# Best Software Composition Analysis Tools *By [Adam Crivello](https://research.g2.com/insights/author/adam-crivello)* Software composition analysis (SCA) tools enables users to analyze and manage the open-source elements of their applications. Companies and developers use SCA tools to verify licensing and assess vulnerabilities associated with each of their applications’ open-source components. More robust than [vulnerability scanner software](https://www.g2.com/categories/vulnerability-scanner), SCA tools automatically scan all open-source components to check for policy and license compliance, security risks, and version updates. SCA software also provides insights for remedying identified vulnerabilities, usually within the reports generated after a scan. Companies and developers often use SCA tools in conjunction with [static code analysis software](https://www.g2.com/categories/static-code-analysis), which scans the code behind their applications as opposed to the open-source components. To qualify for inclusion within the Software Composition Analysis (SCA) category, a product must: - Automatically track and analyze an application’s open source-components - Identify component vulnerabilities, licensing and compliance issues, and version updates - Provide insight into vulnerability remediation ## Top Software Composition Analysis Tools at a Glance | # | Product | Rating | Best For | What Users Say | |---|---------|--------|----------|----------------| | 1 | [Wiz](https://www.g2.com/products/wiz-wiz/reviews) | 4.7/5.0 (808 reviews) | Agentless code-to-cloud SCA with contextual risk prioritization | "[Wiz Delivers Clear Visibility Into Cloud Risks That Truly Matter](https://www.g2.com/survey_responses/wiz-review-12960477)" | | 2 | [GitHub](https://www.g2.com/products/github/reviews) | 4.7/5.0 (2,301 reviews) | Dependency vulnerability tracking with CI/CD-integrated code review | "[GitHub: The Foundation of OTHRAX Development](https://www.g2.com/survey_responses/github-review-12980262)" | | 3 | [Aikido Security](https://www.g2.com/products/aikido-security/reviews) | 4.6/5.0 (141 reviews) | Reachability-filtered dependency scanning with low-noise triage | "[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)" | | 4 | [Snyk](https://www.g2.com/products/snyk/reviews) | 4.5/5.0 (133 reviews) | Developer-native SCA with IDE-embedded remediation | "[Seamless Dev-First Security with Fast Scans and Actionable Fixes](https://www.g2.com/survey_responses/snyk-review-12676270)" | | 5 | [GitLab](https://www.g2.com/products/gitlab/reviews) | 4.5/5.0 (880 reviews) | Pipeline-embedded dependency and vulnerability scanning | "[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)" | | 6 | [Semgrep](https://www.g2.com/products/semgrep/reviews) | 4.6/5.0 (55 reviews) | Reachability-filtered SCA inside CI/CD pipelines | "[Powerful Rule Engine and Autofix, but Governance at Scale Needs Work](https://www.g2.com/survey_responses/semgrep-review-11893445)" | | 7 | [Cortex Cloud](https://www.g2.com/products/cortex-cloud/reviews) | 4.1/5.0 (115 reviews) | Multi-cloud vulnerability detection with automated remediation | "[Cortex Cloud Unifies Cloud Security with Real-Time Protection and Smart Prioritization](https://www.g2.com/survey_responses/cortex-cloud-review-12997786)" | | 8 | [OX Security](https://www.g2.com/products/ox-security/reviews) | 4.8/5.0 (51 reviews) | Consolidated open-source risk with SDLC-wide prioritization | "[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)" | | 9 | [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews) | 4.2/5.0 (135 reviews) | Artifact-native SCA with supply chain traceability | "[JFrog Simplifies Artifact Management for Organized, Reliable Deployments](https://www.g2.com/survey_responses/jfrog-review-12870354)" | | 10 | [CAST Highlight](https://www.g2.com/products/cast-highlight/reviews) | 4.5/5.0 (86 reviews) | Rapid OSS risk and cloud-readiness portfolio scanning | "[Efficient Analysis & Confident Modernization](https://www.g2.com/survey_responses/cast-highlight-review-12250186)" | ## How Many Software Composition Analysis Tools Products Does G2 Track? **Total Products under this Category:** 75 ### Category Stats (Jun 2026) - **Average Rating**: 4.49/5 The average rating of products in this category, based on all submitted ratings - **Top Trending Product**: Veracode Application Security Platform (+0.74%) - Among all products in this category, Veracode Application Security Platform recorded the largest rating increase compared to last month *Last updated: June 24, 2026* ## How Does G2 Rank Software Composition Analysis Tools Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 6,100+ Authentic Reviews - 75+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Which Software Composition Analysis Tools Is Best for Your Use Case? - **Leader:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Easiest to Use:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Best Free