":"intruder","logo":"/images/logos/intruder.webp","name":"Intruder","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.intruder.io","url":"https://appsecsanta.com/intruder","summary":"Unified Exposure Management Platform","updated":"2026-05-19T00:00:00Z"},{"slug":"invicti","logo":"/images/logos/invicti.webp","name":"Invicti","category":"dast","also_in":["aspm","iast"],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.invicti.com","url":"https://appsecsanta.com/invicti","summary":"Proof-Based DAST at 99.98% Accuracy","updated":"2026-05-30T00:00:00Z"},{"slug":"jadx","logo":"/images/logos/jadx.webp","name":"Jadx","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Apache License 2.0 (open source)","website":"https://github.com/skylot/jadx","url":"https://appsecsanta.com/jadx","summary":"Android DEX to Java decompiler","updated":"2026-06-10T00:00:00Z","github":"https://github.com/skylot/jadx","github_stars":48100},{"slug":"jfrog-xray","logo":"/images/logos/jfrog-xray.webp","name":"JFrog Xray","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Commercial (Pro X, Enterprise X, or Enterprise+ subscription)","website":"https://jfrog.com/xray/","url":"https://appsecsanta.com/jfrog-xray","summary":"Binary Management Integration","updated":"2026-05-11T00:00:00Z"},{"slug":"jit","logo":"/images/logos/jit.webp","name":"Jit","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.jit.io","url":"https://appsecsanta.com/jit","summary":"AI Agent Platform for Product Security","updated":"2026-05-19T00:00:00Z"},{"slug":"k2-cyber-security","logo":"/images/logos/k2-cyber-security.webp","name":"K2 Cyber Security","category":"rasp","also_in":[],"category_name":"RASP","status":"acquired","license":"Commercial","website":"https://newrelic.com","url":"https://appsecsanta.com/k2-cyber-security","summary":"RASP and IAST platform","updated":"2026-02-02T00:00:00Z"},{"slug":"kics","logo":"/images/logos/kics.webp","name":"KICS","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://kics.io/","url":"https://appsecsanta.com/kics","summary":"2,400+ Rego Queries for 22+ IaC Platforms","updated":"2026-02-02T00:00:00Z","github":"https://github.com/Checkmarx/kics","github_stars":2500},{"slug":"kingfisher","logo":"/images/logos/kingfisher.webp","name":"Kingfisher","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://mongodb.github.io/kingfisher/","url":"https://appsecsanta.com/kingfisher","summary":"Validate and revoke leaked secrets","updated":"2026-04-27T00:00:00Z","github":"https://github.com/mongodb/kingfisher","github_stars":1e3},{"slug":"kiuwan","logo":"/images/logos/kiuwan.webp","name":"Kiuwan Code Security","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial","website":"https://www.kiuwan.com/code-security-sast/","url":"https://appsecsanta.com/kiuwan","summary":"30+ Languages Including Legacy","updated":"2026-05-19T00:00:00Z"},{"slug":"klocwork","logo":"/images/logos/klocwork.webp","name":"Klocwork","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial (with Free Trial)","website":"https://www.perforce.com/products/klocwork","url":"https://appsecsanta.com/klocwork","summary":"Safety-Certified C/C++ Analysis","updated":"2026-05-19T00:00:00Z"},{"slug":"knostic","logo":"/images/logos/knostic.png","name":"Knostic","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.knostic.ai/","url":"https://appsecsanta.com/knostic","summary":"Need-to-know access control for enterprise LLMs","updated":"2026-03-23T00:00:00Z"},{"slug":"kube-bench","logo":"/images/logos/kube-bench.webp","name":"kube-bench","category":"container-security","also_in":[],"category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://github.com/aquasecurity/kube-bench","url":"https://appsecsanta.com/kube-bench","summary":"CIS Benchmark Compliance, 7.9k Stars","updated":"2026-02-25T00:00:00Z","github":"https://github.com/aquasecurity/kube-bench","github_stars":7900},{"slug":"kubearmor","logo":"/images/logos/kubearmor.svg","name":"KubeArmor","category":"iac-security","also_in":["container-security"],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://kubearmor.io/","url":"https://appsecsanta.com/kubearmor","summary":"LSM-based runtime enforcement","updated":"2026-06-10T00:00:00Z","github":"https://github.com/kubearmor/KubeArmor","github_stars":2100},{"slug":"kubescape","logo":"/images/logos/kubescape.svg","name":"Kubescape","category":"iac-security","also_in":["container-security"],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://kubescape.io","url":"https://appsecsanta.com/kubescape","summary":"CNCF Project, 25k+ Users","updated":"2026-02-09T00:00:00Z","github":"https://github.com/kubescape/kubescape","github_stars":11100},{"slug":"kyverno","logo":"/images/logos/kyverno.svg","name":"Kyverno","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://kyverno.io/","url":"https://appsecsanta.com/kyverno","summary":"Kubernetes-native policy management","updated":"2026-05-19T00:00:00Z","github":"https://github.com/kyverno/kyverno","github_stars":7400},{"slug":"lacework","logo":"/images/logos/lacework.webp","name":"Lacework","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"acquired","license":"Commercial","website":"https://www.fortinet.com/products/forticnapp","url":"https://appsecsanta.com/lacework","summary":"Behavioral analytics CNAPP (Now FortiCNAPP)","updated":"2026-02-14T00:00:00Z"},{"slug":"lakera","logo":"/images/logos/lakera.webp","name":"Lakera Guard","category":"ai-security","also_in":[],"category_name":"AI