# Best Container Security Tools for Small Business *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Products classified in the overall Container Security category are similar in many regards and help companies of all sizes solve their business problems. However, small business features, pricing, setup, and installation differ from businesses of other sizes, which is why we match buyers to the right Small Business Container Security to fit their needs. Compare product ratings based on reviews from enterprise users or connect with one of G2's buying advisors to find the right solutions within the Small Business Container Security category. In addition to qualifying for inclusion in the Container Security Tools category, to qualify for inclusion in the Small Business Container Security Tools category, a product must have at least 10 reviews left by a reviewer from a small business. ## Category Overview **Total Products under this Category:** 74 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 4,100+ Authentic Reviews - 74+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Top-Rated Products (Ranked by G2 Score) ### 1. [Sysdig Secure](https://www.g2.com/products/sysdig-sysdig-secure/reviews) Sysdig Secure is the real-time cloud-native application protection platform (CNAPP) trusted by organizations of all sizes around the world.. Built by the creators of Falco and Wireshark, Sysdig uniquely delivers runtime-powered visibility and agentic AI to stop cloud attacks instantly, not after the damage is done. With Sysdig, you can: - Stop threats in 2 seconds and respond in minutes - Cut vulnerability noise by 95% with runtime prioritization - Detect real risk instantly across workloads, identities, and misconfigurations - Close permissions gaps in under 2 minutes Sysdig Secure consolidates CSPM, CWPP, CIEM, vulnerability management, and threat detection into a single open, real-time platform. Unlike other CNAPPs, Sysdig connects signals across runtime, identity, and posture to eliminate blind spots, reduce tool sprawl, and accelerate innovation without compromise. No guesswork. No black boxes. Just cloud security, the right way. Learn more at https://sysdig.com **Average Rating:** 4.8/5.0 **Total Reviews:** 110 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.1/10) - **Security Auditing:** 9.6/10 (Category avg: 8.3/10) - **Network Segmentation:** 9.1/10 (Category avg: 7.9/10) - **Workload Protection:** 9.4/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Sysdig](https://www.g2.com/sellers/sysdig-715eaed9-9743-4f27-bd2b-d3730923ac3e) - **Company Website:** https://www.sysdig.com - **Year Founded:** 2013 - **HQ Location:** San Francisco, California - **Twitter:** @Sysdig (10,256 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/3592486/ (640 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 46% Enterprise, 40% Mid-Market #### Pros & Cons **Pros:** - Security (33 reviews) - Vulnerability Detection (32 reviews) - Threat Detection (31 reviews) - Detection Efficiency (30 reviews) - Features (23 reviews) **Cons:** - Feature Limitations (10 reviews) - Complexity (9 reviews) - Missing Features (8 reviews) - Difficult Learning (7 reviews) - Feature Complexity (7 reviews) ### 2. [Aikido Security](https://www.g2.com/products/aikido-security/reviews) Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. **Average Rating:** 4.6/5.0 **Total Reviews:** 139 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.1/10) - **Security Auditing:** 9.0/10 (Category avg: 8.3/10) - **Network Segmentation:** 7.6/10 (Category avg: 7.9/10) - **Workload Protection:** 10.0/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security) - **Company Website:** https://aikido.dev - **Year Founded:** 2022 - **HQ Location:** Ghent, Belgium - **Twitter:** @AikidoSecurity (6,307 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (175 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, Founder - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 71% Small-Business, 17% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (78 reviews) - Security (55 reviews) - Features (52 reviews) - Easy Integrations (47 reviews) - Easy Setup (47 reviews) **Cons:** - Missing Features (19 reviews) - Expensive (17 reviews) - Limited Features (16 reviews) - Pricing Issues (15 reviews) - Lacking Features (14 reviews) ### 3. [Wiz](https://www.g2.com/products/wiz-wiz/reviews) Wiz transforms cloud security for customers – including more than 50% of the Fortune 100 – by enabling a new operating model. With Wiz, organizations can democratize security across the development lifecycle, empowering them to build fast and securely. Its Cloud Native Application Protection Platform (CNAPP) consolidates CSPM, KSPM, CWPP, Vulnerability management, IaC scanning, CIEM, DSPM into a single platform. Wiz drives visibility, risk prioritization, and business agility. Protecting Your Cloud Environments Requires a Unified, Cloud Native Platform. Wiz connects to every cloud environment, scans every layer, and covers every aspect of your cloud security - including elements that normally require installing agents. Its comprehensive approach