# Best Application Security Posture Management (ASPM) Software for Medium-Sized Businesses *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Products classified in the overall Application Security Posture Management (ASPM) category are similar in many regards and help companies of all sizes solve their business problems. However, medium-sized business features, pricing, setup, and installation differ from businesses of other sizes, which is why we match buyers to the right Medium-Sized Business Application Security Posture Management (ASPM) to fit their needs. Compare product ratings based on reviews from enterprise users or connect with one of G2's buying advisors to find the right solutions within the Medium-Sized Business Application Security Posture Management (ASPM) category. In addition to qualifying for inclusion in the Application Security Posture Management (ASPM) Software category, to qualify for inclusion in the Medium-Sized Business Application Security Posture Management (ASPM) Software category, a product must have at least 10 reviews left by a reviewer from a medium-sized business. ## How Many Application Security Posture Management (ASPM) Software Products Does G2 Track? **Total Products under this Category:** 37 ### Category Stats (Jun 2026) - **Average Rating**: 4.56/5 (↑0.01 vs May 2026) The average rating of products in this category, based on all submitted ratings - **Top Trending Product**: Strobes Security (+0.29%) - Among all products in this category, Strobes Security recorded the largest rating increase compared to last month *Last updated: June 24, 2026* ## How Does G2 Rank Application Security Posture Management (ASPM) Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 900+ Authentic Reviews - 37+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. --- **Sponsored** ### Proscan Proscan is a unified application security platform designed to help organizations streamline the management of their security tools. By integrating multiple standalone solutions into a single cohesive experience, Proscan provides comprehensive security visibility across the entire software stack. This platform replaces the complexity of managing various tools for static analysis, dynamic testing, and dependency scanning, allowing teams to focus on building secure applications without the hassle of juggling disparate systems. The platform is particularly beneficial for security teams, developers, and engineering leaders who require a consolidated view of application security risks. Proscan combines nine specialized security scanners, including Static Application Security Testing (SAST), which analyzes source code in over 30 programming languages using advanced detection methods. Dynamic Application Security Testing (DAST) further enhances security by testing live applications, identifying vulnerabilities that may only become apparent during runtime. Additionally, Software Composition Analysis (SCA) evaluates open-source dependencies across 196 package ecosystems, helping organizations detect known vulnerabilities before they can impact production environments. Proscan's capabilities extend beyond code analysis. It includes scanning for hardcoded secrets, misconfigurations in Infrastructure-as-Code, and vulnerabilities in container images. The platform also offers API security testing that validates endpoints against the OWASP API Security Top 10, ensuring robust protection for applications that leverage APIs. For organizations developing AI-powered applications, Proscan features a dedicated AI and LLM security scanner that identifies potential risks associated with prompt injections and other vulnerabilities, utilizing over 4,600 techniques mapped to the OWASP LLM Top 10. Artificial intelligence plays a crucial role in enhancing Proscan's efficiency and accuracy. The platform employs machine-learning algorithms to reduce false positives and prioritize vulnerabilities based on their potential impact. This intelligent approach allows teams to focus on the most critical security issues while providing clear explanations and actionable remediation guidance. Proscan integrates seamlessly into existing development workflows, offering IDE plugins and native CI/CD integrations that ensure security checks are part of the development process without causing disruptions. Compliance readiness is another key feature of Proscan, as it generates audit-ready reports aligned with major security standards, including OWASP Top 10, PCI DSS, HIPAA, and GDPR. This automated evidence collection simplifies the compliance process, providing organizations with the necessary documentation in various formats. Proscan is designed for security teams looking to consolidate fragmented toolchains, developers needing quick feedback, and managed security service providers managing multiple client environments, making it a versatile solution for modern application security challenges. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=1008070&secure%5Bdisplayable_resource_id%5D=1008070&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=1008070&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1777455&secure%5Bresource_id%5D=1008070&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fapplication-security-posture-management-aspm%2Fmid-market&secure%5Btoken%5D=7a8f32bf78c1c6748f2e23dc2618d90484697f400225f5f67e092c3093bae67c&secure%5Burl%5D=https%3A%2F%2Fwww.proscan.one%2Fdownload&secure%5Burl_type%5D=free_trial) --- ## What Are the Top-Rated Application Security Posture Management (ASPM) Software Products in 2026? ### 1. [CrowdStrike Falcon Cloud Security](https://www.g2.com/products/crowdstrike-falcon-cloud-security/reviews) Crowdstrike Falcon Cloud Security is the only CNAPP to stop breaches in the cloud Built for today’s hybrid and multi-cloud environments, Falcon Cloud Security protects the entire cloud attack surface - from code to runtime - by combining continuous agentless visibility with real-time detection and response. At runtime, Falcon Cloud Security delivers best-in-class cloud workload protection and real-time cloud detection and response (CDR) to stop active threats across hybrid environments. Integrated with the CrowdStrike Falcon platform, it correlates signals across endpoint, identity, and cloud to detect sophisticated cross-domain attacks that point solutions miss—enabling teams to respond faster and stop breaches in progress. To reduce risk before attacks occur, Falcon Cloud Security also delivers agentless-driven posture management that proactively shrinks the cloud attack surface. Unlike typical solutions, Crowdstrike enriches cloud risk detections with adversary intelligence and graph-based context, enabling security teams to prioritize exploitable exposures and prevent breaches before they happen. Customers using Falcon Cloud Security consistently see measurable results: 89% faster cloud detection and response 100x reduction in false positives by prioritizing exploitable, business-critical risk 83% reduction in cloud security licenses due to elimination of redundant tools **Average Rating:** 4.6/5.0 **Total Reviews:** 92 **Who Is the Company Behind CrowdStrike Falcon Cloud Security?** - **Seller:** [CrowdStrike](https://www.g2.com/sellers/crowdstrike) - **Company Website:** https://www.crowdstrike.com - **Year Founded:** 2011 - **HQ Location:** Sunnyvale, CA - **Twitter:** @CrowdStrike (110,809 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2497653/ (11,343 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 46% Enterprise, 40% Mid-Market #### What Are CrowdStrike Falcon Cloud Security's Pros and Cons? **Pros:** - Security (49 reviews) - Cloud Security (37 reviews) - Detection Efficiency (34 reviews) - Vulnerability Detection (31 reviews) - Ease of Use (29 reviews) **Cons:** - Expensive (17 reviews) - Improvements Needed (14 reviews) - Improvement Needed (13 reviews) - Feature Complexity (8 reviews) - Learning Curve (8 reviews) ### What Do G2 Reviewers Say About CrowdStrike Falcon Cloud Security? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **complete protection** CrowdStrike Falcon Cloud Security offers, ensuring efficiency and insightful incident investigation. - Users appreciate the **robust security features** of CrowdStrike Falcon Cloud Security, enhancing compliance and threat detection capabilities. - Users commend the **detection efficiency** of CrowdStrike Falcon Cloud Security, ensuring robust protection with minimal false positives. - Users value the **complete protection from code to cloud** offered by CrowdStrike Falcon Cloud Security, ensuring high efficiency. - Users appreciate the **user-friendly interface** of CrowdStrike Falcon Cloud Security, making incident investigation and integration effortless. **Cons:** - Users note that the **expensive pricing** of CrowdStrike Falcon Cloud Security may deter smaller organizations from affording it. - Users seek **improvements in uptime and enrollment experience** for CrowdStrike Falcon Cloud Security to enhance usability. - Users note that **improvement is needed** in the cloud workload dashboard uptime and UI for better user experience. - Users find the **feature complexity** of CrowdStrike Falcon Cloud Security to be overwhelming and challenging to navigate. - Users find the **learning curve steep** , complicating the use of CrowdStrike Falcon Cloud Security for newcomers. #### What Are Recent G2 Reviews of CrowdStrike