Security","status":"acquired","license":"Commercial (with Free tier)","website":"https://www.lakera.ai/","url":"https://appsecsanta.com/lakera","summary":"Gandalf Game Creator, Enterprise API","updated":"2026-02-02T00:00:00Z"},{"slug":"lasso-security","logo":"/images/logos/lasso-security.png","name":"Lasso Security","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.lasso.security/","url":"https://appsecsanta.com/lasso-security","summary":"End-to-End GenAI Security with Shadow AI Discovery","updated":"2026-04-03T00:00:00Z"},{"slug":"legit-security","logo":"/images/logos/legit-security.png","name":"Legit Security","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.legitsecurity.com","url":"https://appsecsanta.com/legit-security","summary":"AI-Native Software Supply Chain ASPM","updated":"2026-05-19T00:00:00Z"},{"slug":"levo-ai","logo":"/images/logos/levo-ai.png","name":"Levo.ai","category":"api-security","also_in":[],"category_name":"API Security","status":"active","license":"Commercial","website":"https://www.levo.ai","url":"https://appsecsanta.com/levo-ai","summary":"eBPF-Powered API Auto-Discovery","updated":"2026-05-19T00:00:00Z"},{"slug":"llm-guard","logo":"/images/logos/llm-guard.webp","name":"LLM Guard","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/protectai/llm-guard","url":"https://appsecsanta.com/llm-guard","summary":"Open-Source LLM Guardrails","updated":"2026-06-10T00:00:00Z","github":"https://github.com/protectai/llm-guard","github_stars":2500},{"slug":"mayhem","logo":"/images/logos/mayhem.svg","name":"Mayhem","category":"dast","also_in":[],"category_name":"DAST","status":"acquired","license":"commercial","website":"https://www.mayhem.security/","url":"https://appsecsanta.com/mayhem","summary":"DARPA challenge-winning autonomous fuzzing platform","updated":"2026-03-23T00:00:00Z"},{"slug":"mcp-scan","logo":"/images/logos/mcp-scan.webp","name":"MCP-Scan","category":"ai-security","also_in":[],"category_name":"AI Security","status":"acquired","license":"Free (Open-Source)","website":"https://github.com/invariantlabs-ai/mcp-scan","url":"https://appsecsanta.com/mcp-scan","summary":"Security Scanner for MCP Servers and Agent Skills","updated":"2026-04-03T00:00:00Z","github":"https://github.com/invariantlabs-ai/mcp-scan","github_stars":2e3},{"slug":"mend","logo":"/images/logos/mend.webp","name":"Mend","category":"sca","also_in":["sast"],"category_name":"SCA","status":"active","license":"Commercial","website":"https://www.mend.io/","url":"https://appsecsanta.com/mend","summary":"Renovate-powered SCA + Agentic SAST in one platform","updated":"2026-05-11T00:00:00Z"},{"slug":"mindgard","logo":"/images/logos/mindgard.png","name":"Mindgard","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://mindgard.ai/","url":"https://appsecsanta.com/mindgard","summary":"DAST-AI Continuous Red Teaming","updated":"2026-05-19T00:00:00Z"},{"slug":"mitmproxy","logo":"/images/logos/mitmproxy.webp","name":"mitmproxy","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"MIT License (open source)","website":"https://www.mitmproxy.org/","url":"https://appsecsanta.com/mitmproxy","summary":"Free CLI HTTPS intercepting proxy for mobile and API testing","updated":"2026-04-20T00:00:00Z","github":"https://github.com/mitmproxy/mitmproxy","github_stars":43162},{"slug":"mobsf","logo":"/images/logos/mobsf.webp","name":"MobSF","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/MobSF/Mobile-Security-Framework-MobSF","url":"https://appsecsanta.com/mobsf","summary":"Open-Source All-in-One Mobile","updated":"2026-05-26T00:00:00Z","github":"https://github.com/MobSF/Mobile-Security-Framework-MobSF","github_stars":20700},{"slug":"modsecurity","logo":"/images/logos/modsecurity.webp","name":"ModSecurity","category":"rasp","also_in":[],"category_name":"RASP","status":"active","license":"Apache License 2.0","website":"https://modsecurity.org","url":"https://appsecsanta.com/modsecurity","summary":"Open-Source WAF Engine","updated":"2026-05-19T00:00:00Z","github":"https://github.com/owasp-modsecurity/ModSecurity","github_stars":9500},{"slug":"mondoo","logo":"/images/logos/mondoo.png","name":"Mondoo","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"active","license":"Source Available (BUSL-1.1) / Commercial (Platform)","website":"https://mondoo.com","url":"https://appsecsanta.com/mondoo","summary":"Policy as Code for Full-Stack Security","updated":"2026-05-19T00:00:00Z","github":"https://github.com/mondoohq/cnspec","github_stars":399},{"slug":"neuraltrust","logo":"/images/logos/neuraltrust.webp","name":"NeuralTrust","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://neuraltrust.ai/","url":"https://appsecsanta.com/neuraltrust","summary":"AI Gateway, Red Teaming \u0026 Agent Security","updated":"2026-04-03T00:00:00Z","github":"https://github.com/NeuralTrust"},{"slug":"neuvector","logo":"/images/logos/neuvector.png","name":"NeuVector","category":"container-security","also_in":[],"category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://www.suse.com/neuvector/","url":"https://appsecsanta.com/neuvector","summary":"Full-lifecycle container security with Layer 7 firewall","updated":"2026-05-19T00:00:00Z","github":"https://github.com/neuvector/neuvector","github_stars":1300},{"slug":"nikto","logo":"/images/logos/nikto.png","name":"Nikto","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Free (Open-Source)","website":"https://github.com/sullo/nikto","url":"https://appsecsanta.com/nikto","summary":"Fast Web Server