has all of these cloud security solutions built in. Hundreds of organizations worldwide, including 50 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman & Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks, Lightspeed and Aglaé. Visit https://www.wiz.io for more information. **Average Rating:** 4.7/5.0 **Total Reviews:** 772 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.1/10) - **Security Auditing:** 9.1/10 (Category avg: 8.3/10) - **Network Segmentation:** 7.7/10 (Category avg: 7.9/10) - **Workload Protection:** 8.0/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Wiz](https://www.g2.com/sellers/wiz-76a0133b-42e5-454e-b5da-860e503471db) - **Company Website:** https://www.wiz.io/ - **Year Founded:** 2020 - **HQ Location:** New York, US - **Twitter:** @wiz_io (22,550 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/wizsecurity/ (3,248 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CISO, Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 54% Enterprise, 39% Mid-Market #### Pros & Cons **Pros:** - Features (113 reviews) - Security (107 reviews) - Ease of Use (104 reviews) - Visibility (87 reviews) - Easy Setup (68 reviews) **Cons:** - Improvement Needed (35 reviews) - Feature Limitations (34 reviews) - Learning Curve (34 reviews) - Improvements Needed (29 reviews) - Complexity (27 reviews) ### 4. [Chainguard](https://www.g2.com/products/chainguard/reviews) Chainguard Containers are a guarded catalog of minimal, zero-CVE container images with a best-in-class CVE remediation SLA (7 days for critical severity, 14 days for high, medium and low) that helps customers build and deploy software better. Modern software development practices and deployment pipelines require secure, up-to-date containerized applications for cloud-native applications. Chainguard builds minimal images that contain only the components required to build and run your containers entirely from source in hardened build infrastructure. Aimed at engineering organizations and security teams alike, Chainguard Containers reduce costly engineering toil around vulnerability management, enhance the security posture of applications by eliminating attack surface, and unlock revenue by simplifying compliance with key frameworks and customer requirements. Chainguard Containers – Value Pillars • Reduce cost of engineering toil: Engineers are a precious resource meant for building innovative platforms and products, not non-strategic / un-differentiated toil like patching vulnerabilities • Secure foundation for open source software: Minimal, trusted, and secure open source components for every developer and every stack • Achieve and maintain continuous compliance: Easily operate in compliance frameworks such as FedRAMP, cATO, StateRAMP, PCI-DSS, HIPAA, SOC2, NIS2, and CMMC • Accelerate revenue by building better products faster: Enable engineers to deliver new products and better features, securely with speed Chainguard Containers – Key Capabilities • Best-in-class CVE remediation SLA: Count on an industry-leading remediation SLA of 7 days for critical CVEs and 14 days for high, medium, and low • Secure-by-default, transparent by design: Adopt trusted, zero-CVE container images with full build-time generated SBOMs and digitally signed attestations for total transparency • FIPS and STIGs to simplify continuous compliance: Maintain compliance for critical frameworks like FedRAMP, PCI-DSS, and SOC 2 with hardened images that come with kernel-independent FIPS validation and OS-Level STIGs by default • 1,300+ purpose-built images that are always up to date: Choose from our growing catalog of minimal container images rebuilt from source daily with “nano-updates,” eliminating major OS version upgrades **Average Rating:** 4.8/5.0 **Total Reviews:** 51 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.1/10) - **Security Auditing:** 8.8/10 (Category avg: 8.3/10) - **Network Segmentation:** 7.4/10 (Category avg: 7.9/10) - **Workload Protection:** 8.4/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Chainguard](https://www.g2.com/sellers/chainguard) - **Company Website:** https://www.chainguard.dev/ - **Year Founded:** 2021 - **HQ Location:** Kirkland, WA - **Twitter:** @chainguard_dev (6,257 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/chainguard-dev/ (657 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Computer & Network Security - **Company Size:** 43% Enterprise, 31% Small-Business #### Pros & Cons **Pros:** - Ease of Use (9 reviews) - Customer Support (8 reviews) - Security (5 reviews) - Comprehensive Security (4 reviews) - Container Security (4 reviews) **Cons:** - Missing Features (3 reviews) - Complex Setup (2 reviews) - Difficult Learning (2 reviews) - Expensive (2 reviews) - Integration Issues (2 reviews) ### 5. [Snyk](https://www.g2.com/products/snyk/reviews) Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer security solutions enable modern applications to be built securely, empowering developers to own and build security for the whole application, from code & open source to containers & cloud infrastructure. Secure while you code in your IDE: find issues quickly using the