Software:** [GitLab](https://www.g2.com/products/gitlab/reviews) --- **Sponsored** ### CAST Highlight By scanning the source code of your applications, CAST Highlight instantly maps your software, generating the insights to understand, improve, and transform it. CIOs, CTOs, Enterprise Architects use CAST to: - Get the true view of all technologies and frameworks - Quantify technical debt and the ways to pay it down - See what’s going to break next, and how best to fix it - Drive cloud adoption faster, knowing what to move and optimize - Prove progress to the board with facts and industry benchmarks Businesses move faster using CAST technology to understand, improve, and transform their software. Through semantic analysis of source code, CAST produces 3D maps and dashboards to navigate inside individual applications and across entire portfolios. This intelligence empowers executives and technology leaders to steer, speed, and report on initiatives such as technical debt, GenAI, modernization, and cloud. As the pioneer of the software intelligence field, CAST is trusted by the world’s leading companies and governments, their consultancies and cloud providers. See it all at castsoftware.com. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2041&secure%5Bdisplayable_resource_id%5D=2041&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=2041&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=58553&secure%5Bresource_id%5D=2041&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fsoftware-composition-analysis&secure%5Btoken%5D=8507fe64e21e4de91b697c990b403baf07252ce8e3cfa0a727404cd28c1eca99&secure%5Burl%5D=https%3A%2F%2Fwww.castsoftware.com%2Ftryhighlight%3Futm_campaign%3Dg2_clicks_ads%26utm_source%3Dcast_highlight%26utm_medium%3Dtrial_request&secure%5Burl_type%5D=free_trial) --- ## What Are the Top-Rated Software Composition Analysis Tools Products in 2026? ### 1. [Wiz](https://www.g2.com/products/wiz-wiz/reviews) Wiz transforms cloud security for customers – including more than 50% of the Fortune 100 – by enabling a new operating model. With Wiz, organizations can democratize security across the development lifecycle, empowering them to build fast and securely. Its Cloud Native Application Protection Platform (CNAPP) consolidates CSPM, KSPM, CWPP, Vulnerability management, IaC scanning, CIEM, DSPM into a single platform. Wiz drives visibility, risk prioritization, and business agility. Protecting Your Cloud Environments Requires a Unified, Cloud Native Platform. Wiz connects to every cloud environment, scans every layer, and covers every aspect of your cloud security - including elements that normally require installing agents. Its comprehensive approach has all of these cloud security solutions built in. Hundreds of organizations worldwide, including 50 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman & Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks, Lightspeed and Aglaé. Visit https://www.wiz.io for more information. **Average Rating:** 4.7/5.0 **Total Reviews:** 808 **How Do G2 Users Rate Wiz?** - **Quality of Support:** 9.2/10 (Category avg: 9.0/10) - **Language Support:** 8.8/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.2/10 (Category avg: 8.8/10) - **Integration:** 9.3/10 (Category avg: 8.9/10) **Who Is the Company Behind Wiz?** - **Seller:** [Wiz](https://www.g2.com/sellers/wiz-76a0133b-42e5-454e-b5da-860e503471db) - **Company Website:** https://www.wiz.io/ - **Year Founded:** 2020 - **HQ Location:** New York, US - **Twitter:** @wiz_io (24,733 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/wizsecurity/ (3,383 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CISO, Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 54% Enterprise, 38% Mid-Market #### What Are Wiz's Pros and Cons? **Pros:** - Features (110 reviews) - Security (107 reviews) - Ease of Use (104 reviews) - Visibility (86 reviews) - Easy Setup (67 reviews) **Cons:** - Learning Curve (34 reviews) - Feature Limitations (33 reviews) - Improvement Needed (33 reviews) - Improvements Needed (28 reviews) - Complexity (27 reviews) ### What Do G2 Reviewers Say About Wiz? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **capable APIs and user-friendly UI** , enhancing daily use and insightful issue resolution. - Users appreciate the **robust security features** of Wiz, enhancing visibility and efficiency in managing multi-cloud environments. - Users highlight the **ease of use** of Wiz, allowing quick integration and seamless multi-module functionality for all team members. - Users value the **enhanced visibility** of Wiz, which strengthens security and simplifies risk management across their organization. - Users appreciate the **easy setup** of Wiz, enabling quick deployment and allowing teams to utilize the platform effectively. **Cons:** - Users face a **steep learning curve** with Wiz, making it challenging to navigate its extensive features effectively. - Users find the **feature limitations** of Wiz frustrating, citing difficulties in reporting and managing multiple projects effectively. - Users experience **laggy query performance** and seek improvements in dashboard reporting for better project management. - Users note that **dashboard reporting needs improvement** for better multi-project visibility and faster feature utilization. - Users find the **interface overwhelming** initially, as mastering the complexity of the data requires time and effort. #### What Are Recent G2 Reviews of Wiz? **"[Wiz Delivers Clear Visibility Into Cloud Risks That Truly Matter](https://www.g2.com/survey_responses/wiz-review-12960477)"** **Rating:** 4.5/5.0 stars *— Jason I.