Scanner","updated":"2026-04-20T00:00:00Z","github":"https://github.com/sullo/nikto","github_stars":10279},{"slug":"nodejsscan","logo":"/images/logos/nodejsscan.png","name":"NodeJSScan","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free/OSS","website":"https://github.com/ajinabraham/nodejsscan","url":"https://appsecsanta.com/nodejsscan","summary":"Node.js Security Scanner","updated":"2026-02-04T00:00:00Z","github":"https://github.com/ajinabraham/nodejsscan","github_stars":2500},{"slug":"noma-security","logo":"/images/logos/noma-security.png","name":"Noma Security","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://noma.security/","url":"https://appsecsanta.com/noma-security","summary":"Unified AI Agent Security with 1,300% ARR Growth","updated":"2026-04-03T00:00:00Z"},{"slug":"noname-security","logo":"/images/logos/noname-security.webp","name":"Noname Security","category":"api-security","also_in":[],"category_name":"API Security","status":"acquired","license":"Commercial","website":"https://www.akamai.com","url":"https://appsecsanta.com/noname-security","summary":"API Security Platform (Acquired by Akamai)","updated":"2026-02-15T00:00:00Z"},{"slug":"nowsecure","logo":"/images/logos/nowsecure.webp","name":"NowSecure","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://www.nowsecure.com","url":"https://appsecsanta.com/nowsecure","summary":"Privacy \u0026 Data Protection Analysis","updated":"2026-05-11T00:00:00Z"},{"slug":"nuclei","logo":"/images/logos/nuclei.webp","name":"Nuclei","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Free (Open-Source)","website":"https://docs.projectdiscovery.io/","url":"https://appsecsanta.com/nuclei","summary":"Template-Based OSS Scanner","updated":"2026-04-21T00:00:00Z","github":"https://github.com/projectdiscovery/nuclei","github_stars":28015},{"slug":"nemo-guardrails","logo":"/images/logos/nemo-guardrails.png","name":"NVIDIA NeMo Guardrails","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/NVIDIA/NeMo-Guardrails","url":"https://appsecsanta.com/nemo-guardrails","summary":"NVIDIA's Programmable LLM Guardrails","updated":"2026-02-04T00:00:00Z","github":"https://github.com/NVIDIA/NeMo-Guardrails","github_stars":5600},{"slug":"objection","logo":"/images/logos/objection.webp","name":"Objection","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"GPL-3.0 (open source)","website":"https://github.com/sensepost/objection","url":"https://appsecsanta.com/objection","summary":"Mobile pentesting without jailbreak","updated":"2026-03-31T00:00:00Z","github":"https://github.com/sensepost/objection","github_stars":8900},{"slug":"onyx-security","logo":"/images/logos/onyx-security.webp","name":"Onyx Security","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://onyx.security/","url":"https://appsecsanta.com/onyx-security","summary":"Secure AI Control Plane for Enterprise Agents","updated":"2026-04-03T00:00:00Z"},{"slug":"opa-gatekeeper","logo":"/images/logos/opa-gatekeeper.svg","name":"OPA Gatekeeper","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://open-policy-agent.github.io/gatekeeper/","url":"https://appsecsanta.com/opa-gatekeeper","summary":"OPA-based admission control","updated":"2026-04-14T00:00:00Z","github":"https://github.com/open-policy-agent/gatekeeper","github_stars":4100},{"slug":"openai-guardrails","logo":"/images/logos/openai-guardrails.webp","name":"OpenAI Guardrails","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://openai.github.io/openai-guardrails-python/","url":"https://appsecsanta.com/openai-guardrails","summary":"Drop-In Safety Wrapper for OpenAI Agents","updated":"2026-04-03T00:00:00Z","github":"https://github.com/openai/openai-guardrails-python","github_stars":195},{"slug":"opengrep","logo":"/images/logos/opengrep.webp","name":"OpenGrep","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"LGPL-2.1","website":"https://opengrep.dev","url":"https://appsecsanta.com/opengrep","summary":"Community Fork, Taint Analysis, 30+ Languages","updated":"2026-05-19T00:00:00Z","github":"https://github.com/opengrep/opengrep","github_stars":2144},{"slug":"openrasp","logo":"/images/logos/openrasp.webp","name":"OpenRASP","category":"rasp","also_in":[],"category_name":"RASP","status":"deprecated","license":"Free (Open-Source)","website":"https://github.com/baidu/openrasp","url":"https://appsecsanta.com/openrasp","summary":"Most Popular Open-Source RASP","updated":"2026-02-02T00:00:00Z","github":"https://github.com/baidu/openrasp","github_stars":2900},{"slug":"debricked","logo":"/images/logos/debricked.webp","name":"OpenText Core SCA (Debricked)","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Freemium","website":"https://debricked.com/","url":"https://appsecsanta.com/debricked","summary":"Fortify Integration, Developer-Friendly","updated":"2026-04-23T00:00:00Z"},{"slug":"fortify-static-code-analyzer","logo":"/images/logos/fortify-static-code-analyzer.webp","name":"OpenText Fortify","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial","website":"https://www.opentext.com/products/static-application-security-testing","url":"https://appsecsanta.com/fortify-static-code-analyzer","summary":"33+ Languages including COBOL and ABAP","updated":"2026-04-20T00:00:00Z"},{"slug":"orca-security","logo":"/images/logos/orca-security.svg","name":"Orca Security","category":"iac-security","also_in":["container-security","aspm"],"category_name":"IaC Security","status":"active","license":"Commercial","website":"https://orca.security","url":"https://appsecsanta.com/orca-security","summary":"Patented