# Best Application Security Posture Management (ASPM) Software *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Application security posture management (ASPM) is a comprehensive cybersecurity solution that focuses on safeguarding software applications from potential threats. The process involves continuously assessing, monitoring, and enhancing an organization's application security posture. ASPM encompasses various technologies to identify and mitigate security risks in software applications. It helps companies with visibility, risk identification, and remediation recommendations. This software aids security teams, DevOps, and IT administration to manage compliance, prioritize risks, and handle vulnerabilities. Application security posture management (ASPM) solutions offer unique capabilities that distinguish them from other cybersecurity tools like [security information and event management (SIEM) systems](https://www.g2.com/categories/security-information-and-event-management-siem) and vulnerability scanners. Unlike these tools, which identify, assess, and mitigate security risks, ASPM is specifically tailored to the security of software applications. It provides a holistic picture of application security health and integrates with the development lifecycle for proactive security measures. To qualify for inclusion in the ASPM category, a product must: - Help prioritize and address the most critical security issues and recommend how to remediate vulnerabilities and weaknesses - Scan and analyze software applications to identify vulnerabilities, misconfigurations, and weaknesses in the code, libraries, and configurations - Actively monitor applications for signs of malicious activity and potential security breaches, using techniques such as behavioral analysis and anomaly detection - Help organizations ensure that their applications adhere to industry standards and compliance requirements by assessing and reporting on security posture against these benchmarks ## How Many Application Security Posture Management (ASPM) Software Products Does G2 Track? **Total Products under this Category:** 37 ### Category Stats (Jun 2026) - **Average Rating**: 4.56/5 (↑0.01 vs May 2026) The average rating of products in this category, based on all submitted ratings - **Top Trending Product**: Strobes Security (+0.29%) - Among all products in this category, Strobes Security recorded the largest rating increase compared to last month *Last updated: June 24, 2026* ## How Does G2 Rank Application Security Posture Management (ASPM) Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 900+ Authentic Reviews - 37+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Which Application Security Posture Management (ASPM) Software Is Best for Your Use Case? - **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Easiest to Use:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Best Free Software:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) --- **Sponsored** ### Proscan Proscan is a unified application security platform designed to help organizations streamline the management of their security tools. By integrating multiple standalone solutions into a single cohesive experience, Proscan provides comprehensive security visibility across the entire software stack. This platform replaces the complexity of managing various tools for static analysis, dynamic testing, and dependency scanning, allowing teams to focus on building secure applications without the hassle of juggling disparate systems. The platform is particularly beneficial for security teams, developers, and engineering leaders who require a consolidated view of application security risks. Proscan combines nine specialized security scanners, including Static Application Security Testing (SAST), which analyzes source code in over 30 programming languages using advanced detection methods. Dynamic Application Security Testing (DAST) further enhances security by testing live applications, identifying vulnerabilities that may only become apparent during runtime. Additionally, Software Composition Analysis (SCA) evaluates open-source dependencies across 196 package ecosystems, helping organizations detect known vulnerabilities before they can impact production environments. Proscan's capabilities extend beyond code analysis. It includes scanning for hardcoded secrets, misconfigurations in Infrastructure-as-Code, and vulnerabilities in container images. The platform also offers API security testing that validates endpoints against the OWASP API Security Top 10, ensuring robust protection for applications that leverage APIs. For organizations developing AI-powered applications, Proscan features a dedicated AI and LLM security scanner that identifies potential risks associated with prompt injections and other vulnerabilities, utilizing over 4,600 techniques mapped to the OWASP LLM Top 10. Artificial intelligence plays a crucial role in enhancing Proscan's efficiency and accuracy. The platform employs machine-learning algorithms to reduce false positives and prioritize vulnerabilities based on their potential impact. This intelligent approach allows teams to focus on the most critical security issues while providing clear explanations and actionable remediation guidance. Proscan integrates seamlessly into existing development workflows, offering IDE plugins and native CI/CD integrations that ensure security checks are part of the development process without causing disruptions. Compliance readiness is another key feature of Proscan, as it generates audit-ready reports aligned with major security standards, including OWASP Top 10, PCI DSS, HIPAA, and GDPR. This automated evidence collection simplifies the compliance process, providing organizations with the necessary documentation in various formats. Proscan is designed for security teams looking to consolidate fragmented toolchains, developers needing quick feedback, and managed security service providers managing multiple client environments, making it a versatile solution for modern application security challenges. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=1008070&secure%5Bdisplayable_resource_id%5D=1008070&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=1008070&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1777455&secure%5Bresource_id%5D=1008070&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fapplication-security-posture-management-aspm%3Fpage%3D3&secure%5Btoken%5D=3c8d67b973c310a8cf2009813e086ca4e2a5523dbcde1d4b42c809f4e3fc3bb1&secure%5Burl%5D=https%3A%2F%2Fwww.proscan.one%2Fdownload&secure%5Burl_type%5D=free_trial) --- ## What Are the Top-Rated Application Security Posture Management (ASPM) Software Products in 2026? ### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews) Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. **Average Rating:** 4.6/5.0 **Total Reviews:** 143 **Who Is the Company Behind Aikido Security?** - **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security) - **Company Website:** https://aikido.dev - **Year Founded:** 2022 - **HQ Location:** Ghent, Belgium - **Twitter:** @AikidoSecurity (11,770 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CTO, Founder - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 69% Small-Business, 18% Mid-Market #### What Are Aikido Security's Pros and Cons? **Pros:** - Ease of Use (78 reviews) - Security (55 reviews) - Features (52 reviews) - Easy Integrations (47 reviews) - Easy Setup (47 reviews) **Cons:** - Missing Features (19 reviews) - Expensive (17 reviews) - Limited Features (16 reviews) - Pricing Issues (15 reviews) - Lacking Features (14 reviews) ### What Do G2 Reviewers Say About Aikido Security? *AI-generated summary from verified user reviews* **Pros:** - Users find Aikido Security's **ease of use** impressive, benefiting from seamless integration and clear actionable insights. - Users appreciate the **comprehensive security capabilities** of Aikido Security, seamlessly integrating multiple security features into workflows. - Users appreciate the **intuitive dashboard and comprehensive security features** of Aikido Security, enhancing codebase vulnerability management. - Users value the **easy integrations** with GitHub and other platforms, enhancing team collaboration and management. - Users find the **easy setup** of Aikido Security impressive, enabling quick implementation and efficient updates. **Cons:** - Users are disappointed by the **missing features** of Aikido Security, particularly in advanced reporting and analysis tools. - Users find the **pricing structure expensive** for small businesses, making upgrades hard to justify. - Users note the **limited features** in the free plan and desire more advanced options for customization and reporting. - Users find the **pricing structure problematic** , as it's not suitable for micro businesses and startups. - Users feel Aikido Security is **lacking features** , particularly in areas like advanced reporting and in-depth analysis. #### What Are Recent G2 Reviews of Aikido Security? **"[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)"** **Rating:** 4.0/5.0 stars *— Dylan E.* [Read full review](https://www.g2.com/survey_responses/aikido-security-review-12747129) --- **"[AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos](https://www.g2.com/survey_responses/aikido-security-review-13024655)"** **Rating:** 5.0/5.0 stars *— Jonathon K.* [Read full review](https://www.g2.com/survey_responses/aikido-security-review-13024655) --- ### 2. [CrowdStrike Falcon Cloud Security](https://www.g2.com/products/crowdstrike-falcon-cloud-security/reviews) Crowdstrike Falcon Cloud Security is the only CNAPP to stop breaches in the cloud Built for today’s hybrid and multi-cloud environments, Falcon Cloud Security protects the entire cloud attack surface - from code to runtime - by combining continuous agentless visibility with real-time detection and response. At runtime, Falcon Cloud Security delivers best-in-class cloud workload protection and real-time cloud detection and response (CDR) to stop active threats across hybrid environments. Integrated with the CrowdStrike Falcon platform, it correlates signals across endpoint, identity, and cloud to detect sophisticated cross-domain attacks that point solutions miss—enabling teams to respond faster and stop breaches in progress. To reduce risk before attacks occur, Falcon Cloud Security also delivers agentless-driven posture management that proactively shrinks the cloud attack surface. Unlike typical solutions, Crowdstrike enriches cloud risk detections with adversary intelligence and graph-based context, enabling security teams to prioritize exploitable exposures and prevent breaches before they happen. Customers using Falcon Cloud Security consistently see measurable results: 89% faster cloud detection and response 100x reduction in false positives by prioritizing exploitable, business-critical risk 83% reduction in cloud security licenses due to elimination of redundant tools **Average Rating:** 4.6/5.0 **Total Reviews:** 93 **Who Is the Company Behind CrowdStrike Falcon Cloud Security?