* [Read full review](https://www.g2.com/survey_responses/wiz-review-12960477) --- **"[Excellent Cloud Risk Visibility and Fast Insights with Wiz](https://www.g2.com/survey_responses/wiz-review-12964571)"** **Rating:** 4.5/5.0 stars *— Ruben F.* [Read full review](https://www.g2.com/survey_responses/wiz-review-12964571) --- ### 2. [GitHub](https://www.g2.com/products/github/reviews) GitHub is where the world builds software. Millions of individuals, organizations and businesses around the world use GitHub to discover, share, and contribute software. Developers at startups to Fortune 50 companies use GitHub, every step of the way. **Average Rating:** 4.7/5.0 **Total Reviews:** 2,301 **How Do G2 Users Rate GitHub?** - **Quality of Support:** 8.7/10 (Category avg: 9.0/10) - **Language Support:** 8.8/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10) - **Integration:** 9.0/10 (Category avg: 8.9/10) **Who Is the Company Behind GitHub?** - **Seller:** [GitHub](https://www.g2.com/sellers/github) - **Year Founded:** 2008 - **HQ Location:** San Francisco, CA - **Twitter:** @github (2,673,925 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1418841/ (6,106 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer, Senior Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 47% Small-Business, 31% Mid-Market #### What Are GitHub's Pros and Cons? **Pros:** - Features (113 reviews) - Ease of Use (102 reviews) - Team Collaboration (102 reviews) - Collaboration (97 reviews) - Version Control (97 reviews) **Cons:** - Complexity (45 reviews) - Learning Curve (42 reviews) - Difficulty for Beginners (40 reviews) - Learning Difficulty (38 reviews) - Steep Learning Curve (34 reviews) ### What Do G2 Reviewers Say About GitHub? *AI-generated summary from verified user reviews* **Pros:** - Users value the **seamless collaboration and powerful version control** features, enhancing productivity and project management. - Users find GitHub's **ease of use** invaluable for collaboration and version control, enhancing their coding experience. - Users appreciate the **seamless team collaboration** offered by GitHub, enhancing project transparency and workflow management. - Users celebrate GitHub's **seamless collaboration** , enhancing code sharing, project transparency, and community-driven innovation. - Users value GitHub for its **effective version control** , enhancing collaboration and simplifying code tracking within projects. **Cons:** - Users find the **complexity** of GitHub challenging, especially with advanced features and managing large repositories. - Users find the **learning curve steep** , especially with CI/CD workflows and managing permissions in GitHub. - Users find the **complexity** of GitHub challenging, especially with designing CI/CD workflows and managing permissions. - Users find GitHub's interface **overly complex for newcomers** , making navigation and understanding features quite challenging. - Users find the **steep learning curve** of GitHub challenging, particularly with complex actions and permission management. #### What Are Recent G2 Reviews of GitHub? **"[GitHub: The Foundation of OTHRAX Development](https://www.g2.com/survey_responses/github-review-12980262)"** **Rating:** 4.5/5.0 stars *— Othrax B.* [Read full review](https://www.g2.com/survey_responses/github-review-12980262) --- **"[My Experience Using GitHub for Daily Development](https://www.g2.com/survey_responses/github-review-12975227)"** **Rating:** 4.5/5.0 stars *— Balram T.* [Read full review](https://www.g2.com/survey_responses/github-review-12975227) --- #### What Are G2 Users Discussing About GitHub? - [How is GitHub shaping the landscape of collaborative software development and version control?](https://www.g2.com/discussions/how-is-github-shaping-the-landscape-of-collaborative-software-development-and-version-control) - 4 comments - [What is GitHub used for?](https://www.g2.com/discussions/what-is-github-used-for) - 8 comments, 4 upvotes - [What does GitHub mean?](https://www.g2.com/discussions/what-does-github-mean) - 2 comments - [Is GitHub a CASE tool?](https://www.g2.com/discussions/is-github-a-case-tool) - [What can GitHub be used for?](https://www.g2.com/discussions/what-can-github-be-used-for) - 5 comments ### 3. [Aikido Security](https://www.g2.com/products/aikido-security/reviews) Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. **Average Rating:** 4.6/5.0 **Total Reviews:** 141 **How Do G2 Users Rate Aikido Security?