scanner, fix issues easily with remediation advice, verify the updated code. Integrate your source code repositories to secure applications: integrate a repository to find issues, prioritize with context, fix & merge. Secure your containers as you build, throughout the SDLC: start fixing containers as soon as your write a Dockerfile, continuously monitor container images throughout their lifecycle, and prioritize with context. Secure build and deployment pipelines: Integrate natively with your CI/CD tool, configure your rules, find & fix issues in your application, and monitor your applications. Secure your apps quickly with Snyk’s vulnerability scanning and automated fixes - Try for Free! **Average Rating:** 4.5/5.0 **Total Reviews:** 131 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.1/10) - **Security Auditing:** 7.9/10 (Category avg: 8.3/10) - **Network Segmentation:** 6.9/10 (Category avg: 7.9/10) - **Workload Protection:** 7.4/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Snyk](https://www.g2.com/sellers/snyk) - **HQ Location:** Boston, Massachusetts - **Twitter:** @snyksec (20,978 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10043614/ (1,207 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 44% Mid-Market, 35% Small-Business #### Pros & Cons **Pros:** - Vulnerability Detection (3 reviews) - Vulnerability Identification (3 reviews) - Easy Integrations (2 reviews) - Features (2 reviews) - Integrations (2 reviews) **Cons:** - False Positives (2 reviews) - Poor Interface Design (2 reviews) - Scanning Issues (2 reviews) - Software Bugs (2 reviews) - Code Management (1 reviews) ### 6. [Minimus](https://www.g2.com/products/minimus/reviews) Minimus images radically reduce the amount of vulnerabilities that impact your cloud environment. Minimus is founded by the Twistlock team that pioneered container security and authored NIST SP 800-190. Minimus builds images from scratch, directly from upstream project sources, with only the minimal software needed to run the app, dramatically reducing their attack surface. Minimus images are OCI compliant and you deploy by changing a single line in deployment files. Minimus eliminates time consuming and low value remediation work for devs, is easy for ops to deploy and manage using their existing tools, and provides security with remarkably clear risk reduction and nearly instant time to value. Minimus solves the endless treadmill of cloud software vulnerabilities by simply preventing them from existing. Minimus provides secure, minimal container and VM images, rebuilt from scratch daily to eliminate over 95% of CVEs.

Founded in 2022 by the team behind container security pioneer Twistlock, Minimus has raised a $51 million seed round from YL Ventures and Mayfield. The company is headquartered in Baton Rouge with offices in New York, Tel Aviv, and Portland, OR. **Average Rating:** 5.0/5.0 **Total Reviews:** 22 **User Satisfaction Scores:** - **Security Auditing:** 9.4/10 (Category avg: 8.3/10) - **Network Segmentation:** 7.5/10 (Category avg: 7.9/10) - **Workload Protection:** 8.3/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Minimus](https://www.g2.com/sellers/minimus) - **HQ Location:** N/A - **LinkedIn® Page:** https://linkedin.com/company/minimusio (71 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 45% Enterprise, 45% Small-Business ### 7. [Mend.io](https://www.g2.com/products/mend-io/reviews) Mend.io is the leading application security solution, helping organizations reduce application risk efficiently. Built for modern, AI-driven, and traditional development environments alike, Mend.io prioritizes what matters most, so teams fix less, reduce risk faster, and deliver software with confidence. **Average Rating:** 4.3/5.0 **Total Reviews:** 105 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.1/10) - **Security Auditing:** 9.1/10 (Category avg: 8.3/10) - **Network Segmentation:** 8.3/10 (Category avg: 7.9/10) - **Workload Protection:** 7.5/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b) - **Company Website:** https://mend.io - **Year Founded:** 2011 - **HQ Location:** Boston, Massachusetts - **Twitter:** @Mend_io (11,311 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (263 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 38% Small-Business, 34% Mid-Market #### Pros & Cons **Pros:** - Scanning Efficiency (8 reviews) - Ease of Use (7 reviews) - Easy Integrations (6 reviews) - Scanning Technology (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Integration Issues (6 reviews) - Limited Features (3 reviews) - Missing Features (3 reviews) - Complex Implementation (2 reviews) - Confusing Interface (2 reviews) ### 8. [FortiCNAPP](https://www.g2.com/products/forticnapp/reviews) FortiCNAPP (formerly Lacework) is an AI-powered Cloud-Native Application Protection Platform that delivers unified security across your multi-cloud and hybrid environments. Built to protect the entire application lifecycle—from development to runtime—it combines posture management, workload protection, identity security, and threat detection into one integrated platform. By leveraging machine learning and