Falcon Cloud Security? **"[Smashing your head into a server rack? Admin, Meet Crowdstrike Falcon Cloud Security!](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12609797)"** **Rating:** 5.0/5.0 stars *— Verified User in Consumer Goods* [Read full review](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12609797) --- **"[Quiet, Unobtrusive Endpoint Security That Just Works](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12973136)"** **Rating:** 4.0/5.0 stars *— Verified User in Computer Software* [Read full review](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12973136) --- ### 2. [OX Security](https://www.g2.com/products/ox-security/reviews) OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform. Unlike traditional “Shift Left” approaches that collapsed under AI’s speed, VibeSec makes software secure by default by preventing risks before they exist. Powered by the OX AI Data Lake and dynamic code-to-runtime context, OX Security delivers: Autonomous, embedded security that runs as fast as developers. Dynamic risk context that shrinks security backlogs before they spiral. Continuous alignment across code, cloud, APIs, and runtime. With OX, developers focus on building while security runs itself, giving enterprises complete confidence that every release ships secure. OX Security -Vendor desc (request to update): OX Security is the company behind VibeSec, an AI-native autonomous security platform built for the AI development era. Unlike traditional tools that chase vulnerabilities after code is written, VibeSec embeds dynamic security context directly into AI coding environments like Cursor and Copilot. The result: every line of code is secure by default. For the first time, security moves at the speed of AI-driven development, preventing vulnerabilities before they exist, shrinking backlogs with every commit, and making security a seamless part of the development flow. **Average Rating:** 4.8/5.0 **Total Reviews:** 51 **Who Is the Company Behind OX Security?** - **Seller:** [OX Security](https://www.g2.com/sellers/ox-security) - **Year Founded:** 2021 - **HQ Location:** New York, USA - **LinkedIn® Page:** https://www.linkedin.com/company/ox-security/ (199 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 63% Mid-Market, 25% Enterprise #### What Are OX Security's Pros and Cons? **Pros:** - Features (27 reviews) - Ease of Use (23 reviews) - Customer Support (22 reviews) - Integration Support (22 reviews) - Security (22 reviews) **Cons:** - Integration Issues (8 reviews) - Missing Features (8 reviews) - Complexity (5 reviews) - Inadequate Reporting (5 reviews) - Limited Cloud Integration (5 reviews) ### What Do G2 Reviewers Say About OX Security? *AI-generated summary from verified user reviews* **Pros:** - Users value the **comprehensive security testing features** of OX Security, enhancing organization-wide security management and integration. - Users find OX Security to be **user-friendly** , featuring a streamlined dashboard and seamless integration capabilities. - Users appreciate the **responsive customer support** from OX Security, enhancing overall experience and satisfaction. - Users value the **seamless and fast integration** with tools, enhancing their overall experience with OX Security. - Users value the **comprehensive security capabilities** of OX Security, appreciating its user-friendly interface and robust support. **Cons:** - Users face **integration issues** with OX Security, particularly regarding documentation and compatibility with various tools. - Users note **missing features** in OX Security, particularly in language support and SIEM integration options. - Users find the **complexity** of OX Security overwhelming, facing a steep learning curve and insufficient documentation. - Users find OX Security's **inadequate reporting** limits their ability to effectively demonstrate progress and value to management. - Users note the **limited cloud integration** with SIEM systems and specific development tools, affecting overall functionality. #### What Are Recent G2 Reviews of OX Security? **"[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)"** **Rating:** 4.5/5.0 stars *— Verified User in Gambling & Casinos* [Read full review](https://www.g2.com/survey_responses/ox-security-review-10961361) --- **"[A Transformative Game-Changer in Application Security Posture Management](https://www.g2.com/survey_responses/ox-security-review-10618682)"** **Rating:** 5.0/5.0 stars *— Dudi E.* [Read full review](https://www.g2.com/survey_responses/ox-security-review-10618682) --- ### 3. [Aikido Security](https://www.g2.com/products/aikido-security/reviews) Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. **Average Rating:** 4.6/5.0 **Total Reviews:** 142 **Who Is the Company Behind Aikido Security?