SideScanning technology","updated":"2026-05-11T00:00:00Z"},{"slug":"ostorlab","logo":"/images/logos/ostorlab.webp","name":"Ostorlab","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Freemium","website":"https://ostorlab.co","url":"https://appsecsanta.com/ostorlab","summary":"Open-Source Core + Enterprise","updated":"2026-04-21T00:00:00Z","github":"https://github.com/Ostorlab/oxo","github_stars":560},{"slug":"osv-scanner","logo":"/images/logos/osv-scanner.webp","name":"OSV-Scanner","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://google.github.io/osv-scanner/","url":"https://appsecsanta.com/osv-scanner","summary":"Google-Backed OSV Database Scanner","updated":"2026-03-31T00:00:00Z","github":"https://github.com/google/osv-scanner"},{"slug":"oversecured","logo":"/images/logos/oversecured.webp","name":"Oversecured","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://oversecured.com","url":"https://appsecsanta.com/oversecured","summary":"99.8% Detection Accuracy","updated":"2026-05-05T00:00:00Z"},{"slug":"owasp-dependency-check","logo":"/images/logos/owasp-dependency-check.webp","name":"OWASP Dependency-Check","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://owasp.org/www-project-dependency-check/","url":"https://appsecsanta.com/owasp-dependency-check","summary":"Long-Standing Open-Source SCA","updated":"2026-02-02T00:00:00Z","github":"https://github.com/dependency-check/DependencyCheck","github_stars":7400},{"slug":"dependency-track","logo":"/images/logos/dependency-track.webp","name":"OWASP Dependency-Track","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://dependencytrack.org/","url":"https://appsecsanta.com/dependency-track","summary":"SBOM-First Vulnerability Management","updated":"2026-02-04T00:00:00Z","github":"https://github.com/DependencyTrack/dependency-track","github_stars":3600},{"slug":"ox-security","logo":"/images/logos/ox-security.webp","name":"OX Security","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.ox.security","url":"https://appsecsanta.com/ox-security","summary":"Active ASPM with PBOM","updated":"2026-04-30T00:00:00Z"},{"slug":"parasoft","logo":"/images/logos/parasoft.png","name":"Parasoft","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial","website":"https://www.parasoft.com/","url":"https://appsecsanta.com/parasoft","summary":"Compliance-first SAST for automotive, aerospace \u0026 medical device software","updated":"2026-05-11T00:00:00Z"},{"slug":"pentest-tools","logo":"/images/logos/pentest-tools.webp","name":"Pentest Tools","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://pentest-tools.com/","url":"https://appsecsanta.com/pentest-tools","summary":"Cloud-Based Pentest Platform","updated":"2026-05-19T00:00:00Z"},{"slug":"phoenix-security","logo":"/images/logos/phoenix-security.webp","name":"Phoenix Security","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://phoenix.security","url":"https://appsecsanta.com/phoenix-security","summary":"Threat-centric ASPM with ownership attribution and AI PR remediation","updated":"2026-04-29T00:00:00Z"},{"slug":"phpstan","logo":"/images/logos/phpstan.png","name":"PHPStan","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"MIT","website":"https://phpstan.org/","url":"https://appsecsanta.com/phpstan","summary":"PHP Static Analysis with Progressive Strictness","updated":"2026-04-21T00:00:00Z","github":"https://github.com/phpstan/phpstan","github_stars":13900},{"slug":"phylum","logo":"/images/logos/phylum.webp","name":"Phylum","category":"sca","also_in":[],"category_name":"SCA","status":"acquired","license":"Commercial (acquired by Veracode)","website":"https://www.phylum.io/","url":"https://appsecsanta.com/phylum","summary":"Malicious Package Detection Engine","updated":"2026-02-22T00:00:00Z","github":"https://github.com/phylum-dev"},{"slug":"pmd","logo":"/images/logos/pmd.webp","name":"PMD","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free/OSS","website":"https://pmd.github.io/","url":"https://appsecsanta.com/pmd","summary":"Multi-Language Code Analyzer","updated":"2026-05-19T00:00:00Z","github":"https://github.com/pmd/pmd","github_stars":5300},{"slug":"prisma-cloud","logo":"/images/logos/prisma-cloud.webp","name":"Prisma Cloud","category":"iac-security","also_in":["container-security"],"category_name":"IaC Security","status":"active","license":"Commercial","website":"https://www.paloaltonetworks.com/prisma/cloud","url":"https://appsecsanta.com/prisma-cloud","summary":"Unified CNAPP with Checkov-powered IaC scanning","updated":"2026-05-19T00:00:00Z"},{"slug":"probely","logo":"/images/logos/probely.webp","name":"Probely","category":"dast","also_in":[],"category_name":"DAST","status":"acquired","license":"Commercial","website":"https://snyk.io/product/dast-api-web/","url":"https://appsecsanta.com/probely","summary":"Now Snyk DAST - DevOps-Friendly with API Scanning","updated":"2026-02-04T00:00:00Z"},{"slug":"prompt-inspector","logo":"/images/logos/prompt-inspector.webp","name":"Prompt Inspector","category":"ai-security","also_in":[],"category_name":"AI Security","status":"deprecated","license":"Free (Open-Source) and Commercial","website":"https://promptinspector.io/","url":"https://appsecsanta.com/prompt-inspector","summary":"Multi-layer prompt injection detection for LLM applications","updated":"2026-04-03T00:00:00Z","github":"https://github.com/aunicall/prompt-inspector"},{"slug":"prompt-security","logo":"/images/logos/prompt-security.webp","name":"Prompt