** - **Quality of Support:** 9.3/10 (Category avg: 9.0/10) - **Language Support:** 9.0/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10) - **Integration:** 9.0/10 (Category avg: 8.9/10) **Who Is the Company Behind Aikido Security?** - **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security) - **Company Website:** https://aikido.dev - **Year Founded:** 2022 - **HQ Location:** Ghent, Belgium - **Twitter:** @AikidoSecurity (11,770 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CTO, Founder - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 70% Small-Business, 18% Mid-Market #### What Are Aikido Security's Pros and Cons? **Pros:** - Ease of Use (78 reviews) - Security (55 reviews) - Features (52 reviews) - Easy Integrations (47 reviews) - Easy Setup (47 reviews) **Cons:** - Missing Features (19 reviews) - Expensive (17 reviews) - Limited Features (16 reviews) - Pricing Issues (15 reviews) - Lacking Features (14 reviews) ### What Do G2 Reviewers Say About Aikido Security? *AI-generated summary from verified user reviews* **Pros:** - Users find Aikido Security's **ease of use** impressive, benefiting from seamless integration and clear actionable insights. - Users appreciate the **comprehensive security capabilities** of Aikido Security, seamlessly integrating multiple security features into workflows. - Users appreciate the **intuitive dashboard and comprehensive security features** of Aikido Security, enhancing codebase vulnerability management. - Users value the **easy integrations** with GitHub and other platforms, enhancing team collaboration and management. - Users find the **easy setup** of Aikido Security impressive, enabling quick implementation and efficient updates. **Cons:** - Users are disappointed by the **missing features** of Aikido Security, particularly in advanced reporting and analysis tools. - Users find the **pricing structure expensive** for small businesses, making upgrades hard to justify. - Users note the **limited features** in the free plan and desire more advanced options for customization and reporting. - Users find the **pricing structure problematic** , as it's not suitable for micro businesses and startups. - Users feel Aikido Security is **lacking features** , particularly in areas like advanced reporting and in-depth analysis. #### What Are Recent G2 Reviews of Aikido Security? **"[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)"** **Rating:** 4.0/5.0 stars *— Dylan E.* [Read full review](https://www.g2.com/survey_responses/aikido-security-review-12747129) --- **"[AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos](https://www.g2.com/survey_responses/aikido-security-review-13024655)"** **Rating:** 5.0/5.0 stars *— Jonathon K.* [Read full review](https://www.g2.com/survey_responses/aikido-security-review-13024655) --- ### 4. [Snyk](https://www.g2.com/products/snyk/reviews) Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer security solutions enable modern applications to be built securely, empowering developers to own and build security for the whole application, from code & open source to containers & cloud infrastructure. Secure while you code in your IDE: find issues quickly using the scanner, fix issues easily with remediation advice, verify the updated code. Integrate your source code repositories to secure applications: integrate a repository to find issues, prioritize with context, fix & merge. Secure your containers as you build, throughout the SDLC: start fixing containers as soon as your write a Dockerfile, continuously monitor container images throughout their lifecycle, and prioritize with context. Secure build and deployment pipelines: Integrate natively with your CI/CD tool, configure your rules, find & fix issues in your application, and monitor your applications. Secure your apps quickly with Snyk’s vulnerability scanning and automated fixes - Try for Free! **Average Rating:** 4.5/5.0 **Total Reviews:** 133 **How Do G2 Users Rate Snyk?** - **Quality of Support:** 8.7/10 (Category avg: 9.0/10) - **Language Support:** 8.1/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.7/10 (Category avg: 8.8/10) - **Integration:** 8.8/10 (Category avg: 8.9/10) **Who Is the Company Behind Snyk?