** - **Seller:** [CrowdStrike](https://www.g2.com/sellers/crowdstrike) - **Company Website:** https://www.crowdstrike.com - **Year Founded:** 2011 - **HQ Location:** Sunnyvale, CA - **Twitter:** @CrowdStrike (110,809 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2497653/ (11,343 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 46% Enterprise, 41% Mid-Market #### What Are CrowdStrike Falcon Cloud Security's Pros and Cons? **Pros:** - Security (49 reviews) - Cloud Security (37 reviews) - Detection Efficiency (34 reviews) - Vulnerability Detection (31 reviews) - Ease of Use (29 reviews) **Cons:** - Expensive (17 reviews) - Improvements Needed (14 reviews) - Improvement Needed (13 reviews) - Feature Complexity (8 reviews) - Learning Curve (8 reviews) ### What Do G2 Reviewers Say About CrowdStrike Falcon Cloud Security? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **complete protection** CrowdStrike Falcon Cloud Security offers, ensuring efficiency and insightful incident investigation. - Users appreciate the **robust security features** of CrowdStrike Falcon Cloud Security, enhancing compliance and threat detection capabilities. - Users commend the **detection efficiency** of CrowdStrike Falcon Cloud Security, ensuring robust protection with minimal false positives. - Users value the **complete protection from code to cloud** offered by CrowdStrike Falcon Cloud Security, ensuring high efficiency. - Users appreciate the **user-friendly interface** of CrowdStrike Falcon Cloud Security, making incident investigation and integration effortless. **Cons:** - Users note that the **expensive pricing** of CrowdStrike Falcon Cloud Security may deter smaller organizations from affording it. - Users seek **improvements in uptime and enrollment experience** for CrowdStrike Falcon Cloud Security to enhance usability. - Users note that **improvement is needed** in the cloud workload dashboard uptime and UI for better user experience. - Users find the **feature complexity** of CrowdStrike Falcon Cloud Security to be overwhelming and challenging to navigate. - Users find the **learning curve steep** , complicating the use of CrowdStrike Falcon Cloud Security for newcomers. #### What Are Recent G2 Reviews of CrowdStrike Falcon Cloud Security? **"[Quiet, Unobtrusive Endpoint Security That Just Works](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12973136)"** **Rating:** 4.0/5.0 stars *— Verified User in Computer Software* [Read full review](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12973136) --- **"[Smashing your head into a server rack? Admin, Meet Crowdstrike Falcon Cloud Security!](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12609797)"** **Rating:** 5.0/5.0 stars *— Verified User in Consumer Goods* [Read full review](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12609797) --- ### 3. [OX Security](https://www.g2.com/products/ox-security/reviews) OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform. Unlike traditional “Shift Left” approaches that collapsed under AI’s speed, VibeSec makes software secure by default by preventing risks before they exist. Powered by the OX AI Data Lake and dynamic code-to-runtime context, OX Security delivers: Autonomous, embedded security that runs as fast as developers. Dynamic risk context that shrinks security backlogs before they spiral. Continuous alignment across code, cloud, APIs, and runtime. With OX, developers focus on building while security runs itself, giving enterprises complete confidence that every release ships secure. OX Security -Vendor desc (request to update): OX Security is the company behind VibeSec, an AI-native autonomous security platform built for the AI development era. Unlike traditional tools that chase vulnerabilities after code is written, VibeSec embeds dynamic security context directly into AI coding environments like Cursor and Copilot. The result: every line of code is secure by default. For the first time, security moves at the speed of AI-driven development, preventing vulnerabilities before they exist, shrinking backlogs with every commit, and making security a seamless part of the development flow. **Average Rating:** 4.8/5.0 **Total Reviews:** 51 **Who Is the Company Behind OX Security?** - **Seller:** [OX Security](https://www.g2.com/sellers/ox-security) - **Year Founded:** 2021 - **HQ Location:** New York, USA - **LinkedIn® Page:** https://www.linkedin.com/company/ox-security/ (199 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 63% Mid-Market, 25% Enterprise #### What Are OX Security's Pros and Cons? **Pros:** - Features (27 reviews) - Ease of Use (23 reviews) - Customer Support (22 reviews) - Integration Support (22 reviews) - Security (22 reviews) **Cons:** - Integration Issues (8 reviews) - Missing Features (8 reviews) - Complexity (5 reviews) - Inadequate Reporting (5 reviews) - Limited Cloud Integration (5 reviews) ### What Do G2 Reviewers Say About OX Security? *AI-generated summary from verified user reviews* **Pros:** - Users value the **comprehensive security testing features** of OX Security, enhancing organization-wide security management and integration. - Users find OX Security to be **user-friendly** , featuring a streamlined dashboard and seamless integration capabilities. - Users appreciate the **responsive customer support** from OX Security, enhancing overall experience and satisfaction. - Users value the **seamless and fast integration** with tools, enhancing their overall experience with OX Security. - Users value the **comprehensive security capabilities** of OX Security, appreciating its user-friendly interface and robust support. **Cons:** - Users face **integration issues** with OX Security, particularly regarding documentation and compatibility with various tools. - Users note **missing features** in OX Security, particularly in language support and SIEM integration options. - Users find the **complexity** of OX Security overwhelming, facing a steep learning curve and insufficient documentation. - Users find OX Security's **inadequate reporting** limits their ability to effectively demonstrate progress and value to management. - Users note the **limited cloud integration** with SIEM systems and specific development tools, affecting overall functionality. #### What Are Recent G2 Reviews of OX Security? **"[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)"** **Rating:** 4.5/5.0 stars *— Verified User in Gambling & Casinos* [Read full review](https://www.g2.com/survey_responses/ox-security-review-10961361) --- **"[A Transformative Game-Changer in Application Security Posture Management](https://www.g2.com/survey_responses/ox-security-review-10618682)"** **Rating:** 5.0/5.0 stars *— Dudi E.* [Read full review](https://www.g2.com/survey_responses/ox-security-review-10618682) --- ### 4. [Jit](https://www.g2.com/products/jit/reviews) Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit's AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit's platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​ **Average Rating:** 4.5/5.0 **Total Reviews:** 43 **Who Is the Company Behind Jit?** - **Seller:** [jit](https://www.g2.com/sellers/jit) - **Year Founded:** 2021 - **HQ Location:** Boston, MA - **Twitter:** @jit_io (522 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 44% Mid-Market, 42% Small-Business #### What Are Jit's Pros and Cons? **Pros:** - Security (10 reviews) - Easy Integrations (8 reviews) - Ease of Use (7 reviews) - Efficiency (7 reviews) - Integration Support (7 reviews) **Cons:** - Integration Issues (4 reviews) - Limited Features (4 reviews) - Limited Integration (4 reviews) - Poor Documentation (4 reviews) - Complexity (3 reviews) ### What Do G2 Reviewers Say About Jit? *AI-generated summary from verified user reviews* **Pros:** - Users value the **robust security features** of Jit, seamlessly integrating security and development for improved collaboration. - Users value the **easy integrations** of Jit, seamlessly incorporating security into their development practices and workflows. - Users appreciate the **ease of use** of Jit, finding it lightweight and simple to integrate into workflows. - Users value the **efficient integration** of security in development workflows, significantly saving time and reducing complexity. - Users appreciate the **easy integration support** of Jit, seamlessly embedding security into their development workflows. **Cons:** - Users encounter **integration issues** with Jit, particularly with third-party tools and CI setups requiring additional manual configuration. - Users find the **limited features** of Jit lacking for complex needs, desiring more customization and better analytics. - Users encounter **limited integration** with third-party tools, affecting advanced configurations and overall functionality. - Users feel the **documentation is lacking** , especially for advanced configurations, complicating the overall user experience. - Users find that the **complexity in configuration** and onboarding can hinder their overall experience with Jit. #### What Are Recent G2 Reviews of Jit? **"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"** **Rating:** 4.0/5.0 stars *— Mohamed A.* [Read full review](https://www.g2.com/survey_responses/jit-review-11751139) --- **"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"** **Rating:** 4.0/5.0 stars *— Ali A.* [Read full review](https://www.g2.com/survey_responses/jit-review-11750234) --- ### 5. [SonarQube](https://www.g2.com/products/sonarqube/reviews) Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company. **Average Rating:** 4.4/5.0 **Total Reviews:** 145 **Who Is the Company Behind SonarQube?** - **Seller:** [SonarSource Sàrl](https://www.g2.com/sellers/sonarsource-sarl) - **Company Website:** https://www.sonarsource.com - **Year Founded:** 2008 - **HQ Location:** Geneva, Switzerland - **Twitter:** @SonarSource (10,913 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/sonarsource/ (929 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** DevOps Engineer, Software Engineer - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 43% Enterprise, 39% Mid-Market #### What Are SonarQube's Pros and Cons? **Pros:** - Code Quality (24 reviews) - Features (20 reviews) - Issue Identification (19 reviews) - Ease of Use (18 reviews) - Easy Integrations (18 reviews) **Cons:** - Software Bugs (12 reviews) - Complex Configuration (10 reviews) - False Positives (10 reviews) - Complexity (8 reviews) - Complex Setup (8 reviews) ### What Do G2 Reviewers Say About SonarQube? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **quick identification of code quality and security issues** by SonarQube, enhancing maintainability and reliability. - Users value the **real-time code quality and security checks** provided by SonarQube, enhancing code reliability and maintainability. - Users appreciate how SonarQube **quickly flags code quality and security issues** , aiding in maintaining a clean codebase. - Users value the **ease of use** of SonarQube, finding it intuitive and seamlessly integrable into workflows. - Users appreciate the **easy integrations** of SonarCloud, allowing seamless use within existing development workflows. **Cons:** - Users experience **software bugs** that can lead to issues slipping into production and vague error messages during scans. - Users find the **complex configuration** process challenging, especially for new teams and large projects, impacting efficiency. - Users often face **false positives** that necessitate frequent adjustments, impacting their workflow and experience with SonarQube. - Users find SonarQube's interface **complex and difficult to configure** , impacting ease of use and efficiency. - Users find the **complex setup** of SonarQube challenging, requiring time and planning to effectively utilize its features. #### What Are Recent G2 Reviews of SonarQube? **"[SonarQube improves the code quality](https://www.g2.com/survey_responses/sonarqube-review-12997941)"** **Rating:** 4.0/5.0 stars *— Gaurav V.