Security","category":"ai-security","also_in":[],"category_name":"AI Security","status":"acquired","license":"Commercial","website":"https://prompt.security/","url":"https://appsecsanta.com/prompt-security","summary":"GenAI Firewall, Shadow AI Detection","updated":"2026-02-10T00:00:00Z"},{"slug":"promptfoo","logo":"/images/logos/promptfoo.webp","name":"Promptfoo","category":"ai-security","also_in":[],"category_name":"AI Security","status":"acquired","license":"Free (Open-Source) and Commercial","website":"https://www.promptfoo.dev/","url":"https://appsecsanta.com/promptfoo","summary":"LLM Evaluation \u0026 Red Teaming CLI","updated":"2026-05-19T00:00:00Z","github":"https://github.com/promptfoo/promptfoo","github_stars":13200},{"slug":"protect-ai-guardian","logo":"/images/logos/protect-ai-guardian.webp","name":"Protect AI Guardian","category":"ai-security","also_in":[],"category_name":"AI Security","status":"acquired","license":"Commercial","website":"https://protectai.com/guardian","url":"https://appsecsanta.com/protect-ai-guardian","summary":"MLSecOps Platform (Now Palo Alto Networks)","updated":"2026-02-04T00:00:00Z"},{"slug":"protecto","logo":"/images/logos/protecto.png","name":"Protecto","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.protecto.ai/","url":"https://appsecsanta.com/protecto","summary":"Context Security \u0026 Data Privacy for AI Agents","updated":"2026-04-03T00:00:00Z"},{"slug":"psalm","logo":"/images/logos/psalm.webp","name":"Psalm","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"MIT","website":"https://psalm.dev/","url":"https://appsecsanta.com/psalm","summary":"PHP Type Safety + Security Taint Analysis","updated":"2026-03-19T00:00:00Z","github":"https://github.com/vimeo/psalm","github_stars":5800},{"slug":"pt-application-inspector","logo":"/images/logos/pt-application-inspector.webp","name":"PT Application Inspector","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial","website":"https://www.ptsecurity.com/ww-en/products/ai/","url":"https://appsecsanta.com/pt-application-inspector","summary":"SAST+DAST+IAST+SCA Combined","updated":"2026-02-04T00:00:00Z"},{"slug":"pyrit","logo":"/images/logos/pyrit.webp","name":"PyRIT","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Free (Open-Source)","website":"https://github.com/Azure/PyRIT","url":"https://appsecsanta.com/pyrit","summary":"Microsoft's AI Red Team Framework","updated":"2026-02-02T00:00:00Z","github":"https://github.com/Azure/PyRIT","github_stars":3400},{"slug":"qodana","logo":"/images/logos/qodana.webp","name":"Qodana","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Commercial (Free tier available)","website":"https://www.jetbrains.com/qodana/","url":"https://appsecsanta.com/qodana","summary":"JetBrains IDE Inspections in CI/CD","updated":"2026-05-19T00:00:00Z"},{"slug":"qualys-was","logo":"/images/logos/qualys-was.webp","name":"Qualys WAS","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.qualys.com/apps/web-app-scanning/","url":"https://appsecsanta.com/qualys-was","summary":"AI-Powered Cloud DAST","updated":"2026-05-19T00:00:00Z"},{"slug":"qwiet-ai","logo":"/images/logos/qwiet-ai.webp","name":"Qwiet AI","category":"sca","also_in":[],"category_name":"SCA","status":"acquired","license":"Commercial","website":"https://www.harness.io/products/security-testing-orchestration","url":"https://appsecsanta.com/qwiet-ai","summary":"Now Harness STO - AI-Powered Reachability Analysis","updated":"2026-02-04T00:00:00Z"},{"slug":"radare2","logo":"/images/logos/radare2.png","name":"radare2","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"LGPL-3.0 (open source)","website":"https://www.radare.org/","url":"https://appsecsanta.com/radare2","summary":"Multi-architecture binary analysis framework","updated":"2026-03-19T00:00:00Z","github":"https://github.com/radareorg/radare2","github_stars":23300},{"slug":"insightappsec","logo":"/images/logos/insightappsec.webp","name":"Rapid7 InsightAppSec","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.rapid7.com/products/insightappsec/","url":"https://appsecsanta.com/insightappsec","summary":"Rapid7 Attack Replay DAST","updated":"2026-05-11T00:00:00Z"},{"slug":"rebuff","logo":"/images/logos/rebuff.webp","name":"Rebuff","category":"ai-security","also_in":[],"category_name":"AI Security","status":"deprecated","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/protectai/rebuff","url":"https://appsecsanta.com/rebuff","summary":"Open-Source Prompt Injection SDK","updated":"2026-02-02T00:00:00Z","github":"https://github.com/protectai/rebuff","github_stars":1400},{"slug":"stackrox","logo":"/images/logos/stackrox.png","name":"Red Hat Advanced Cluster Security (StackRox)","category":"container-security","also_in":[],"category_name":"Container Security","status":"active","license":"Free (Open-Source, Apache 2.0) + Commercial","website":"https://www.redhat.com/en/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes","url":"https://appsecsanta.com/stackrox","summary":"Kubernetes-native security across build, deploy, and runtime","updated":"2026-03-19T00:00:00Z","github":"https://github.com/stackrox/stackrox","github_stars":1300},{"slug":"renovate","logo":"/images/logos/renovate.webp","name":"Renovate","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Free (Open-Source, AGPL-3.0)","website":"https://www.mend.io/renovate/","url":"https://appsecsanta.com/renovate","summary":"Automated Dependency