** - **Seller:** [Snyk](https://www.g2.com/sellers/snyk) - **HQ Location:** Boston, Massachusetts - **Twitter:** @snyksec (21,057 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10043614/ (1,370 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 44% Mid-Market, 35% Small-Business #### What Are Snyk's Pros and Cons? **Pros:** - Easy Integrations (5 reviews) - Vulnerability Detection (5 reviews) - Ease of Use (4 reviews) - User Interface (4 reviews) - Vulnerability Identification (4 reviews) **Cons:** - Expensive (3 reviews) - False Positives (3 reviews) - Poor Interface Design (2 reviews) - Pricing Issues (2 reviews) - Scanning Issues (2 reviews) ### What Do G2 Reviewers Say About Snyk? *AI-generated summary from verified user reviews* **Pros:** - Users praise Snyk for its **easy integration setup** , facilitating seamless vulnerability management in development workflows. - Users value Snyk for its **rapid vulnerability detection** , ensuring code security and efficient issue resolution for teams. - Users find Snyk's interface **highly intuitive and easy to use** , streamlining vulnerability management across teams and projects. - Users value the **intuitive GUI** of Snyk, facilitating efficient vulnerability management and clear reporting for developers. - Users appreciate Snyk's **effective vulnerability identification** that enhances security and improves code quality effortlessly. **Cons:** - Users find Snyk to be **very expensive** , making it a significant consideration when choosing the platform. - Users often experience **false positives** from Snyk, which can hinder workflow and cause unnecessary concerns. - Users find the **poor interface design** of Snyk less intuitive, impacting their overall experience with the product. - Users express concerns about **high pricing issues** with Snyk, despite acknowledging the platform's long-term value. - Users report **scanning issues** with false positives and slow scan times, impacting pipeline efficiency and integration. #### What Are Recent G2 Reviews of Snyk? **"[Seamless Dev-First Security with Fast Scans and Actionable Fixes](https://www.g2.com/survey_responses/snyk-review-12676270)"** **Rating:** 4.5/5.0 stars *— Prateek J.* [Read full review](https://www.g2.com/survey_responses/snyk-review-12676270) --- **"[Seamless DevSecOps with Smart PR Patching and Actionable Vulnerability Insights](https://www.g2.com/survey_responses/snyk-review-12669557)"** **Rating:** 4.0/5.0 stars *— Mainak S.* [Read full review](https://www.g2.com/survey_responses/snyk-review-12669557) --- #### What Are G2 Users Discussing About Snyk? - [What is Snyk scanning?](https://www.g2.com/discussions/what-is-snyk-scanning) - 2 comments, 2 upvotes - [Is Snyk a SaaS?](https://www.g2.com/discussions/is-snyk-a-saas) - 2 comments - [How good is Snyk?](https://www.g2.com/discussions/how-good-is-snyk) - 2 comments - [What is Snyk used for?](https://www.g2.com/discussions/what-is-snyk-used-for) ### 5. [GitLab](https://www.g2.com/products/gitlab/reviews) GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps your teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. What makes us truly different? - Flexibility: Consume as a service or manage your own deployment - Cloud-Agnostic: Deploy anywhere with no vendor lock-in - No rip and replace: Scale to a platform approach at your own pace **Average Rating:** 4.5/5.0 **Total Reviews:** 880 **How Do G2 Users Rate GitLab?** - **Quality of Support:** 8.5/10 (Category avg: 9.0/10) - **Language Support:** 8.7/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10) - **Integration:** 8.8/10 (Category avg: 8.9/10) **Who Is the Company Behind GitLab?** - **Seller:** [GitLab Inc.](https://www.g2.com/sellers/gitlab-inc) - **Company Website:** https://about.gitlab.com/ - **Year Founded:** 2014 - **HQ Location:** San Francisco, California - **Twitter:** @gitlab (171,534 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5101804/ (3,473 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer, Senior Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 37% Mid-Market, 36% Small-Business #### What Are GitLab's Pros and Cons? **Pros:** - Ease of Use (40 reviews) - Features (39 reviews) - CI (33 reviews) - Integrations (32 reviews) - CD Integration (31 reviews) **Cons:** - Complexity (20 reviews) - Difficult Learning (18 reviews) - Confusing Interface (15 reviews) - Complex User Interface (14 reviews) - Learning Curve (13 reviews) ### What Do G2 Reviewers Say About GitLab? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **ease of use** in GitLab, seamlessly integrating multiple DevOps processes into one platform. - Users appreciate the **unified DevOps platform** of GitLab, streamlining development with integrated tools and features. - Users appreciate the **powerful and easy-to-configure CI/CD integration** of GitLab, enhancing automation from code to deployment. - Users value the **seamless integrations** in GitLab, streamlining workflows across development and project management tools. - Users appreciate the **seamless CI/CD integration** in GitLab, enabling efficient automation from code to deployment. **Cons:** - Users find the **complexity** of GitLab's structure and management challenging, especially for newcomers and autoscaling setups. - Users experience a **difficult learning curve** with GitLab, especially when adapting to its unique structure and features. - Users find GitLab's interface **confusing and complex** , making it challenging for new users to navigate effectively. - Users find the **complex user interface** challenging, requiring significant effort to navigate and understand functionalities. - Users find the **steep learning curve** of GitLab challenging, especially for newcomers adjusting to its features and UI. #### What Are Recent G2 Reviews of GitLab? **"[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)"** **Rating:** 5.0/5.0 stars *— mani s.