* [Read full review](https://www.g2.com/survey_responses/sonarqube-review-12997941) --- **"[SonarQube: Easy Integration, Simple UI, and Solid Free Code Quality Scanning](https://www.g2.com/survey_responses/sonarqube-review-12975264)"** **Rating:** 4.5/5.0 stars *— Divyarajsinh C.* [Read full review](https://www.g2.com/survey_responses/sonarqube-review-12975264) --- #### What Are G2 Users Discussing About SonarQube? - [What is SonarLint used for?](https://www.g2.com/discussions/what-is-sonarlint-used-for) - [What is SonarQube and how does it work?](https://www.g2.com/discussions/what-is-sonarqube-and-how-does-it-work) - 1 upvote - [What is the benefit of SonarQube?](https://www.g2.com/discussions/what-is-the-benefit-of-sonarqube) - [What are the main components of SonarQube platform?](https://www.g2.com/discussions/what-are-the-main-components-of-sonarqube-platform) - [What is SonarQube and its features?](https://www.g2.com/discussions/what-is-sonarqube-and-its-features) ### 6. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) Invicti (formerly known as Netsparker) is an enterprise application and API security testing platform that helps organizations secure thousands of web applications and APIs at scale while dramatically reducing the risk of attack. Combining advanced DAST and IAST capabilities in a single platform, Invicti enables security teams to continuously identify, prioritize, and remediate vulnerabilities across complex modern environments with confidence and automation. With Invicti, security teams can: - Automate application security testing workflows and save hundreds of hours every month - Discover and secure all web applications and APIs, including forgotten, unmanaged, and shadow assets - Deliver actionable, developer-friendly feedback that helps teams remediate vulnerabilities faster and build more secure code over time - Reduce false positives with proof-based scanning technology that validates exploitable vulnerabilities - Scale application security programs across large enterprises without slowing development teams - Integrate security seamlessly into existing DevSecOps and CI/CD workflows Built for organizations with the most demanding security requirements, Invicti empowers teams to confidently secure their entire attack surface with accuracy, scalability, and automation. **Average Rating:** 4.6/5.0 **Total Reviews:** 66 **Who Is the Company Behind Invicti (formerly Netsparker)?** - **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92) - **Company Website:** https://www.invicti.com/ - **Year Founded:** 2018 - **HQ Location:** Austin, Texas - **Twitter:** @InvictiSecurity (2,557 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 46% Enterprise, 28% Mid-Market #### What Are Invicti (formerly Netsparker)'s Pros and Cons? **Pros:** - Ease of Use (9 reviews) - Scanning Technology (7 reviews) - Features (6 reviews) - Reporting Quality (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Poor Customer Support (3 reviews) - Slow Performance (3 reviews) - Slow Scanning (3 reviews) - API Issues (2 reviews) - Complex Setup (2 reviews) ### What Do G2 Reviewers Say About Invicti (formerly Netsparker)? *AI-generated summary from verified user reviews* **Pros:** - Users value the **ease of use** of Invicti, making setup and report generation efficient and straightforward for security testing. - Users value the **efficient scanning technology** of Invicti, enabling easy monthly tests and quick API integration. - Users value Invicti's **accurate and comprehensive reporting** , making it ideal for security testing and certification needs. - Users value the **well-formatted reports** from Invicti, which simplify obtaining ISO certifications and enhance operational efficiency. - Users value the **effective vulnerability detection** features, enabling efficient scans and clear reports on crucial issues. **Cons:** - Users feel that the **customer support is inadequate** , often lacking timely responses and effective solutions to issues. - Users experience **slow performance** during scans and setup, impacting overall efficiency and user satisfaction. - Users find the **slow scanning** process frustrating, especially when attempting to scan API endpoints effectively. - Users experience **API scanning issues** that hinder functionality, limiting the app's effectiveness for certain use cases. - Users find the **complex setup** challenging initially, affecting ease of use and configuration during scans. #### What Are Recent G2 Reviews of Invicti (formerly Netsparker)? **"[Scalable Enterprise Security: Deep Endpoint Coverage via Invicti](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)"** **Rating:** 4.5/5.0 stars *— Verified User in Information Technology and Services* [Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667) --- **"[Effortless Website Testing with Outstanding Support](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-11850923)"** **Rating:** 4.5/5.0 stars *— Chris M.* [Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-11850923) --- #### What Are G2 Users Discussing About Invicti (formerly Netsparker)? - [What is Invicti (formerly Netsparker) used for?](https://www.g2.com/discussions/what-is-invicti-formerly-netsparker-used-for) - 1 comment - [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/invicti-formerly-netsparker-what-type-of-vulnerabilities-netsparker-can-automatically-confirm) - [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/what-type-of-vulnerabilities-netsparker-can-automatically-confirm) - [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost-a1ecffa4-a216-4bcc-affd-40dc140f3e27) - [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost) ### 7. [Carbon Black App Control](https://www.g2.com/products/carbon-black-app-control/reviews) With the rise of security threats and malware, organizations need technologies to combat these risks. Unplanned downtime and performance degradation from security breaches impact productivity and reputation. As IT and security shift to the cloud, it's crucial to stay vigilant about security gaps. Many companies still rely on air-gapped servers or outdated operating systems (EOL OS) for critical systems and data storage. Carbon Black App Control offers proactive security for data centers, AWS, Azure, GCP, or hosted private clouds. App Control ensures trusted software runs, monitors file integrity, controls devices, protects memory and registry keys on Windows. **Average Rating:** 4.6/5.0 **Total Reviews:** 44 **Who Is the Company Behind Carbon Black App Control?** - **Seller:** [Broadcom](https://www.g2.com/sellers/broadcom-ab3091cd-4724-46a8-ac89-219d6bc8e166) - **Year Founded:** 1991 - **HQ Location:** San Jose, CA - **Twitter:** @broadcom (63,909 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/broadcom/ (55,094 employees on LinkedIn®) - **Ownership:** NASDAQ: CA **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 64% Enterprise, 33% Mid-Market #### What Are Carbon Black App Control's Pros and Cons? **Pros:** - Customer Support (1 reviews) - Ease of Use (1 reviews) - Easy Implementation (1 reviews) - Easy Integrations (1 reviews) - Features (1 reviews) **Cons:** - Expensive (1 reviews) - False Positives (1 reviews) - High CPU Usage (1 reviews) - Memory Issues (1 reviews) - Slow Performance (1 reviews) ### What Do G2 Reviewers Say About Carbon Black App Control? *AI-generated summary from verified user reviews* **Pros:** - Users commend the **awesome customer support** of Carbon Black App Control, enhancing security and compliance effectively. - Users find the **ease of use** of Carbon Black App Control enhances security and simplifies implementation seamlessly. - Users value the **easy implementation** of Carbon Black App Control, which boosts security and confidence in system protection. - Users value the **easy integrations** of Carbon Black App Control, enhancing security while streamlining the implementation process. - Users appreciate the **ease of use and robust security** of Carbon Black App Control, enhancing confidence and compliance. **Cons:** - Users feel the pricing is **on the higher side** , especially smaller organizations with limited budgets. - Users occasionally face **false positives** with Carbon Black App Control, but manual whitelisting helps alleviate this issue. - Users often experience **high CPU usage** with Carbon Black App Control, leading to performance concerns and false alerts. - Users note **high memory utilization** with Carbon Black, leading to performance concerns and false alerts. - Users experience **slow performance** due to high CPU and memory usage, leading to frustration with false alerts. #### What Are Recent G2 Reviews of Carbon Black App Control? **"[Powerful Application Control enabling Enhanced Security](https://www.g2.com/survey_responses/carbon-black-app-control-review-10387482)"** **Rating:** 4.5/5.0 stars *— Prajwal V.* [Read full review](https://www.g2.com/survey_responses/carbon-black-app-control-review-10387482) --- **"[Carbon Black Review](https://www.g2.com/survey_responses/carbon-black-app-control-review-9186031)"** **Rating:** 4.0/5.0 stars *— Abhiuday M.