Updates","updated":"2026-02-04T00:00:00Z","github":"https://github.com/renovatebot/renovate","github_stars":20700},{"slug":"reshift","logo":"/images/logos/reshift.webp","name":"Reshift","category":"sast","also_in":[],"category_name":"SAST","status":"deprecated","license":"Commercial (Free for a single user)","website":"https://www.reshiftsecurity.com","url":"https://appsecsanta.com/reshift","summary":"Lightweight Node.js Focus","updated":"2026-02-07T00:00:00Z"},{"slug":"revenera-code-insight","logo":"/images/logos/revenera-code-insight.webp","name":"Revenera FlexNet Code Insight","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Commercial","website":"https://www.revenera.com/software-composition-analysis/products/flexnet-code-insight","url":"https://appsecsanta.com/revenera-code-insight","summary":"License Compliance \u0026 IP Protection Leader","updated":"2026-04-23T00:00:00Z"},{"slug":"salt-security","logo":"/images/logos/salt-security.webp","name":"Salt Security","category":"api-security","also_in":[],"category_name":"API Security","status":"active","license":"Commercial","website":"https://salt.security/","url":"https://appsecsanta.com/salt-security","summary":"AI/ML-Powered API Discovery \u0026 Protection","updated":"2026-05-19T00:00:00Z"},{"slug":"scanoss","logo":"/images/logos/scanoss.webp","name":"SCANOSS","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Freemium","website":"https://www.scanoss.com","url":"https://appsecsanta.com/scanoss","summary":"Lightweight Open-Source SCA","updated":"2026-05-19T00:00:00Z","github":"https://github.com/scanoss/scanoss.py","github_stars":38},{"slug":"seeker-iast","logo":"/images/logos/seeker-iast.svg","name":"Seeker IAST","category":"iast","also_in":[],"category_name":"IAST","status":"active","license":"Commercial","website":"https://www.blackduck.com","url":"https://appsecsanta.com/seeker-iast","summary":"Active Vulnerability Verification","updated":"2026-05-19T00:00:00Z"},{"slug":"seemplicity","logo":"/images/logos/seemplicity.webp","name":"Seemplicity","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://seemplicity.io","url":"https://appsecsanta.com/seemplicity","summary":"AI-Powered Remediation Operations","updated":"2026-05-19T00:00:00Z"},{"slug":"semgrep","logo":"/images/logos/semgrep.svg","name":"Semgrep","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"LGPL-2.1 (CE) / Commercial (Platform)","website":"https://semgrep.dev","url":"https://appsecsanta.com/semgrep","summary":"Free CE Engine + Commercial AppSec Platform","updated":"2026-04-21T00:00:00Z","github":"https://github.com/semgrep/semgrep","github_stars":14870},{"slug":"sentinel-dynamic","logo":"/images/logos/sentinel-dynamic.svg","name":"Sentinel Dynamic","category":"dast","also_in":[],"category_name":"DAST","status":"renamed","license":"Commercial","website":"https://www.blackduck.com/dast/continuous-dynamic.html","url":"https://appsecsanta.com/sentinel-dynamic","summary":"WhiteHat Security DAST (Now Black Duck Continuous Dynamic)","updated":"2026-02-04T00:00:00Z"},{"slug":"signal-sciences","logo":"/images/logos/signal-sciences.webp","name":"Signal Sciences","category":"rasp","also_in":[],"category_name":"RASP","status":"acquired","license":"Commercial","website":"https://www.fastly.com/products/web-application-api-protection","url":"https://appsecsanta.com/signal-sciences","summary":"Now Fastly Next-Gen WAF","updated":"2026-02-02T00:00:00Z"},{"slug":"skyrelis","logo":"/images/logos/skyrelis.webp","name":"Skyrelis","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://skyrelis.com/","url":"https://appsecsanta.com/skyrelis","summary":"Always-On Security for LLM Multi-Agent Workflows","updated":"2026-04-03T00:00:00Z"},{"slug":"snyk","logo":"/images/logos/snyk.webp","name":"Snyk","category":"sca","also_in":["sast","container-security","iac-security"],"category_name":"SCA","status":"active","license":"Freemium","website":"https://snyk.io/","url":"https://appsecsanta.com/snyk","summary":"All-in-One Developer Security","updated":"2026-05-09T00:00:00Z"},{"slug":"socket","logo":"/images/logos/socket.webp","name":"Socket","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Commercial (with Free tier for open source)","website":"https://socket.dev","url":"https://appsecsanta.com/socket","summary":"Detects Malware, Not Just CVEs","updated":"2026-05-19T00:00:00Z"},{"slug":"software-risk-manager","logo":"/images/logos/software-risk-manager.svg","name":"Software Risk Manager","category":"aspm","also_in":[],"category_name":"ASPM","status":"active","license":"Commercial","website":"https://www.blackduck.com/software-risk-manager.html","url":"https://appsecsanta.com/software-risk-manager","summary":"150+ Tool Integrations for ASPM","updated":"2026-05-19T00:00:00Z"},{"slug":"sonarlint","logo":"/images/logos/sonarlint.webp","name":"SonarLint","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free (LGPL-3.0) + Commercial Features with SonarQube/SonarCloud","website":"https://www.sonarsource.com/products/sonarqube/ide/","url":"https://appsecsanta.com/sonarlint","summary":"Real-time IDE analysis","updated":"2026-02-20T00:00:00Z","github":"https://github.com/SonarSource/sonarlint-intellij","github_stars":631},{"slug":"sonarqube","logo":"/images/logos/sonarqube.webp","name":"SonarQube","category":"sast","also_in":["sca"],"category_name":"SAST","status":"active","license":"Commercial (with Free Community Build)","website":"https://www.sonarqube.org/features/security/","url":"https://appsecsanta.com/sonarqube","summary":"35+ Languages, Code Quality + Security","updated":"2026-05-26T00:00:00Z","github":"https://github.com/SonarSource/sonarqube","github_stars":10300},{"slug":"nexus-lifecycle","logo":"/images/logos/nexus-lifecycle.svg","name":"Sonatype Lifecycle","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Commercial","website":"https://www.sonatype.com/products/sonatype-lifecycle","url":"https://appsecsanta.com/nexus-lifecycle","summary":"Repository firewall + SDLC integration","updated":"2026-05-19T00:00:00Z"},{"slug":"spectralops","logo":"/images/logos/spectralops.webp","name":"SpectralOps","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Commercial","website":"https://spectralops.io","url":"https://appsecsanta.com/spectralops","summary":"Developer-first code security","updated":"2026-06-11T00:00:00Z"},{"slug":"spotbugs","logo":"/images/logos/spotbugs.webp","name":"SpotBugs","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"Free/OSS (LGPL-2.1)","website":"https://spotbugs.github.io/","url":"https://appsecsanta.com/spotbugs","summary":"Java Bug Pattern Detection","updated":"2026-02-04T00:00:00Z","github":"https://github.com/spotbugs/spotbugs","github_stars":3800},{"slug":"stackhawk","logo":"/images/logos/stackhawk.webp","name":"StackHawk","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.stackhawk.com","url":"https://appsecsanta.com/stackhawk","summary":"Developer-First CI/CD DAST","updated":"2026-05-19T00:00:00Z"},{"slug":"syft","logo":"/images/logos/syft.webp","name":"Syft","category":"sca","also_in":[],"category_name":"SCA","status":"active","license":"Free (Open-Source, Apache-2.0)","website":"https://github.com/anchore/syft","url":"https://appsecsanta.com/syft","summary":"SBOM generation tool","updated":"2026-05-19T00:00:00Z","github":"https://github.com/anchore/syft","github_stars":8400},{"slug":"syhunt-dynamic","logo":"/images/logos/syhunt-dynamic.webp","name":"Syhunt Dynamic","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.syhunt.com/en/index.php?n=Products.SyhuntDynamic","url":"https://appsecsanta.com/syhunt-dynamic","summary":"Multi-Platform DAST with Deep Crawling","updated":"2026-05-19T00:00:00Z"},{"slug":"sysdig-secure","logo":"/images/logos/sysdig-secure.webp","name":"Sysdig Secure","category":"iac-security","also_in":["container-security"],"category_name":"IaC Security","status":"active","license":"Commercial","website":"https://sysdig.com/","url":"https://appsecsanta.com/sysdig-secure","summary":"Runtime-first cloud security","updated":"2026-05-11T00:00:00Z"},{"slug":"talisman","logo":"/images/logos/talisman.webp","name":"Talisman","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Free (Open-Source, MIT)","website":"https://github.com/thoughtworks/talisman","url":"https://appsecsanta.com/talisman","summary":"Pre-commit and pre-push hook","updated":"2026-06-11T00:00:00Z","github":"https://github.com/thoughtworks/talisman","github_stars":2100},{"slug":"talsec","logo":"/images/logos/talsec.webp","name":"Talsec","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Freemium","website":"https://www.talsec.app/","url":"https://appsecsanta.com/talsec","summary":"RASP+ Protection with 2B+ Devices Protected","updated":"2026-02-04T00:00:00Z","github":"https://github.com/talsec/Free-RASP-Community","github_stars":446},{"slug":"tenable-io","logo":"/images/logos/tenable-io.webp","name":"Tenable Web App Scanning","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Commercial","website":"https://www.tenable.com/products/web-app-scanning","url":"https://appsecsanta.com/tenable-io","summary":"Nessus-Powered Cloud DAST with Attack Surface Management","updated":"2026-05-19T00:00:00Z"},{"slug":"terrascan","logo":"/images/logos/terrascan.webp","name":"Terrascan","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"deprecated","license":"Free (Open-Source, Apache 2.0)","website":"https://github.com/tenable/terrascan","url":"https://appsecsanta.com/terrascan","summary":"500+ Policies, OPA Engine","updated":"2026-02-04T00:00:00Z","github":"https://github.com/tenable/terrascan","github_stars":5200},{"slug":"tfsec","logo":"/images/logos/tfsec.webp","name":"tfsec","category":"iac-security","also_in":[],"category_name":"IaC Security","status":"deprecated","license":"Free (Open-Source, MIT)","website":"https://aquasecurity.github.io/tfsec/","url":"https://appsecsanta.com/tfsec","summary":"Merged into Trivy","updated":"2026-02-12T00:00:00Z","github":"https://github.com/aquasecurity/tfsec","github_stars":5700},{"slug":"threadfix","logo":"/images/logos/threadfix.webp","name":"ThreadFix","category":"aspm","also_in":[],"category_name":"ASPM","status":"deprecated","license":"Commercial","website":"https://coalfire.com/threadfix","url":"https://appsecsanta.com/threadfix","summary":"Kubernetes-Based Vulnerability Management","updated":"2026-04-30T00:00:00Z"},{"slug":"traceable-ai","logo":"/images/logos/traceable-ai.webp","name":"Traceable AI","category":"api-security","also_in":[],"category_name":"API Security","status":"acquired","license":"Commercial","website":"https://www.harness.io/products/security-testing-orchestration","url":"https://appsecsanta.com/traceable-ai","summary":"Now Harness - API Security with Distributed Tracing","updated":"2026-02-02T00:00:00Z"},{"slug":"trivy","logo":"/images/logos/trivy.webp","name":"Trivy","category":"iac-security","also_in":["sca","container-security"],"category_name":"IaC Security","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://trivy.dev/","url":"https://appsecsanta.com/trivy","summary":"Simple \u0026 