* [Read full review](https://www.g2.com/survey_responses/gitlab-review-12864830) --- **"[User-Friendly Gitlab with Powerful APIs for Smooth Integrations](https://www.g2.com/survey_responses/gitlab-review-12778582)"** **Rating:** 4.5/5.0 stars *— Prasanth N.* [Read full review](https://www.g2.com/survey_responses/gitlab-review-12778582) --- #### What Are G2 Users Discussing About GitLab? - [What is GitLab used for?](https://www.g2.com/discussions/what-is-gitlab-used-for) - 2 comments - [Why GitLab is better than Jenkins?](https://www.g2.com/discussions/why-gitlab-is-better-than-jenkins) - 1 comment - [Is GitLab paid?](https://www.g2.com/discussions/is-gitlab-paid) - 5 comments, 2 upvotes - [Is GitLab free software?](https://www.g2.com/discussions/is-gitlab-free-software) - 4 comments, 1 upvote - [What can GitLab do?](https://www.g2.com/discussions/what-can-gitlab-do) - 2 comments ### 6. [Semgrep](https://www.g2.com/products/semgrep/reviews) Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments. **Average Rating:** 4.6/5.0 **Total Reviews:** 55 **How Do G2 Users Rate Semgrep?** - **Quality of Support:** 8.8/10 (Category avg: 9.0/10) - **Language Support:** 8.4/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.3/10 (Category avg: 8.8/10) - **Integration:** 8.2/10 (Category avg: 8.9/10) **Who Is the Company Behind Semgrep?** - **Seller:** [Semgrep](https://www.g2.com/sellers/semgrep) - **Company Website:** https://semgrep.dev - **Year Founded:** 2017 - **HQ Location:** San Francisco, US - **Twitter:** @semgrep (4,433 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/returntocorp (262 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 45% Enterprise, 42% Mid-Market #### What Are Semgrep's Pros and Cons? **Pros:** - Ease of Use (16 reviews) - Features (14 reviews) - Vulnerability Detection (13 reviews) - Scanning Efficiency (12 reviews) - Security (12 reviews) **Cons:** - Not User-Friendly (7 reviews) - Limited Features (6 reviews) - Difficult Learning (5 reviews) - Lack of Guidance (5 reviews) - Learning Curve (5 reviews) ### What Do G2 Reviewers Say About Semgrep? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **ease of use** of Semgrep, seamlessly integrating into workflows and enhancing developer efficiency. - Users highlight Semgrep's **ease of use and efficacy** , making it invaluable for validation and QA testing tasks. - Users value Semgrep's **customizable vulnerability detection** , enhancing security and efficiency in their development workflows. - Users benefit from the **fast scanning efficiency** of Semgrep, allowing early detection of issues before production. - Users value Semgrep for its **highly customizable rule engine** , enhancing security and vulnerability detection in applications. **Cons:** - Users find Semgrep to be **not user-friendly** , often requiring assistance and facing a steep learning curve for configurations. - Users find Semgrep's **limited features** hinder its effectiveness, especially in scanning for diverse security vulnerabilities. - Users find the **difficult learning curve** for custom rule syntax hinders their initial experience with Semgrep. - Users face a **lack of guidance** when creating custom rules and prioritizing complex vulnerabilities effectively in Semgrep. - Users experience a **steep learning curve** with Semgrep, particularly in mastering custom rule syntax and pattern matching. #### What Are Recent G2 Reviews of Semgrep? **"[Streamlined Code Security with Semgrep](https://www.g2.com/survey_responses/semgrep-review-11971635)"** **Rating:** 5.0/5.0 stars *— Shreekanth k.* [Read full review](https://www.g2.com/survey_responses/semgrep-review-11971635) --- **"[Powerful Rule Engine and Autofix, but Governance at Scale Needs Work](https://www.g2.com/survey_responses/semgrep-review-11893445)"** **Rating:** 4.5/5.0 stars *— Verified User in Information Technology and Services* [Read full review](https://www.g2.com/survey_responses/semgrep-review-11893445) --- ### 7. [Cortex Cloud](https://www.g2.com/products/cortex-cloud/reviews) Cortex Cloud by Palo Alto Networks, the next version of Prisma Cloud, understands a unified security approach is essential for effectively addressing AppSec, CloudSec, and SecOps. Connecting cloud security and SOC workflows enables teams to achieve holistic visibility, trace risk across the lifecycle, and correlate real-time threat activity with development and runtime contexts. Cortex Cloud is a unified platform built on three core pillars: data integration, AI-driven intelligence, and automation. Now you can safeguard applications, data, and infrastructure across multicloud and hybrid environments with a unified data model that consolidates telemetry from code, runtime, identity, and endpoints, all into a single data source. Empower teams with precise, AI-powered insights and 2200+ machine learning models to identify and stop zero-day threats with real-time advanced threat detection and response. And automate with 1000+ prebuilt playbooks across your cloud stack to reduce manual workloads, accelerate remediations, and cut response times tenfold. Cortex Cloud delivers more than tools—it transforms how organizations secure their cloud environments. **Average Rating:** 4.1/5.0 **Total Reviews:** 115 **How Do G2 Users Rate Cortex Cloud?