* [Read full review](https://www.g2.com/survey_responses/carbon-black-app-control-review-9186031) --- #### What Are G2 Users Discussing About Carbon Black App Control? - [Does Carbon Black do file integrity monitoring?](https://www.g2.com/discussions/does-carbon-black-do-file-integrity-monitoring) - [How does Carbon Black EDR work?](https://www.g2.com/discussions/how-does-carbon-black-edr-work) - [What are the benefits of VMware carbon black to organizations?](https://www.g2.com/discussions/what-are-the-benefits-of-vmware-carbon-black-to-organizations) - [What does Carbon Black App Control do?](https://www.g2.com/discussions/what-does-carbon-black-app-control-do) ### 8. [Strobes Security](https://www.g2.com/products/strobes-security/reviews) Strobes is an AI-driven exposure management platform designed to help organizations streamline their security operations by unifying various security methodologies, including Attack Surface Management (ASM), Application Security Posture Management (ASPM), Risk-Based Vulnerability Management (RBVM), and Penetration Testing as a Service (PTaaS). This comprehensive solution provides users with a holistic view of their security posture, enabling them to identify, assess, and respond to potential risks and vulnerabilities effectively. Targeted primarily at security teams and IT professionals, Strobes caters to organizations of all sizes that require a robust approach to managing their security exposure. The platform is particularly beneficial for those who need to navigate the complexities of modern security environments, where multiple tools and processes can lead to fragmented insights. By consolidating various security functions into a single workflow, Strobes empowers users to make informed decisions based on a complete understanding of their risk landscape. One of the key features of Strobes is its extensive integration capabilities, boasting over 120 integrations with existing security tools and systems. This allows organizations to pull findings from disparate sources into a single view, enriching data with contextual information that enhances the relevance of insights. The platform's advanced correlation capabilities help identify relationships between different vulnerabilities and risks, enabling security teams to prioritize their remediation efforts effectively. The user-friendly dashboards in Strobes serve as a central hub for monitoring security activities, encompassing everything from asset discovery and vulnerability insights to Service Level Agreement (SLA) tracking and ticketing. This comprehensive visibility supports continuous prioritization and fix validation, allowing teams to address the most critical issues first. By automating triage processes, Strobes ensures that real risks and exposures are highlighted, facilitating a more efficient response to potential threats. Overall, Strobes stands out in the exposure management landscape by providing a cohesive and intelligent approach to security management. Its ability to unify various methodologies, coupled with powerful automation and integration features, positions it as a valuable tool for organizations seeking to enhance their security posture and effectively manage their exposure to risks. **Average Rating:** 4.6/5.0 **Total Reviews:** 34 **Who Is the Company Behind Strobes Security?** - **Seller:** [Strobes Security Inc](https://www.g2.com/sellers/strobes-security-inc) - **Company Website:** https://www.strobes.co/ - **Year Founded:** 2019 - **HQ Location:** Plano, US - **Twitter:** @StrobesHQ (218 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/strobeshq (98 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 37% Enterprise, 37% Mid-Market #### What Are Strobes Security's Pros and Cons? **Pros:** - Vulnerability Identification (14 reviews) - Vulnerability Detection (13 reviews) - Security (11 reviews) - Customer Support (10 reviews) - Ease of Use (10 reviews) **Cons:** - Inadequate Reporting (4 reviews) - Limited Customization (4 reviews) - Poor Usability (4 reviews) - Reporting Issues (4 reviews) - Complexity (2 reviews) ### What Do G2 Reviewers Say About Strobes Security? *AI-generated summary from verified user reviews* **Pros:** - Users value the **rapid vulnerability assessments** of Strobes Security, significantly speeding up remediation with insightful reporting. - Users value the **rapid vulnerability assessments** and streamlined management that significantly enhance security operations' efficiency. - Users value the **thorough penetration testing** and actionable insights from Strobes Security, enhancing overall application security. - Users commend the **responsive and knowledgeable customer support** of Strobes Security, enhancing security improvements effectively. - Users value the **ease of use** of Strobes Security, thanks to its intuitive interface and streamlined workflows. **Cons:** - Users find the **inadequate reporting** lacking in key KPIs and not polished enough for effective stakeholder presentations. - Users find **limited customization** options for branding, impacting the overall adaptability of the Strobes Security platform. - Users find the **user experience daunting** due to unclear dashboards and difficulties in accessing necessary information. - Users note that **reporting issues** arise from complex reports and a cluttered user experience, hindering efficiency. - Users find the **UI complex** , making initial customization and setup challenging despite smoother operation once learned. #### What Are Recent G2 Reviews of Strobes Security? **"[Valuable Security Assessments with Practical Findings](https://www.g2.com/survey_responses/strobes-security-review-12795666)"** **Rating:** 4.5/5.0 stars *— Apoorva J.* [Read full review](https://www.g2.com/survey_responses/strobes-security-review-12795666) --- **"[Comprehensive and Reliable Attack Surface Management Solution](https://www.g2.com/survey_responses/strobes-security-review-12638010)"** **Rating:** 5.0/5.0 stars *— Divya D.* [Read full review](https://www.g2.com/survey_responses/strobes-security-review-12638010) --- ### 9. [APPCHECK](https://www.g2.com/products/appcheck/reviews) AppCheck is a Dynamic Application Security Testing (DAST) and network vulnerability testing solution, developed and supported by experienced penetration testers. We approach security testing as a hacker would, leveraging multiple proprietary crawling engines to analyse target behaviour across both modern and traditional technologies, including Single Page Applications (SPAs), APIs, and complex authentication flows such as SSO, 2FA, and TOTP. Organisations can conduct unlimited security assessments across Web Applications, SPAs, APIs, cloud services, networks, across internal or external assets. Supporting production and UAT testing, AppCheck also helps organisations ‘shift left’ by integrating with CI/CD pipelines and build servers, including ADO, GitHub, Jenkins, TeamCity, CircleCI, TravisCI, Bamboo, and GitLab CI/CD. Allowing automated security testing throughout development, identifying risks as soon as changes are introduced. AppCheck are proud to be part of the CVE Numbering Authority (CNA), contributing to global security research **Average Rating:** 4.6/5.0 **Total Reviews:** 67 **Who Is the Company Behind APPCHECK?** - **Seller:** [APPCHECK](https://www.g2.com/sellers/appcheck) - **Company Website:** https://www.appcheck-ng.com - **Year Founded:** 2014 - **HQ Location:** Leeds, GB - **Twitter:** @AppcheckNG (649 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/appcheck-ng-ltd/ (106 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 49% Mid-Market, 30% Small-Business #### What Are APPCHECK's Pros and Cons? **Pros:** - Ease of Use (5 reviews) - Vulnerability Detection (5 reviews) - Features (4 reviews) - Pentesting Efficiency (4 reviews) - Scanning Efficiency (4 reviews) **Cons:** - UX Improvement (2 reviews) - API Issues (1 reviews) - Difficult Customization (1 reviews) - Difficult Learning Curve (1 reviews) - False Positives (1 reviews) ### What Do G2 Reviewers Say About APPCHECK? *AI-generated summary from verified user reviews* **Pros:** - Users value the **ease of use** of APPCHECK, making complex processes simple to complete efficiently. - Users commend **effective vulnerability detection** with AppCheck, providing actionable insights for improved security and integration. - Users highly value the **excellent pricing and functionality** of AppCheck, enhancing security management for web applications. - Users value the **high pentesting efficiency** of AppCheck, enhancing security while reducing the need for manual testing. - Users value the **scanning efficiency** of AppCheck, appreciating actionable reports and seamless integration with CI/CD pipelines. **Cons:** - Users feel there is **room for improvement in UX** , particularly regarding scoring, customization, and scan templates. - Users find the **API endpoint changes cumbersome** , requiring a service request, but appreciate the responsiveness to feedback. - Users find **difficult customization** options in AppCheck, limiting their ability to tailor reports and improve context. - Users acknowledge a **difficult learning curve** with Appcheck, but ultimately find the product to be very good. - Users find the **need for manual validation due to false positives** to be a significant drawback in APPCHECK. #### What Are Recent G2 Reviews of APPCHECK? **"[Effortless Vulnerability Management with APPCHECK](https://www.g2.com/survey_responses/appcheck-review-12463853)"** **Rating:** 5.0/5.0 stars *— Aaron H.* [Read full review](https://www.g2.com/survey_responses/appcheck-review-12463853) --- **"[Great onboarding experience and trial](https://www.g2.com/survey_responses/appcheck-review-11771398)"** **Rating:** 4.0/5.0 stars *— Tyler S.* [Read full review](https://www.g2.com/survey_responses/appcheck-review-11771398) --- ### 10. [ActiveState](https://www.g2.com/products/activestate/reviews) ActiveState provides the world's largest library of secure open source: 79 million (Java, Javascript, Python, R, Go, etc.) vetted components across all major language ecosystems, including transitive dependencies and OS-level libraries—built from source to ensure every component is verified, vulnerability-free, and continuously updated. Software teams improve security posture while accelerating development velocity. We deliver five critical outcomes. Counter Supply Chain Risks at Their Source Significantly reduce the possibility of inheriting malicious code from pre-built binaries. Replace risky, unvetted public components with secure, verifiable packages built directly from source. Gain provenance over your artifacts, ensuring bad actors and malware never reach your environment. - Protection from compromised package ecosystems and build systems - Mitigate high-profile malware attacks such as the npm Shai-Hulud attack and other future threats Continuous Remediation for Your Open Source Inventory Shift from reactive patching to proactive immunity. Maintain a hardened security posture with safe-by-default open source and continuous remediation across your inventory. ActiveState artifacts reduce your attack surface and evolve to help close vulnerabilities before they become incidents. - Up to 99% reduction in CVEs compared to community open source artifacts - Achieve up to 90% reduction in MTTR for future vulnerabilities Apply Frictionless Security Policies Embed governance directly into developer workflows without impeding engineering or adding costly CI/CD bloat. ActiveState solutions slot seamlessly into existing tools and AI coding assistants, transforming security policy from a blocker into an enabler that reduces open source approval workflows from weeks and days to just hours and minutes. - Reduce open source approval workflows from weeks and days to hours and minutes Audit Ready Compliance, Always Achieve continuous compliance with instant, granular visibility into components, licenses, and dependencies across your organization. ActiveState delivers comprehensive SBOMs and metadata by default, ensuring you can meet complex standards and minimizing the scramble of audit preparation. - Full visibility into your open source usage, including transitive and OS level dependencies Reclaim Developer Velocity and Focus Minimize high-value engineering hours on dependency conflicts, environment setup, research and remediation. ActiveState components and artifacts are fully managed to ensure they are always up to date and safe to use so your team can focus entirely on shipping revenue-generating features. - Free up 4-8 developer hours per CVE - 68% reduction in scanner noise from false positives **Average Rating:** 4.1/5.0 **Total Reviews:** 32 **Who Is the Company Behind ActiveState?