** - **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security) - **Company Website:** https://aikido.dev - **Year Founded:** 2022 - **HQ Location:** Ghent, Belgium - **Twitter:** @AikidoSecurity (11,770 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CTO, Founder - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 70% Small-Business, 18% Mid-Market #### What Are Aikido Security's Pros and Cons? **Pros:** - Ease of Use (78 reviews) - Security (55 reviews) - Features (52 reviews) - Easy Integrations (47 reviews) - Easy Setup (47 reviews) **Cons:** - Missing Features (19 reviews) - Expensive (17 reviews) - Limited Features (16 reviews) - Pricing Issues (15 reviews) - Lacking Features (14 reviews) ### What Do G2 Reviewers Say About Aikido Security? *AI-generated summary from verified user reviews* **Pros:** - Users find Aikido Security's **ease of use** impressive, benefiting from seamless integration and clear actionable insights. - Users appreciate the **comprehensive security capabilities** of Aikido Security, seamlessly integrating multiple security features into workflows. - Users appreciate the **intuitive dashboard and comprehensive security features** of Aikido Security, enhancing codebase vulnerability management. - Users value the **easy integrations** with GitHub and other platforms, enhancing team collaboration and management. - Users find the **easy setup** of Aikido Security impressive, enabling quick implementation and efficient updates. **Cons:** - Users are disappointed by the **missing features** of Aikido Security, particularly in advanced reporting and analysis tools. - Users find the **pricing structure expensive** for small businesses, making upgrades hard to justify. - Users note the **limited features** in the free plan and desire more advanced options for customization and reporting. - Users find the **pricing structure problematic** , as it's not suitable for micro businesses and startups. - Users feel Aikido Security is **lacking features** , particularly in areas like advanced reporting and in-depth analysis. #### What Are Recent G2 Reviews of Aikido Security? **"[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)"** **Rating:** 4.0/5.0 stars *— Dylan E.* [Read full review](https://www.g2.com/survey_responses/aikido-security-review-12747129) --- **"[AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos](https://www.g2.com/survey_responses/aikido-security-review-13024655)"** **Rating:** 5.0/5.0 stars *— Jonathon K.* [Read full review](https://www.g2.com/survey_responses/aikido-security-review-13024655) --- ### 4. [Jit](https://www.g2.com/products/jit/reviews) Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit's AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit's platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​ **Average Rating:** 4.5/5.0 **Total Reviews:** 43 **Who Is the Company Behind Jit?** - **Seller:** [jit](https://www.g2.com/sellers/jit) - **Year Founded:** 2021 - **HQ Location:** Boston, MA - **Twitter:** @jit_io (522 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 44% Mid-Market, 42% Small-Business #### What Are Jit's Pros and Cons? **Pros:** - Security (10 reviews) - Easy Integrations (8 reviews) - Ease of Use (7 reviews) - Efficiency (7 reviews) - Integration Support (7 reviews) **Cons:** - Integration Issues (4 reviews) - Limited Features (4 reviews) - Limited Integration (4 reviews) - Poor Documentation (4 reviews) - Complexity (3 reviews) ### What Do G2 Reviewers Say About Jit? *AI-generated summary from verified user reviews* **Pros:** - Users value the **robust security features** of Jit, seamlessly integrating security and development for improved collaboration. - Users value the **easy integrations** of Jit, seamlessly incorporating security into their development practices and workflows. - Users appreciate the **ease of use** of Jit, finding it lightweight and simple to integrate into workflows. - Users value the **efficient integration** of security in development workflows, significantly saving time and reducing complexity. - Users appreciate the **easy integration support** of Jit, seamlessly embedding security into their development workflows. **Cons:** - Users encounter **integration issues** with Jit, particularly with third-party tools and CI setups requiring additional manual configuration. - Users find the **limited features** of Jit lacking for complex needs, desiring more customization and better analytics. - Users encounter **limited integration** with third-party tools, affecting advanced configurations and overall functionality. - Users feel the **documentation is lacking** , especially for advanced configurations, complicating the overall user experience. - Users find that the **complexity in configuration** and onboarding can hinder their overall experience with Jit. #### What Are Recent G2 Reviews of Jit? **"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"** **Rating:** 4.0/5.0 stars *— Mohamed A.