** - **Quality of Support:** 7.9/10 (Category avg: 9.0/10) - **Language Support:** 6.7/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 7.2/10 (Category avg: 8.8/10) - **Integration:** 9.2/10 (Category avg: 8.9/10) **Who Is the Company Behind Cortex Cloud?** - **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks) - **Company Website:** https://www.paloaltonetworks.com - **Year Founded:** 2005 - **HQ Location:** Santa Clara, CA - **Twitter:** @PaloAltoNtwks (128,951 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (22,313 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 39% Enterprise, 32% Mid-Market #### What Are Cortex Cloud's Pros and Cons? **Pros:** - Ease of Use (49 reviews) - Features (45 reviews) - Security (43 reviews) - Visibility (38 reviews) - Cloud Integration (34 reviews) **Cons:** - Expensive (31 reviews) - Difficult Learning (30 reviews) - Learning Curve (29 reviews) - Pricing Issues (24 reviews) - Complex Setup (21 reviews) ### What Do G2 Reviewers Say About Cortex Cloud? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **ease of use** of Cortex Cloud, enjoying streamlined management and effortless integration with existing systems. - Users value the **reduced complexity and efficiency** of Cortex Cloud, benefiting from streamlined management and robust integrations. - Users value the **comprehensive security features** of Cortex Cloud, especially for cloud-native applications across diverse environments. - Users value the **comprehensive visibility** offered by Cortex Cloud, enhancing efficiency and simplifying service management. - Users appreciate the **seamless cloud integration** of Cortex Cloud, enhancing efficiency and organization in their workflows. **Cons:** - Users find Cortex Cloud to be **expensive** , particularly challenging for smaller teams managing tight budgets. - Users often find the **difficult learning curve** of Cortex Cloud challenging, especially for beginners navigating its features. - Users face a **steep learning curve** with Cortex Cloud due to its unintuitive features and initial setup challenges. - Users find the **pricing issues** of Cortex Cloud challenging, particularly for smaller teams managing costs. - Users find the **complex setup** of Cortex Cloud challenging, especially for newcomers without prior experience. #### What Are Recent G2 Reviews of Cortex Cloud? **"[Cortex Cloud Ends Tool Sprawl with a True Single Pane of Glass](https://www.g2.com/survey_responses/cortex-cloud-review-12972861)"** **Rating:** 4.5/5.0 stars *— Murtuza M.* [Read full review](https://www.g2.com/survey_responses/cortex-cloud-review-12972861) --- **"[Cortex Cloud Unifies Cloud Security with Real-Time Protection and Smart Prioritization](https://www.g2.com/survey_responses/cortex-cloud-review-12997786)"** **Rating:** 4.0/5.0 stars *— Galateya M.* [Read full review](https://www.g2.com/survey_responses/cortex-cloud-review-12997786) --- ### 8. [OX Security](https://www.g2.com/products/ox-security/reviews) OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform. Unlike traditional “Shift Left” approaches that collapsed under AI’s speed, VibeSec makes software secure by default by preventing risks before they exist. Powered by the OX AI Data Lake and dynamic code-to-runtime context, OX Security delivers: Autonomous, embedded security that runs as fast as developers. Dynamic risk context that shrinks security backlogs before they spiral. Continuous alignment across code, cloud, APIs, and runtime. With OX, developers focus on building while security runs itself, giving enterprises complete confidence that every release ships secure. OX Security -Vendor desc (request to update): OX Security is the company behind VibeSec, an AI-native autonomous security platform built for the AI development era. Unlike traditional tools that chase vulnerabilities after code is written, VibeSec embeds dynamic security context directly into AI coding environments like Cursor and Copilot. The result: every line of code is secure by default. For the first time, security moves at the speed of AI-driven development, preventing vulnerabilities before they exist, shrinking backlogs with every commit, and making security a seamless part of the development flow. **Average Rating:** 4.8/5.0 **Total Reviews:** 51 **How Do G2 Users Rate OX Security?