** - **Seller:** [ActiveState](https://www.g2.com/sellers/activestate-fd82e7c7-dea3-4ff5-9e96-cc5cd7d39a87) - **Company Website:** https://www.activestate.com/ - **Year Founded:** 1997 - **HQ Location:** Vancouver, BC - **Twitter:** @ActiveState (4,014 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5052/ (73 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Computer & Network Security - **Company Size:** 51% Small-Business, 29% Mid-Market #### What Are Recent G2 Reviews of ActiveState? **"[Very easy to use and very helpful](https://www.g2.com/survey_responses/activestate-review-6964391)"** **Rating:** 5.0/5.0 stars *— Saurav S.* [Read full review](https://www.g2.com/survey_responses/activestate-review-6964391) --- **"[Super easy to use platform, makes building code way less of a hassle](https://www.g2.com/survey_responses/activestate-review-6961997)"** **Rating:** 5.0/5.0 stars *— Alexander H.* [Read full review](https://www.g2.com/survey_responses/activestate-review-6961997) --- #### What Are G2 Users Discussing About ActiveState? - [What is ActivePerl used for?](https://www.g2.com/discussions/what-is-activeperl-used-for) - [What is the difference between Python and ActivePython?](https://www.g2.com/discussions/what-is-the-difference-between-python-and-activepython) - 1 comment - [What is ActiveState platform?](https://www.g2.com/discussions/what-is-activestate-platform) ### 11. [Edgescan](https://www.g2.com/products/edgescan/reviews) What Is Edgescan? Edgescan is a cybersecurity company that helps organizations proactively identify, validate, and prioritize vulnerabilities across their applications, API’s and digital landscape. The company specializes in continuous vulnerability assessment, automated penetration testing, Attack Surface Management and Penetration Testing as a Service (PTaaS). Edgescan combines advanced automation with certified security experts, including professionals holding credentials such as CREST and OSCP, to deliver highly accurate and actionable security testing. This hybrid approach allows organizations to move beyond traditional point-in-time penetration tests and operate a continuous proactive cybersecurity program. The Edgescan platform is designed primarily for web application and API security, enabling organizations to continuously assess their attack surface and identify vulnerabilities throughout the development lifecycle but also delivers “full stack” coverage to detect host layer CVE’s. With a client retention rate of over 90%, Edgescan has built long-term partnerships by delivering measurable improvements in security efficiency, risk visibility, and vulnerability management. Key Features and Capabilities of Edgescan Automated Penetration Testing Edgescan uses intelligent automation to continuously assess applications, APIs, hosts, and cloud environments for vulnerabilities. This enables frequent, scalable security testing across modern and distributed architectures. Human‑Validated Testing Findings are reviewed and manually validated by certified security experts to eliminate false positives and provide deeper insight into real‑world exploitability. Each result is accurate, contextual, and actionable. Penetration Testing as a Service (PTaaS) Edgescan’s PTaaS model extends beyond automated testing by allowing expert testers to focus on vulnerabilities that require human analysis, including: • Business logic flaws • Authentication and authorization weaknesses • Context-dependent exposures • Complex attack chains and privilege escalation paths Cyber Analytics and AI‑Assisted Validation AI-driven analysis enhances detection, verifies exploitability, and increases accuracy. This reduces noise and gives security teams a clearer picture of genuine threats. Integrated Threat Intelligence Edgescan correlates vulnerabilities with real-world threat intelligence, including known exploits and ransomware activity to help organizations prioritize the most dangerous exposures first. Risk‑Based Prioritization Findings are prioritized based on exploitability, severity, threat context, and business impact, ensuring teams focus on the issues that matter most. Primary Value: What Edgescan Solves for Clients Edgescan enables organizations to shift from reactive vulnerability management to a continuous, proactive security model. Traditional scanners and periodic penetration tests frequently produce large volumes of unvalidated findings. This creates noise and forces security teams to spend hours determining which issues are real and critical. Edgescan solves this by combining: Automation for continuous testing Human expertise for validation and complex analysis Cyber analytics and AI for accuracy and prioritization Key Benefits Significant efficiency gains: reducing thousands of hours spent on manual validation. Higher accuracy, thanks to expert‑validated findings and reduced false positives. Clear prioritization, using threat intelligence and ransomware insights to highlight the highest‑risk exposures. Continuous security improvement, enabling rapid detection, faster remediation, and scalable vulnerability management. By unifying automation, human expertise, AI, and threat intelligence, Edgescan empowers organizations to maintain a continuous cybersecurity program that strengthens overall security posture while dramatically reducing operational burden. **Average Rating:** 4.7/5.0 **Total Reviews:** 51 **Who Is the Company Behind Edgescan?** - **Seller:** [Edgescan](https://www.g2.com/sellers/edgescan) - **Company Website:** https://www.edgescan.com - **Year Founded:** 2017 - **HQ Location:** Dublin, Dublin - **Twitter:** @edgescan (2,256 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2928425/ (88 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 32% Enterprise, 32% Mid-Market #### What Are Edgescan's Pros and Cons? **Pros:** - Ease of Use (25 reviews) - Vulnerability Detection (24 reviews) - Customer Support (19 reviews) - Vulnerability Identification (19 reviews) - Features (18 reviews) **Cons:** - Complex UI (5 reviews) - Limited Customization (5 reviews) - Poor Interface Design (5 reviews) - Slow Performance (5 reviews) - UX Improvement (5 reviews) ### What Do G2 Reviewers Say About Edgescan? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate Edgescan's **ease of use** , facilitating quick navigation and straightforward vulnerability management for all stakeholders. - Users value the **automated vulnerability detection** features of Edgescan, enhancing security assessments and remediation efficiency. - Users commend Edgescan's **excellent customer support** , highlighting its proactivity and responsiveness whenever needed. - Users value the **automated vulnerability identification** features of Edgescan, enhancing security assessments and facilitating efficient risk management. - Users value the **intuitive interface and comprehensive features** of Edgescan, enhancing security assessment efficiency and clarity. **Cons:** - Users find the **complex UI** challenging initially, with navigation and settings difficult to locate. - Users find **limited customization options** in Edgescan, affecting how they can tailor the platform to their needs. - Users find the **poor interface design** limits usability, making navigation and data access challenging. - Users experience **slow performance** with Edgescan due to manual validation, causing longer scan completion times. - Users find the **UI not user friendly** , noting its antiquated design and lack of intuitive navigation. #### What Are Recent G2 Reviews of Edgescan? **"[Edgescan: Easy Setup, Clear Insights, and Expert Security Support](https://www.g2.com/survey_responses/edgescan-review-12224347)"** **Rating:** 5.0/5.0 stars *— Matt W.* [Read full review](https://www.g2.com/survey_responses/edgescan-review-12224347) --- **"[Edgescan Is Amazing!](https://www.g2.com/survey_responses/edgescan-review-11014532)"** **Rating:** 5.0/5.0 stars *— Greg S.* [Read full review](https://www.g2.com/survey_responses/edgescan-review-11014532) --- #### What Are G2 Users Discussing About Edgescan? - [What is edgescan used for?](https://www.g2.com/discussions/what-is-edgescan-used-for) - 1 comment ### 12. [Mend.io](https://www.g2.com/products/mend-io/reviews) Modern risk doesn't live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster. **Average Rating:** 4.3/5.0 **Total Reviews:** 106 **Who Is the Company Behind Mend.io?** - **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b) - **Company Website:** https://mend.io - **Year Founded:** 2011 - **HQ Location:** Boston, Massachusetts - **Twitter:** @Mend_io (11,256 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (256 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 38% Small-Business, 35% Mid-Market #### What Are Mend.io's Pros and Cons? **Pros:** - Scanning Efficiency (8 reviews) - Ease of Use (7 reviews) - Easy Integrations (6 reviews) - Scanning Technology (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Integration Issues (6 reviews) - Limited Features (3 reviews) - Missing Features (3 reviews) - Complex Implementation (2 reviews) - Confusing Interface (2 reviews) ### What Do G2 Reviewers Say About Mend.io? *AI-generated summary from verified user reviews* **Pros:** - Users value the **scanning efficiency** of Mend.io, appreciating quick scans and detailed reports for streamlined management. - Users find Mend.io to be an **easy-to-use** tool that enhances application security and simplifies integration. - Users value the **easy integrations** of Mend.io, allowing quick setup and seamless connection with development tools. - Users love the **scanning capabilities** of Mend.io, appreciating its comprehensive support for binaries and compliance checks. - Users find the **Vulnerability Detection** feature of Mend.io invaluable for maintaining secure and compliant applications. **Cons:** - Users often face **integration issues** with on-premise tools, requiring custom solutions to streamline their workflows. - Users find **limited features** in Mend.io, often relying on workarounds to meet their integration and scanning needs. - Users feel that Mend.io has **missing features** and lacks full integration support, complicating their workflows. - Users find the **complex implementation** of Mend.io challenging, often requiring extensive support and time for successful integration. - Users find the **confusing interface** of Mend.io awkward, especially when toggling between different product portals. #### What Are Recent G2 Reviews of Mend.io? **"[Mend has been an excellent tool, both for OSA and SAST](https://www.g2.com/survey_responses/mend-io-review-9695869)"** **Rating:** 5.0/5.0 stars *— Verified User in Financial Services* [Read full review](https://www.g2.com/survey_responses/mend-io-review-9695869) --- **"[Useful tool](https://www.g2.com/survey_responses/mend-io-review-10828034)"** **Rating:** 5.0/5.0 stars *— Israel Sebastián E.