* [Read full review](https://www.g2.com/survey_responses/jit-review-11751139) --- **"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"** **Rating:** 4.0/5.0 stars *— Ali A.* [Read full review](https://www.g2.com/survey_responses/jit-review-11750234) --- ### 5. [Carbon Black App Control](https://www.g2.com/products/carbon-black-app-control/reviews) With the rise of security threats and malware, organizations need technologies to combat these risks. Unplanned downtime and performance degradation from security breaches impact productivity and reputation. As IT and security shift to the cloud, it's crucial to stay vigilant about security gaps. Many companies still rely on air-gapped servers or outdated operating systems (EOL OS) for critical systems and data storage. Carbon Black App Control offers proactive security for data centers, AWS, Azure, GCP, or hosted private clouds. App Control ensures trusted software runs, monitors file integrity, controls devices, protects memory and registry keys on Windows. **Average Rating:** 4.6/5.0 **Total Reviews:** 44 **Who Is the Company Behind Carbon Black App Control?** - **Seller:** [Broadcom](https://www.g2.com/sellers/broadcom-ab3091cd-4724-46a8-ac89-219d6bc8e166) - **Year Founded:** 1991 - **HQ Location:** San Jose, CA - **Twitter:** @broadcom (63,909 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/broadcom/ (55,094 employees on LinkedIn®) - **Ownership:** NASDAQ: CA **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 64% Enterprise, 33% Mid-Market #### What Are Carbon Black App Control's Pros and Cons? **Pros:** - Customer Support (1 reviews) - Ease of Use (1 reviews) - Easy Implementation (1 reviews) - Easy Integrations (1 reviews) - Features (1 reviews) **Cons:** - Expensive (1 reviews) - False Positives (1 reviews) - High CPU Usage (1 reviews) - Memory Issues (1 reviews) - Slow Performance (1 reviews) ### What Do G2 Reviewers Say About Carbon Black App Control? *AI-generated summary from verified user reviews* **Pros:** - Users commend the **awesome customer support** of Carbon Black App Control, enhancing security and compliance effectively. - Users find the **ease of use** of Carbon Black App Control enhances security and simplifies implementation seamlessly. - Users value the **easy implementation** of Carbon Black App Control, which boosts security and confidence in system protection. - Users value the **easy integrations** of Carbon Black App Control, enhancing security while streamlining the implementation process. - Users appreciate the **ease of use and robust security** of Carbon Black App Control, enhancing confidence and compliance. **Cons:** - Users feel the pricing is **on the higher side** , especially smaller organizations with limited budgets. - Users occasionally face **false positives** with Carbon Black App Control, but manual whitelisting helps alleviate this issue. - Users often experience **high CPU usage** with Carbon Black App Control, leading to performance concerns and false alerts. - Users note **high memory utilization** with Carbon Black, leading to performance concerns and false alerts. - Users experience **slow performance** due to high CPU and memory usage, leading to frustration with false alerts. #### What Are Recent G2 Reviews of Carbon Black App Control? **"[Powerful Application Control enabling Enhanced Security](https://www.g2.com/survey_responses/carbon-black-app-control-review-10387482)"** **Rating:** 4.5/5.0 stars *— Prajwal V.* [Read full review](https://www.g2.com/survey_responses/carbon-black-app-control-review-10387482) --- **"[Carbon Black Review](https://www.g2.com/survey_responses/carbon-black-app-control-review-9186031)"** **Rating:** 4.0/5.0 stars *— Abhiuday M.