behavioral analytics, FortiCNAPP helps security teams detect unknown threats, reduce noise, and accelerate response. Integrated with the Fortinet Security Fabric, it provides full-stack visibility across cloud, network, and endpoint environments—empowering teams to operate with confidence, reduce complexity, and scale securely. **Average Rating:** 4.4/5.0 **Total Reviews:** 383 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.1/10) - **Security Auditing:** 8.8/10 (Category avg: 8.3/10) - **Network Segmentation:** 7.9/10 (Category avg: 7.9/10) - **Workload Protection:** 8.5/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Fortinet](https://www.g2.com/sellers/fortinet) - **Company Website:** https://www.fortinet.com - **Year Founded:** 2000 - **HQ Location:** Sunnyvale, CA - **Twitter:** @Fortinet (151,464 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/6460/ (16,112 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer, Security Analyst - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 62% Mid-Market, 26% Enterprise #### Pros & Cons **Pros:** - Security (8 reviews) - Vulnerability Detection (7 reviews) - Alert Management (6 reviews) - Cloud Security (6 reviews) - Ease of Use (6 reviews) **Cons:** - Difficult Setup (5 reviews) - Poor Documentation (5 reviews) - Complex Setup (4 reviews) - Setup Difficulty (4 reviews) - Complex Configuration (3 reviews) ### 9. [ARMO Platform](https://www.g2.com/products/armo-platform/reviews) ARMO Platform is the only runtime-driven, open-source first, cloud security platform. It is the only security platform that continuously minimizes cloud attack surface based on runtime insights, while actively detecting and responding to cyberattacks with real risk context. Using an eBPF-based runtime sensor to record application behavior and related activities, ARMO Platform enables DevOps, security, and platform teams to eliminate the security noise and go from thousands of irrelevant alerts to focus on the most important and exploitable threats. This allows those teams to shift from managing hypothetical security issues to mitigating actual risks and providing them with the means to remediate them. ARMO is an open-source-driven company and the creator of Kubescape, a leading open-source Kubernetes security project, now an official CNCF project. To learn more about ARMO Platform please visit: https://www.armosec.io/ **Average Rating:** 4.5/5.0 **Total Reviews:** 44 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.1/10) - **Security Auditing:** 9.2/10 (Category avg: 8.3/10) - **Network Segmentation:** 7.9/10 (Category avg: 7.9/10) - **Workload Protection:** 9.2/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [ARMO](https://www.g2.com/sellers/armo) - **Year Founded:** 2019 - **HQ Location:** Tel Aviv, IL - **Twitter:** @armosec (3,092 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/armosec/ (88 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 59% Small-Business, 36% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (20 reviews) - Security (19 reviews) - Features (16 reviews) - Vulnerability Detection (12 reviews) - Comprehensive Security (11 reviews) **Cons:** - Learning Curve (10 reviews) - Integration Issues (9 reviews) - Difficult Learning (7 reviews) - Limited Integrations (6 reviews) - Missing Features (6 reviews) ### 10. [Calico](https://www.g2.com/products/calico-2025-10-31/reviews) The Calico platform, built on the most trusted open-source technologies in Kubernetes — Calico Open Source, Istio, Envoy, and eBPF — provides a single management plane for secure networking and observability for AI workloads. It can be deployed as Calico Cloud, a fully-managed SaaS platform, or Calico Enterprise, a self-managed platform. Calico works with popular managed Kubernetes services such as AKS, EKS, and GKE, as well as self-managed Kubernetes distributions including Red Hat OpenShift, SUSE/Rancher, VMware Tanzu, and Mirantis. Calico is the only platform with a pluggable data plane architecture enabling support for multiple data planes, including eBPF, nftables, standard Linux, VPP, and Windows. Calico secures 1 million+ clusters daily, and is used by leading companies, including NVIDIA, RBC, Bloomberg, Chipotle, GoDaddy, and Upwork. **Average Rating:** 4.5/5.0 **Total Reviews:** 42 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.1/10) - **Security Auditing:** 8.9/10 (Category avg: 8.3/10) - **Network Segmentation:** 9.3/10 (Category avg: 7.9/10) - **Workload Protection:** 8.8/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [Tigera](https://www.g2.com/sellers/tigera) - **Company Website:** https://www.tigera.io - **Year Founded:** 2016 - **HQ Location:** San Jose, CA - **Twitter:** @tigeraio (1,959 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10614868 (129 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 36% Enterprise, 36% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (19 reviews) - Security (15 reviews) - Customer Support (14 reviews) - Features (11 reviews) - Policy Management (11 reviews) **Cons:** - Complex Setup (7 reviews) - Complexity (6 reviews) - Difficult Configuration (6 reviews) - Difficult