* [Read full review](https://www.g2.com/survey_responses/mend-io-review-10828034) --- #### What Are G2 Users Discussing About Mend.io? - [What is your experience regarding pricing and costs for Mend.io, and how does it compare to other open-source security solutions?](https://www.g2.com/discussions/what-is-your-experience-regarding-pricing-and-costs-for-mend-io-and-how-does-it-compare-to-other-open-source-security-solutions) - [What is Mend (formerly WhiteSource) used for?](https://www.g2.com/discussions/what-is-mend-formerly-whitesource-used-for) - [What is white Source bolt?](https://www.g2.com/discussions/what-is-white-source-bolt) - [What are SCA tools?](https://www.g2.com/discussions/what-are-sca-tools) - [What is software composition analysis SCA?](https://www.g2.com/discussions/what-is-software-composition-analysis-sca) ### 13. [Whitespots Security Portal](https://www.g2.com/products/whitespots-security-portal/reviews) Vulnerability management tool on steroids 📈 Measure and control your application security state; 🔎 Scan your code, containers, web and mobile applications using ANY tool; 🔥 Remove duplicates, validate results, comment merge requests and create Jira tasks in seconds; 🕜 Save your engineers time and automate your processes; ✅ Self-hosted **Average Rating:** 5.0/5.0 **Total Reviews:** 10 **Who Is the Company Behind Whitespots Security Portal?** - **Seller:** [Whitespots](https://www.g2.com/sellers/whitespots) - **Year Founded:** 2020 - **HQ Location:** Tallinn, EE - **LinkedIn® Page:** https://www.linkedin.com/company/whitespots/ (16 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 60% Mid-Market, 20% Small-Business #### What Are Whitespots Security Portal's Pros and Cons? **Pros:** - Easy Setup (4 reviews) - Features (4 reviews) - Speed (4 reviews) - User Interface (4 reviews) - Vulnerability Detection (4 reviews) **Cons:** - Poor Analytics (1 reviews) - Poor Documentation (1 reviews) - UX Improvement (1 reviews) ### What Do G2 Reviewers Say About Whitespots Security Portal? *AI-generated summary from verified user reviews* **Pros:** - Users value the **easy setup** of Whitespots Security Portal, allowing quick integration and streamlined security monitoring. - Users value the **intuitive dashboard** and effective monitoring, enhancing overall security and productivity significantly. - Users value the **speed and efficiency** of Whitespots Security Portal, enhancing productivity while managing security vulnerabilities. - Users appreciate the **fast and cozy UI** of Whitespots Security Portal, enhancing productivity and ease of use. - Users value the **enhanced vulnerability monitoring** of Whitespots Security Portal, improving security and simplifying management tasks. **Cons:** - Users note **poor analytics** in Whitespots Security Portal, with limitations in reporting for managerial needs. - Users find the **poor documentation** challenging, particularly for advanced features and initial configuration. - Users find the interface **not always user-friendly** , though issues can be resolved upon request. #### What Are Recent G2 Reviews of Whitespots Security Portal? **"[Simple, Reliable for Everyday Security Needs](https://www.g2.com/survey_responses/whitespots-security-portal-review-11191394)"** **Rating:** 5.0/5.0 stars *— Daniil M.* [Read full review](https://www.g2.com/survey_responses/whitespots-security-portal-review-11191394) --- **"[A reliable and intuitive security management platform](https://www.g2.com/survey_responses/whitespots-security-portal-review-11178920)"** **Rating:** 5.0/5.0 stars *— Shohrukh A.* [Read full review](https://www.g2.com/survey_responses/whitespots-security-portal-review-11178920) --- ### 14. [Flyingduck](https://www.g2.com/products/flyingduck/reviews) Flyingduck is a Comprehensive Code security Intelligence platform that identifies and remediates security vulnerabilities in the code base. Key modules are SBOM Compliance, SCA, SAST, Secrets Analysis. We also identify Business Logic Issues in the code such as OTP Bypass, Transaction Manipulation type issues with our Deep Logic Analysis AI engine. **Average Rating:** 5.0/5.0 **Total Reviews:** 4 **Who Is the Company Behind Flyingduck?** - **Seller:** [Flyingduck](https://www.g2.com/sellers/flyingduck) - **Year Founded:** 2024 - **HQ Location:** Hyderabad, IN - **LinkedIn® Page:** https://www.linkedin.com/company/flyingduck-cyber-security-genai-shiftleftsecurity/ (11 employees on LinkedIn®) - **Ownership:** Sarat Lingamallu - **Phone:** +919550681242 **Who Uses This Product?** - **Company Size:** 75% Mid-Market, 25% Small-Business #### What Are Recent G2 Reviews of Flyingduck? **"[Continuous Security Insights with Seamless CI/CD Integration](https://www.g2.com/survey_responses/flyingduck-review-12174073)"** **Rating:** 5.0/5.0 stars *— Naveen P.* [Read full review](https://www.g2.com/survey_responses/flyingduck-review-12174073) --- **"[Centralized Security Scans Made Effortless and Effective](https://www.g2.com/survey_responses/flyingduck-review-12081490)"** **Rating:** 5.0/5.0 stars *— Verified User in Information Technology and Services* [Read full review](https://www.g2.com/survey_responses/flyingduck-review-12081490) --- ### 15. [AccuKnox](https://www.g2.com/products/accuknox/reviews) AccuKnox Zero Trust CNAPP cloud security protects public and private clouds, Kubernetes and VMs. AccuKnox is a AI-powered Zero Trust Cloud Native Security Platform that helps organizations comply with various frameworks and over 33+ compliance controls, including MITRE, NIST, STIG, CIS, PCI-DSS, GDPR, and SOC2. AccuKnox enhances InfraSec and DevSecOps teams by enabling them to detect, prioritize, prevent and protect against advanced and sophisticated cloud attacks. Key Benefits 1. Code to Cloud Security 2. Easy Deployment 3. Extensive Coverage. 4. Preemptive Attack Mitigation 5. Open Source and Innovative Key Differentiators - Inline Preemptive Security (as opposed to Post-attack mitigation) - Secures modern workloads (Kubernetes) and traditional workloads (VMs) - Multi-Cloud, Private, Air-gapped, and Hybrid Cloud Security - IaC – Infrastructure As Code scanning - Secures AI/ML workloads like Jupyter Notebooks Features - Automated Zero Trust Cloud Security (Public, Private, Hybrid, Air-gapped) - Vulnerability Management & Prioritization - Run-time security, Micro-segmentation - Application Firewalling, Kernel Hardening - Drift Detection & Audit Trail - Continuous Diagnostics & Mitigation - GRC – CIS, HIPAA, GDPR, SOC2, STIG, MITRE, NIST - Securing Mission-Critical Workloads like Vault - Securing AI workbenches like Jupyter Notebooks - Cryptojacking and TNTBotinger Attacks With over 15+ patents, we're proud to offer an OpenSource, DevSecOps-led delivery model. To top it off, we have an ongoing R&D partnership with the esteemed SRI International. We deliver both Static and Runtime Security, anchored on innovations in Cloud Security and AI/ML-based Anomaly Detection. Static Code Analysis - Deeply analyze your code for vulnerabilities and weaknesses. CI/CD Pipelines Scanning - Continuously scan your pipelines for security flaws and risks. Container Security - Fortify your containers with robust security measures. Kubernetes Orchestration - Seamlessly manage and secure your Kubernetes environments. Secret Scanning - Detect and protect sensitive information from unauthorized access. **Average Rating:** 4.4/5.0 **Total Reviews:** 12 **Who Is the Company Behind AccuKnox?** - **Seller:** [Accuknox](https://www.g2.com/sellers/accuknox) - **Year Founded:** 2020 - **HQ Location:** California, USA - **Twitter:** @AccuKnox (341 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/accuknox (180 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 46% Enterprise, 31% Mid-Market #### What Are AccuKnox's Pros and Cons? **Pros:** - Comprehensive Security (5 reviews) - Security (4 reviews) - Cloud Integration (3 reviews) - Compliance Management (3 reviews) - Customer Support (3 reviews) **Cons:** - Difficult Learning (3 reviews) - Complex Setup (2 reviews) - Expensive (2 reviews) - Poor Customer Support (2 reviews) - Complexity (1 reviews) ### What Do G2 Reviewers Say About AccuKnox? *AI-generated summary from verified user reviews* **Pros:** - Users highly recommend AccuKnox for its **comprehensive security** features that effectively manage diverse cloud tools and environments. - Users commend AccuKnox for its **high security level** and seamless management of multiple tools and platforms. - Users appreciate the **easy integration with cloud providers** , enhancing security and compliance for their applications. - Users value the **seamless compliance management** capabilities of AccuKnox, enhancing security across their cloud workloads. - Users commend AccuKnox for their **exceptional customer support** , highlighting quick responses and thorough understanding of solutions. **Cons:** - Users find the **difficult learning** curve challenging, requiring understanding of Kubernetes and complicating setup and management. - Users find the **complex setup** of AccuKnox challenging, particularly those with limited security expertise. - Users find AccuKnox to be **cost prohibitive** , making it a less accessible option for many. - Users express frustration over **poor customer support** , citing slow responses and the need for repeated follow-ups. - Users find the **setup complexity** of AccuKnox challenging, particularly for teams lacking security expertise. #### What Are Recent G2 Reviews of AccuKnox? **"[Having performed PoC with the product and involved with discussions with the team - excellent!](https://www.g2.com/survey_responses/accuknox-review-10934962)"** **Rating:** 5.0/5.0 stars *— Ashleigh W.* [Read full review](https://www.g2.com/survey_responses/accuknox-review-10934962) --- **"[Right set of Solution building blocks to address complex CloudSec challenges](https://www.g2.com/survey_responses/accuknox-review-10731493)"** **Rating:** 5.0/5.0 stars *— Dinakar R.* [Read full review](https://www.g2.com/survey_responses/accuknox-review-10731493) --- ### 16. [ArmorCode Agentic AI Platform](https://www.g2.com/products/armorcode-agentic-ai-platform/reviews) ArmorCode helps enterprises manage security risk and governance across today's heterogeneous technology environments. The ArmorCode Agentic AI Platform gives security teams a system of action – moving from fragmented signals to owned, policy-driven, auditable decisions. Its unified exposure management capabilities deliver visibility, insight, and control across four solutions: Application Security Posture Management, Vulnerability Management, Software Supply Chain Security, and AI Exposure Management. Processing over 200 billion findings a year across hundreds of native integrations, ArmorCode unifies, prioritizes, and drives remediation across applications, cloud, code, infrastructure, and AI. Powered by Anya, the industry's first agentic AI framework for enterprise security, ArmorCode is trusted by global enterprises to reduce exposure and adopt AI and modern software practices with confidence – without replacing existing tools or forcing vendor consolidation. **Average Rating:** 4.1/5.0 **Total Reviews:** 4 **Who Is the Company Behind ArmorCode Agentic AI Platform?** - **Seller:** [ArmorCode](https://www.g2.com/sellers/armorcode) - **Year Founded:** 2020 - **HQ Location:** Palo Alto, California, United States - **LinkedIn® Page:** https://www.linkedin.com/company/armorcode (209 employees on LinkedIn®) - **Ownership:** Dana Torgersen **Who Uses This Product?