* [Read full review](https://www.g2.com/survey_responses/carbon-black-app-control-review-9186031) --- #### What Are G2 Users Discussing About Carbon Black App Control? - [Does Carbon Black do file integrity monitoring?](https://www.g2.com/discussions/does-carbon-black-do-file-integrity-monitoring) - [How does Carbon Black EDR work?](https://www.g2.com/discussions/how-does-carbon-black-edr-work) - [What are the benefits of VMware carbon black to organizations?](https://www.g2.com/discussions/what-are-the-benefits-of-vmware-carbon-black-to-organizations) - [What does Carbon Black App Control do?](https://www.g2.com/discussions/what-does-carbon-black-app-control-do) ### 6. [ActiveState](https://www.g2.com/products/activestate/reviews) ActiveState provides the world's largest library of secure open source: 79 million (Java, Javascript, Python, R, Go, etc.) vetted components across all major language ecosystems, including transitive dependencies and OS-level libraries—built from source to ensure every component is verified, vulnerability-free, and continuously updated. Software teams improve security posture while accelerating development velocity. We deliver five critical outcomes. Counter Supply Chain Risks at Their Source Significantly reduce the possibility of inheriting malicious code from pre-built binaries. Replace risky, unvetted public components with secure, verifiable packages built directly from source. Gain provenance over your artifacts, ensuring bad actors and malware never reach your environment. - Protection from compromised package ecosystems and build systems - Mitigate high-profile malware attacks such as the npm Shai-Hulud attack and other future threats Continuous Remediation for Your Open Source Inventory Shift from reactive patching to proactive immunity. Maintain a hardened security posture with safe-by-default open source and continuous remediation across your inventory. ActiveState artifacts reduce your attack surface and evolve to help close vulnerabilities before they become incidents. - Up to 99% reduction in CVEs compared to community open source artifacts - Achieve up to 90% reduction in MTTR for future vulnerabilities Apply Frictionless Security Policies Embed governance directly into developer workflows without impeding engineering or adding costly CI/CD bloat. ActiveState solutions slot seamlessly into existing tools and AI coding assistants, transforming security policy from a blocker into an enabler that reduces open source approval workflows from weeks and days to just hours and minutes. - Reduce open source approval workflows from weeks and days to hours and minutes Audit Ready Compliance, Always Achieve continuous compliance with instant, granular visibility into components, licenses, and dependencies across your organization. ActiveState delivers comprehensive SBOMs and metadata by default, ensuring you can meet complex standards and minimizing the scramble of audit preparation. - Full visibility into your open source usage, including transitive and OS level dependencies Reclaim Developer Velocity and Focus Minimize high-value engineering hours on dependency conflicts, environment setup, research and remediation. ActiveState components and artifacts are fully managed to ensure they are always up to date and safe to use so your team can focus entirely on shipping revenue-generating features. - Free up 4-8 developer hours per CVE - 68% reduction in scanner noise from false positives **Average Rating:** 4.1/5.0 **Total Reviews:** 32 **Who Is the Company Behind ActiveState?** - **Seller:** [ActiveState](https://www.g2.com/sellers/activestate-fd82e7c7-dea3-4ff5-9e96-cc5cd7d39a87) - **Company Website:** https://www.activestate.com/ - **Year Founded:** 1997 - **HQ Location:** Vancouver, BC - **Twitter:** @ActiveState (4,014 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5052/ (73 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Computer & Network Security - **Company Size:** 51% Small-Business, 29% Mid-Market #### What Are Recent G2 Reviews of ActiveState? **"[Very easy to use and very helpful](https://www.g2.com/survey_responses/activestate-review-6964391)"** **Rating:** 5.0/5.0 stars *— Saurav S.* [Read full review](https://www.g2.com/survey_responses/activestate-review-6964391) --- **"[Super easy to use platform, makes building code way less of a hassle](https://www.g2.com/survey_responses/activestate-review-6961997)"** **Rating:** 5.0/5.0 stars *— Alexander H.* [Read full review](https://www.g2.com/survey_responses/activestate-review-6961997) --- #### What Are G2 Users Discussing About ActiveState? - [What is ActivePerl used for?](https://www.g2.com/discussions/what-is-activeperl-used-for) - [What is the difference between Python and ActivePython?](https://www.g2.com/discussions/what-is-the-difference-between-python-and-activepython) - 1 comment - [What is ActiveState platform?](https://www.g2.com/discussions/what-is-activestate-platform) ## What Is Application Security Posture Management (ASPM) Software? [Cloud Security Software](https://www.g2.com/categories/cloud-security) ## What Software Categories Are Similar to Application Security Posture Management (ASPM) Software? - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner) - [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) - [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)