Comprehensive Scanner","updated":"2026-02-02T00:00:00Z","github":"https://github.com/aquasecurity/trivy","github_stars":34637},{"slug":"trufflehog","logo":"/images/logos/trufflehog.webp","name":"TruffleHog","category":"secret-scanning","also_in":[],"category_name":"Secrets","status":"active","license":"Free (Open-Source, AGPL-3.0) + Commercial Plans","website":"https://trufflesecurity.com/trufflehog","url":"https://appsecsanta.com/trufflehog","summary":"Verify live secrets","updated":"2026-04-18T00:00:00Z","github":"https://github.com/trufflesecurity/trufflehog","github_stars":25700},{"slug":"vectara","logo":"/images/logos/vectara.webp","name":"Vectara","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://www.vectara.com/","url":"https://appsecsanta.com/vectara","summary":"Governed Enterprise Agent Platform","updated":"2026-04-03T00:00:00Z"},{"slug":"veracode","logo":"/images/logos/veracode.webp","name":"Veracode","category":"sast","also_in":["sca","dast"],"category_name":"SAST","status":"active","license":"Commercial","website":"https://www.veracode.com/","url":"https://appsecsanta.com/veracode","summary":"Binary Analysis AppSec Platform","updated":"2026-05-11T00:00:00Z"},{"slug":"w3af","logo":"/images/logos/w3af.webp","name":"w3af","category":"dast","also_in":[],"category_name":"DAST","status":"deprecated","license":"Free (Open-Source, GPLv2)","website":"https://github.com/andresriancho/w3af","url":"https://appsecsanta.com/w3af","summary":"Limited Maintenance Web Scanner","updated":"2026-02-15T00:00:00Z","github":"https://github.com/andresriancho/w3af","github_stars":4400},{"slug":"wallarm","logo":"/images/logos/wallarm.webp","name":"Wallarm","category":"api-security","also_in":[],"category_name":"API Security","status":"active","license":"Commercial","website":"https://www.wallarm.com/","url":"https://appsecsanta.com/wallarm","summary":"Integrated WAF + API Protection","updated":"2026-05-19T00:00:00Z"},{"slug":"wapiti","logo":"/images/logos/wapiti.webp","name":"Wapiti","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Free (Open-Source)","website":"https://wapiti-scanner.github.io/","url":"https://appsecsanta.com/wapiti","summary":"Python-Based Black-Box Web Scanner","updated":"2026-05-19T00:00:00Z","github":"https://github.com/wapiti-scanner/wapiti","github_stars":1600},{"slug":"waratek","logo":"/images/logos/waratek.webp","name":"Waratek","category":"rasp","also_in":[],"category_name":"RASP","status":"active","license":"Commercial","website":"https://www.waratek.com","url":"https://appsecsanta.com/waratek","summary":"Java Runtime Protection \u0026 Virtual Patching","updated":"2026-05-19T00:00:00Z"},{"slug":"whylabs","logo":"/images/logos/whylabs.webp","name":"WhyLabs","category":"ai-security","also_in":[],"category_name":"AI Security","status":"acquired","license":"Free (Open-Source) and Commercial","website":"https://whylabs.ai/","url":"https://appsecsanta.com/whylabs","summary":"Privacy-preserving AI observability with open-source whylogs and LangKit","updated":"2026-04-03T00:00:00Z","github":"https://github.com/whylabs/whylogs","github_stars":2700},{"slug":"witnessai","logo":"/images/logos/witnessai.webp","name":"WitnessAI","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://witness.ai/","url":"https://appsecsanta.com/witnessai","summary":"Intent-Based AI Security \u0026 Governance","updated":"2026-04-03T00:00:00Z"},{"slug":"wiz","logo":"/images/logos/wiz.svg","name":"Wiz","category":"iac-security","also_in":["container-security","aspm"],"category_name":"IaC Security","status":"active","license":"Commercial","website":"https://www.wiz.io","url":"https://appsecsanta.com/wiz","summary":"Leader in agentless CNAPP","updated":"2026-05-11T00:00:00Z"},{"slug":"xage-security","logo":"/images/logos/xage-security.png","name":"Xage Security","category":"ai-security","also_in":[],"category_name":"AI Security","status":"active","license":"Commercial","website":"https://xage.com/","url":"https://appsecsanta.com/xage-security","summary":"Identity-Based Zero Trust for AI at Protocol Layer","updated":"2026-04-03T00:00:00Z"},{"slug":"zap","logo":"/images/logos/zap.webp","name":"ZAP","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Free (Open-Source, Apache 2.0)","website":"https://www.zaproxy.org/","url":"https://appsecsanta.com/zap","summary":"Free Open-Source DAST Scanner","updated":"2026-05-30T00:00:00Z","github":"https://github.com/zaproxy/zaproxy","github_stars":14700},{"slug":"zeropath","logo":"/images/logos/zeropath.webp","name":"ZeroPath","category":"sast","also_in":[],"category_name":"SAST","status":"active","license":"","website":"https://zeropath.com","url":"https://appsecsanta.com/zeropath","summary":"AI-Native SAST, Business Logic, Autofix","updated":"2026-06-08T00:00:00Z"},{"slug":"zerothreat","logo":"/images/logos/zerothreat.webp","name":"ZeroThreat","category":"dast","also_in":[],"category_name":"DAST","status":"active","license":"Freemium","website":"https://zerothreat.ai","url":"https://appsecsanta.com/zerothreat","summary":"AI-powered DAST with automated pentesting","updated":"2026-05-19T00:00:00Z"},{"slug":"zimperium-zscan","logo":"/images/logos/zimperium-zscan.svg","name":"Zimperium zScan","category":"mobile","also_in":[],"category_name":"Mobile Security","status":"active","license":"Commercial","website":"https://zimperium.com/maps/zscan","url":"https://appsecsanta.com/zimperium-zscan","summary":"Anti-Reversing \u0026 Tampering Validation","updated":"2026-05-19T00:00:00Z"}]}