** - **Company Size:** 50% Mid-Market, 25% Enterprise #### What Are ArmorCode Agentic AI Platform's Pros and Cons? **Pros:** - Cybersecurity (2 reviews) - Security (2 reviews) - Vulnerability Identification (2 reviews) - Automation (1 reviews) - Centralization (1 reviews) **Cons:** - Needs Improvement (2 reviews) - Inadequate Reporting (1 reviews) - Information Management (1 reviews) - Information Overload (1 reviews) - Limited Customization (1 reviews) ### What Do G2 Reviewers Say About ArmorCode Agentic AI Platform? *AI-generated summary from verified user reviews* **Pros:** - Users value the **enhanced cybersecurity** of ArmorCode, streamlining vulnerability management from development to deployment. - Users value the **enhanced security** features of ArmorCode, ensuring protection from development to deployment effectively. - Users praise ArmorCode for its **effective vulnerability identification** capabilities, streamlining security workflows across multiple platforms. - Users appreciate the **automation capabilities** of ArmorCode, streamlining workflows and enhancing security throughout the development process. - Users value the **centralization of vulnerabilities** in ArmorCode, enhancing workflow efficiency for security teams. **Cons:** - Users find **limited scalability and customization options** in ArmorCode, along with subpar analytics and reporting capabilities. - Users find the **inadequate reporting** in ArmorCode Agentic AI Platform limits accuracy and customization options. - Users struggle with **data presentation challenges** that require extra time to understand organizational risk effectively. - Users find the **information overload** from ArmorCode challenging, requiring significant effort to interpret risk effectively. - Users experience **limited customization** in reports, leading to occasional inaccuracies that impact usability. #### What Are Recent G2 Reviews of ArmorCode Agentic AI Platform? **"[Strong Risk and Vulnerability Alignment with AI-Powered Prioritization](https://www.g2.com/survey_responses/armorcode-agentic-ai-platform-review-13022421)"** **Rating:** 4.5/5.0 stars *— Bobby B.* [Read full review](https://www.g2.com/survey_responses/armorcode-agentic-ai-platform-review-13022421) --- **"[Amazing platform for managing appsec and infrastructure vulnerablities](https://www.g2.com/survey_responses/armorcode-agentic-ai-platform-review-7708818)"** **Rating:** 5.0/5.0 stars *— Lucas L.* [Read full review](https://www.g2.com/survey_responses/armorcode-agentic-ai-platform-review-7708818) --- ### 17. [Arnica](https://www.g2.com/products/arnica/reviews) Arnica is a comprehensive application security posture management (ASPM) platform that protects developers, source code, and products throughout the software development lifecycle. The platform provides real-time application security scanning with 100% coverage across the software supply chain, addressing risks in Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC), hardcoded secrets detection, and more. At its core, Arnica offers AI-native security governance that takes control of AI-generated code through advanced AI SAST scanning and agentic rules enforcement. The platform automatically injects centrally-controlled security requirements into AI coding agents like Copilot, Cursor, and Claude at the point of code generation, ensuring every line of AI-written code is secure by default before vulnerabilities reach production. This approach addresses 92% of risks before they ever reach production environments. Arnica's pipelineless architecture provides automatic coverage for every repository without requiring CI/CD pipeline integrations or IDE deployments. The platform scans every code change at the feature branch level, delivering developer-native workflows that keep teams focused on building features rather than chasing security issues. Risk prioritization is enhanced through OWASP Top 10, CVSS, EPSS, and KEV scoring, combined with organizational context to surface the most critical vulnerabilities. The platform excels in developer experience by delivering security findings directly within existing workflows through Slack, Microsoft Teams, pull request comments, and automated ticket management in Jira and Azure DevOps Boards. AI-powered mitigation suggestions provide context-aware, automated fixes that align with organizational coding standards, significantly reducing mean-time-to-remediation. Key security capabilities include real-time secrets detection with automatic validation and mitigation, comprehensive container scanning that maps vulnerabilities directly to source code, and intelligent dependency management with automated SCA upgrades. The platform maintains SOC 2 Type 2 compliance and ISO 27001 certification, ensuring enterprise-grade security standards. Arnica's unique value proposition lies in its ability to scale security across entire organizations while maintaining development velocity, providing complete visibility into code risks, and enabling proactive security measures that prevent vulnerabilities from reaching production environments. **Average Rating:** 4.9/5.0 **Total Reviews:** 8 **Who Is the Company Behind Arnica?** - **Seller:** [Arnica](https://www.g2.com/sellers/arnica) - **Company Website:** https://www.arnica.io - **Year Founded:** 2021 - **HQ Location:** Alpharetta, Georgia - **Twitter:** @arnicaio (124 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/arnica-io/about (60 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 63% Enterprise, 25% Small-Business #### What Are Arnica's Pros and Cons? **Pros:** - Accuracy of Findings (1 reviews) - Actionable Recommendations (1 reviews) - Ease of Use (1 reviews) - Easy Setup (1 reviews) - Remediation Solutions (1 reviews) **Cons:** - Paid Features (1 reviews) ### What Do G2 Reviewers Say About Arnica? *AI-generated summary from verified user reviews* **Pros:** - Users value the **accuracy of findings** in Arnica, ensuring precise insights into privilege management and security. - Users value the **actionable recommendations** from Arnica, simplifying the management of elevated privileges and enhancing security. - Users value the **ease of setup and administration** of Arnica, which saves time and enhances convenience. - Users love the **easy setup** of Arnica, allowing quick administration and efficient use of the product. - Users appreciate the **effective remediation of over-provisioning** with Arnica, enhancing security while simplifying privilege management. **Cons:** - Users feel the **limited availability of features** in Arnica for smaller teams restricts their access to essential protections. #### What Are Recent G2 Reviews of Arnica? **"[Intuitive Dashboards and AI That Finds Real Issues](https://www.g2.com/survey_responses/arnica-review-12972680)"** **Rating:** 5.0/5.0 stars *— Verified User in Computer Software* [Read full review](https://www.g2.com/survey_responses/arnica-review-12972680) --- **"[Developer-friendly AppSec with a flexible policy engine](https://www.g2.com/survey_responses/arnica-review-12962349)"** **Rating:** 5.0/5.0 stars *— Thomas G.* [Read full review](https://www.g2.com/survey_responses/arnica-review-12962349) --- #### What Are G2 Users Discussing About Arnica? - [What is Arnica used for?](https://www.g2.com/discussions/what-is-arnica-used-for) ### 18. [Apiiro](https://www.g2.com/products/apiiro/reviews) Apiiro is the leader in application security posture management (ASPM), unifying risk visibility, prioritization, and remediation with deep code analysis and runtime context. Get complete application and risk visibility: Apiiro takes a deep, code-based approach to ASPM. Its Cloud Application Security Platform analyzes source code and pulls in runtime context to build a continuous, graph-based inventory of application and software supply chain components. Prioritize with code-to-runtime context: With its proprietary Risk Graph™️, Apiiro contextualizes security alerts from third-party tools and native security solutions based on the likelihood and impact of risk to uniquely minimize alert backlogs and triage time by 95%. Fix faster and prevent risks that matter: By tying risks to code owners, providing LLM-enriched remediation guidance, and embedding risk-based guardrails directly into developer tools and workflows, Apiiro improves remediation times (MTTR) by up to 85%. Apiiro's native security solutions include API security testing in code, secrets detection and validation, software bill of materials (SBOM) generation, sensitive data exposure prevention, software composition analysis (SCA), and CI/CD and SCM security. **Average Rating:** 4.8/5.0 **Total Reviews:** 2 **Who Is the Company Behind Apiiro?** - **Seller:** [Apiiro](https://www.g2.com/sellers/apiiro) - **Year Founded:** 2019 - **HQ Location:** New York, New York, United States - **Twitter:** @apiiroSecurity (7,397 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/apiiro (120 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 100% Mid-Market #### What Are Recent G2 Reviews of Apiiro? **"[Great repo centric risk management and interrogation layer](https://www.g2.com/survey_responses/apiiro-review-5475193)"** **Rating:** 4.5/5.0 stars *— Adam S.* [Read full review](https://www.g2.com/survey_responses/apiiro-review-5475193) --- **"[Awesome overall application security solution that just keeps getting better!](https://www.g2.com/survey_responses/apiiro-review-4945784)"** **Rating:** 5.0/5.0 stars *— Roy A.* [Read full review](https://www.g2.com/survey_responses/apiiro-review-4945784) --- #### What Are G2 Users Discussing About Apiiro? - [What is Apiiro used for?](https://www.g2.com/discussions/what-is-apiiro-used-for) ### 19. [Snyk Apprisk](https://www.g2.com/products/snyk-apprisk/reviews) Snyk AppRisk is a product offered by Snyk that enables Application Security teams to implement, manage, and scale a modern, high-performing, developer security program. **Average Rating:** 4.3/5.0 **Total Reviews:** 2 **Who Is the Company Behind Snyk Apprisk?** - **Seller:** [Snyk](https://www.g2.com/sellers/snyk) - **HQ Location:** Boston, Massachusetts - **Twitter:** @snyksec (21,057 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10043614/ (1,370 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 100% Mid-Market #### What Are Recent G2 Reviews of Snyk Apprisk? **"[It was a great experience using Snyk Apprisk, I was able to pritotize what, when](https://www.g2.com/survey_responses/snyk-apprisk-review-10364161)"** **Rating:** 4.5/5.0 stars *— Danwand N.* [Read full review](https://www.g2.com/survey_responses/snyk-apprisk-review-10364161) --- **"[Prioritize vulnerabilities based on their actual impact](https://www.g2.com/survey_responses/snyk-apprisk-review-10355383)"** **Rating:** 4.0/5.0 stars *— Dinh Q.* [Read full review](https://www.g2.com/survey_responses/snyk-apprisk-review-10355383) --- ### 20. [Cycode](https://www.g2.com/products/cycode/reviews) Cycode’s AI-Native Application Security Platform unites security and development teams with actionable context from code to runtime to identify, prioritize, and fix the software risks that matter. Powered by proprietary scanners, third-party integrations, and the Context Intelligence Graph (CIG), Cycode delivers unified, correlated insight across the Software Factory. Its unique ability to sense, reason, and act with context in the AI-Era comes from its foundational convergence of AST, ASPM, and Software Supply Chain Security—purpose-built to secure both AI- and human-generated code. **Average Rating:** 4.0/5.0 **Total Reviews:** 2 **Who Is the Company Behind Cycode?