Learning (6 reviews) - Difficult Setup (6 reviews) ### 11. [CrowdSec](https://www.g2.com/products/crowdsec/reviews) CrowdSec is an open-source security stack that detects aggressive behaviors and prevents them from accessing your systems. Its user-friendly design and ease of integration into your current security infrastructure offer a low technical entry barrier and a high-security gain. Once an unwanted behavior is detected, it is automatically blocked. The aggressive IP, scenario triggered and the timestamp is sent for curation, to avoid poisoning & false positives. If verified, this IP is then redistributed to all CrowdSec users running the same scenario. By sharing the threat they faced, all users are protecting each other. **Average Rating:** 4.7/5.0 **Total Reviews:** 84 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.1/10) - **Security Auditing:** 0.0/10 (Category avg: 8.3/10) - **Network Segmentation:** 8.5/10 (Category avg: 7.9/10) - **Workload Protection:** 7.9/10 (Category avg: 8.0/10) **Seller Details:** - **Seller:** [CrowdSec](https://www.g2.com/sellers/crowdsec) - **Year Founded:** 2020 - **HQ Location:** Paris, FR - **Twitter:** @Crowd_Security (19,518 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/crowdsec/?originalSubdomain=fr (37 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 69% Small-Business, 21% Mid-Market ### 12. [ActiveState](https://www.g2.com/products/activestate/reviews) ActiveState provides the world's largest library of secure open source: 79 million (Java, Javascript, Python, R, Go, etc.) vetted components across all major language ecosystems, including transitive dependencies and OS-level libraries—built from source to ensure every component is verified, vulnerability-free, and continuously updated. Software teams improve security posture while accelerating development velocity. We deliver five critical outcomes. Counter Supply Chain Risks at Their Source Significantly reduce the possibility of inheriting malicious code from pre-built binaries. Replace risky, unvetted public components with secure, verifiable packages built directly from source. Gain provenance over your artifacts, ensuring bad actors and malware never reach your environment. - Protection from compromised package ecosystems and build systems - Mitigate high-profile malware attacks such as the npm Shai-Hulud attack and other future threats Continuous Remediation for Your Open Source Inventory Shift from reactive patching to proactive immunity. Maintain a hardened security posture with safe-by-default open source and continuous remediation across your inventory. ActiveState artifacts reduce your attack surface and evolve to help close vulnerabilities before they become incidents. - Up to 99% reduction in CVEs compared to community open source artifacts - Achieve up to 90% reduction in MTTR for future vulnerabilities Apply Frictionless Security Policies Embed governance directly into developer workflows without impeding engineering or adding costly CI/CD bloat. ActiveState solutions slot seamlessly into existing tools and AI coding assistants, transforming security policy from a blocker into an enabler that reduces open source approval workflows from weeks and days to just hours and minutes. - Reduce open source approval workflows from weeks and days to hours and minutes Audit Ready Compliance, Always Achieve continuous compliance with instant, granular visibility into components, licenses, and dependencies across your organization. ActiveState delivers comprehensive SBOMs and metadata by default, ensuring you can meet complex standards and minimizing the scramble of audit preparation. - Full visibility into your open source usage, including transitive and OS level dependencies Reclaim Developer Velocity and Focus Minimize high-value engineering hours on dependency conflicts, environment setup, research and remediation. ActiveState components and artifacts are fully managed to ensure they are always up to date and safe to use so your team can focus entirely on shipping revenue-generating features. - Free up 4-8 developer hours per CVE - 68% reduction in scanner noise from false positives **Average Rating:** 4.1/5.0 **Total Reviews:** 32 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.1/10) **Seller Details:** - **Seller:** [ActiveState](https://www.g2.com/sellers/activestate-fd82e7c7-dea3-4ff5-9e96-cc5cd7d39a87) - **Company Website:** https://www.activestate.com/ - **Year Founded:** 1997 - **HQ Location:** Vancouver, BC - **Twitter:** @ActiveState (4,020 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5052/ (70 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Computer & Network Security - **Company Size:** 51% Small-Business, 29% Mid-Market ## Parent Category [DevSecOps Software](https://www.g2.com/categories/devsecops) ## Related Categories - [Cloud Workload Protection Platforms](https://www.g2.com/categories/cloud-workload-protection-platforms) - [Cloud Compliance Software](https://www.g2.com/categories/cloud-compliance) - [Cloud Security Posture Management (CSPM) Software](https://www.g2.com/categories/cloud-security-posture-management-cspm)