** - **Seller:** [Cycode](https://www.g2.com/sellers/cycode) - **Year Founded:** 2019 - **HQ Location:** New York, New York, United States - **LinkedIn® Page:** https://www.linkedin.com/company/cycode (159 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 67% Mid-Market, 33% Enterprise #### What Are Recent G2 Reviews of Cycode? **"[Totally impressed with cycode](https://www.g2.com/survey_responses/cycode-review-9567648)"** **Rating:** 4.0/5.0 stars *— J P.* [Read full review](https://www.g2.com/survey_responses/cycode-review-9567648) --- **"[Cycode abilities](https://www.g2.com/survey_responses/cycode-review-7475976)"** **Rating:** 4.0/5.0 stars *— Sachin P.* [Read full review](https://www.g2.com/survey_responses/cycode-review-7475976) --- ### 21. [Phoenix Security](https://www.g2.com/products/phoenix-security/reviews) Phoenix Security is a Contextual ASPM focused on product security. It combines risk-based Vulnerability Management, Application Security Posture Management, and Cloud into a risk and remediation-first platform. Phoenix was founded by the team running Application security and Cloud security posture for HSBC. What sets Phoenix apart is the risk-based quantitative view, the level of customization, and the scanning code to cloud vulnerabilities. Phoenix security utilizes threat intelligence, dependency analysis, and cloud analysis to detect which category of vulnerabilities needs to be addressed and minimize the false positives. **Average Rating:** 5.0/5.0 **Total Reviews:** 1 **Who Is the Company Behind Phoenix Security?** - **Seller:** [Phoenix Security](https://www.g2.com/sellers/phoenix-security) - **Year Founded:** 2021 - **HQ Location:** London, GB - **Twitter:** @sec_phoenix (268 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/phoenixsecuritycloud (19 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 100% Small-Business #### What Are Recent G2 Reviews of Phoenix Security? **"[Phoenix security help organization prioritize and contextualize vulnerabilities software](https://www.g2.com/survey_responses/phoenix-security-review-9533543)"** **Rating:** 5.0/5.0 stars *— Verified User in Information Technology and Services* [Read full review](https://www.g2.com/survey_responses/phoenix-security-review-9533543) --- ### 22. [Plexicus](https://www.g2.com/products/plexicus/reviews) Plexicus is the AI-native Application Security Posture Management (ASPM) platform with built-in Vibe Coding Security — purpose-built for the era of AI-assisted development. As developers ship more code, faster, with AI assistants like Cursor, Claude Code, Copilot, Windsurf, Devin, Replit, Zed, and VS Code, the volume of vulnerable code is outpacing every traditional AppSec tool. Plexicus closes that gap by replacing alert-only scanners with an autonomous remediation loop that detects, prioritizes, and fixes risks directly in the developer's Git workflow. Unlike fragmented point solutions that drown DevSecOps teams in findings, Plexicus unifies the full application risk surface — SAST, SCA, secrets, IaC, container, and AI-specific threats — and resolves them with proprietary GenAI agents that open the pull request to fix the code. The Plexicus Platform includes: 1. AI-Native ASPM — Correlates findings across SAST, SCA, secrets, IaC, and container scanners into a single prioritized risk view, then generates the PR that fixes the underlying issue. No more triage backlogs, no more swivel-chair between tools. 2. Vibe Coding Security — The industry's first security layer designed specifically for AI-generated code, with five capabilities: - IDE Guardrail — real-time security feedback inside Cursor, Claude Code, Copilot, Windsurf, and other AI coding tools. - MCP Security Scanner — protects Model Context Protocol integrations from prompt injection and tool abuse. - Hallucination & Slopsquatting Detector — catches non-existent or malicious packages invented by AI assistants. - Authz & Business-Logic Analyzer — surfaces the access-control and logic flaws that pattern-based scanners miss. - AI Provenance & AIBOM — tracks which code came from which AI tool, with full attestation for audits. 3. Compliance-grade evidence — SOC 2 Type II, NIS2, DORA Art. 28, CRA, and EU AI Act evidence packs out of the box. On the CPSTIC pathway. EU data residency by default. Key differentiator: automated remediation, not just visibility. While other AppSec tools focus on finding vulnerabilities, Plexicus focuses on resolving them. Proprietary GenAI remediation agents reduce Mean Time to Remediation (MTTR) by up to 90%, freeing DevSecOps teams from alert fatigue and letting AI-accelerated dev teams ship securely at the speed they actually code. Secure the vibe, patch the legacy. Visit https://www.plexicus.ai/ for more information. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Who Is the Company Behind Plexicus?** - **Seller:** [PLEXICUS](https://www.g2.com/sellers/plexicus) - **Year Founded:** 2025 - **HQ Location:** Bilbao, ES - **LinkedIn® Page:** https://www.linkedin.com/company/plexicus/ (10 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 100% Mid-Market #### What Are Recent G2 Reviews of Plexicus? **"[Feels Like a Sleepless Sixth Engineer](https://www.g2.com/survey_responses/plexicus-review-11082798)"** **Rating:** 4.5/5.0 stars *— John S.* [Read full review](https://www.g2.com/survey_responses/plexicus-review-11082798) --- ### 23. [Xygeni](https://www.g2.com/products/xygeni/reviews) Secure your Software Development and Delivery! Xygeni Security specializes in Application Security Posture Management (ASPM), using deep contextual insights to effectively prioritize and manage security risks while minimizing noise and overwhelming alerts. Our innovative technologies automatically detect malicious code in real-time upon new and updated components publication, immediately notifying customers and quarantining affected components to prevent potential breaches. With extensive coverage spanning the entire Software Supply Chain—including Open Source components, CI/CD processes and infrastructure, Anomaly detection, Secret leakage, Infrastructure as Code (IaC), and Container security—Xygeni ensures robust protection for your software applications. Trust Xygeni to protect your operations and empower your team to build and deliver with integrity and security. **Average Rating:** 4.6/5.0 **Total Reviews:** 4 **Who Is the Company Behind Xygeni?** - **Seller:** [Xygeni Security](https://www.g2.com/sellers/xygeni-security) - **Year Founded:** 2021 - **HQ Location:** Madrid, ES - **Twitter:** @xygeni (178 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/xygeni/ (30 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 60% Small-Business, 40% Mid-Market #### What Are Xygeni's Pros and Cons? **Pros:** - Comprehensive Security (2 reviews) - Prioritization (2 reviews) - Risk Management (2 reviews) - Security (2 reviews) - Cloud Integration (1 reviews) **Cons:** - Difficult Setup (1 reviews) - Learning Curve (1 reviews) ### What Do G2 Reviewers Say About Xygeni? *AI-generated summary from verified user reviews* **Pros:** - Users value the **comprehensive security** of Xygeni, ensuring open-source dependencies are safe without hindering development pace. - Users value Xygeni's **effective prioritization of security threats** , allowing focus on critical issues without development delays. - Users value the **robust risk management capabilities** of Xygeni, enhancing security without hindering development speed. - Users value the **robust security features** of Xygeni, providing peace of mind and maintaining a fast development pace. - Users value the **seamless CI/CD integration** of Xygeni, enabling early vulnerability detection without hindering development speed. **Cons:** - Users face **difficult setup** challenges with Xygeni, requiring manual adjustments to integrate with certain CI/CD environments. - Users find the **learning curve** challenging for first-time use, needing deeper AppSec knowledge to fully utilize the platform. #### What Are Recent G2 Reviews of Xygeni? **"[The essential tool for proactive security and confident development](https://www.g2.com/survey_responses/xygeni-review-11393516)"** **Rating:** 4.5/5.0 stars *— Marcos C.* [Read full review](https://www.g2.com/survey_responses/xygeni-review-11393516) --- **"[Revolutionized Our Security Workflow with Unified, AI-Driven Efficiency](https://www.g2.com/survey_responses/xygeni-review-11998435)"** **Rating:** 5.0/5.0 stars *— Yerassyl K.* [Read full review](https://www.g2.com/survey_responses/xygeni-review-11998435) --- ### 24. [Bionic](https://www.g2.com/products/bionic-bionic/reviews) Bionic is an agentless Application Security Posture Management (ASPM) platform that provides unique visibility into the security, data privacy, and operational risk of applications running in production at scale. Bionic operates continuously and in real-time at the speed of CI/CD so that no application change, drift, or risk goes unnoticed by security, DevOps, and engineering teams. Bionic is the only solution that provides customers with a complete security posture of their applications, services, dependencies, APIs, and data flows within hybrid cloud production environments. **Who Is the Company Behind Bionic?** - **Seller:** [Bionic](https://www.g2.com/sellers/bionic) - **Year Founded:** 2011 - **HQ Location:** Remote, Oregon, United States - **LinkedIn® Page:** https://www.linkedin.com/company/crowdstrike (10,347 employees on LinkedIn®) ### 25. [Boman.ai](https://www.g2.com/products/boman-ai/reviews) Boman.ai is a plug-n-play DevSecOps product, that can bring continuous application security to the DevOps pipeline. It brings SAST(Static Application Security Testing), DAST(Dynamic Application Security Testing), SCA(Software Composition Analysis), and Secret Scanner to the CICD pipeline. It is powered by ML to remove false positives and noise Can integrate with existing application security tools It offers a vulnerability management system and complete visibility of application security under a single platform. Can create compliance reports Can integrate with Jira and Developer workflows. The scans happen at the customer's CICD, Boman.ai doesn't upload any customer code anywhere. **Who Is the Company Behind Boman.ai?** - **Seller:** [Boman.ai](https://www.g2.com/sellers/boman-ai) - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/No-Linkedin-Presence-Added-Intentionally-By-DataOps (1 employees on LinkedIn®) ## What Is Application Security Posture Management (ASPM) Software? [Cloud Security Software](https://www.g2.com/categories/cloud-security) ## What Software Categories Are Similar to Application Security Posture Management (ASPM) Software? - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner) - [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) - [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)