** - **Quality of Support:** 9.6/10 (Category avg: 9.0/10) - **Language Support:** 8.7/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.8/10 (Category avg: 8.8/10) - **Integration:** 9.4/10 (Category avg: 8.9/10) **Who Is the Company Behind OX Security?** - **Seller:** [OX Security](https://www.g2.com/sellers/ox-security) - **Year Founded:** 2021 - **HQ Location:** New York, USA - **LinkedIn® Page:** https://www.linkedin.com/company/ox-security/ (199 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 63% Mid-Market, 25% Enterprise #### What Are OX Security's Pros and Cons? **Pros:** - Features (27 reviews) - Ease of Use (23 reviews) - Customer Support (22 reviews) - Integration Support (22 reviews) - Security (22 reviews) **Cons:** - Integration Issues (8 reviews) - Missing Features (8 reviews) - Complexity (5 reviews) - Inadequate Reporting (5 reviews) - Limited Cloud Integration (5 reviews) ### What Do G2 Reviewers Say About OX Security? *AI-generated summary from verified user reviews* **Pros:** - Users value the **comprehensive security testing features** of OX Security, enhancing organization-wide security management and integration. - Users find OX Security to be **user-friendly** , featuring a streamlined dashboard and seamless integration capabilities. - Users appreciate the **responsive customer support** from OX Security, enhancing overall experience and satisfaction. - Users value the **seamless and fast integration** with tools, enhancing their overall experience with OX Security. - Users value the **comprehensive security capabilities** of OX Security, appreciating its user-friendly interface and robust support. **Cons:** - Users face **integration issues** with OX Security, particularly regarding documentation and compatibility with various tools. - Users note **missing features** in OX Security, particularly in language support and SIEM integration options. - Users find the **complexity** of OX Security overwhelming, facing a steep learning curve and insufficient documentation. - Users find OX Security's **inadequate reporting** limits their ability to effectively demonstrate progress and value to management. - Users note the **limited cloud integration** with SIEM systems and specific development tools, affecting overall functionality. #### What Are Recent G2 Reviews of OX Security? **"[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)"** **Rating:** 4.5/5.0 stars *— Verified User in Gambling & Casinos* [Read full review](https://www.g2.com/survey_responses/ox-security-review-10961361) --- **"[A Transformative Game-Changer in Application Security Posture Management](https://www.g2.com/survey_responses/ox-security-review-10618682)"** **Rating:** 5.0/5.0 stars *— Dudi E.* [Read full review](https://www.g2.com/survey_responses/ox-security-review-10618682) --- ### 9. [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews) JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps, DevGovOps and MLOps platform, is on a mission to create a world of software delivered without friction from development to production. Driven by a “Liquid Software” vision to keep software continuously flowing, secure, and always up to date, the JFrog Platform serves as the definitive software supply chain system of record. It is uniquely engineered to power organizations as they build, manage, and distribute trusted software with unprecedented speed, security, and scale across hybrid and multi-cloud environments. As software engineering evolves in the AI era, JFrog’s newest offerings address the industry's most pressing trend: the rise of agentic software development and the hidden security risks of "Shadow AI." In response to threat actors increasingly targeting developer workflows including a massive surge in malicious open-source AI models and infected packages; JFrog has expanded its platform capabilities to deliver absolute end-to-end visibility and automated compliance. Key new innovations include the JFrog AI Catalog, which enables organizations to centralize, govern, and control the lifecycle of AI models approved for enterprise use. To secure autonomous coding environments, JFrog introduced the Universal MCP Registry and the Agent Skills Registry (developed alongside NVIDIA). These new solutions establish the industry’s first enterprise-grade trust layer to safely manage and store AI agent skills, monitor connections, and instantly block unsafe developer tools or malicious coding extensions right where developers work. Furthermore, the integration of advanced DevGovOps and Runtime Security tools allows teams to replace slow, manual compliance audits with continuous, background policy enforcement. By shifting security left directly into the binary pipeline, JFrog ensures that the volume of AI-assisted code does not outpace an organization's ability to verify its safety. Today, millions of users and approximately 6,600 organizations worldwide, including a majority of the Fortune 100, depend on the universal JFrog Platform to eliminate point-solution fatigue, bridge the governance gap, and securely embrace digital transformation. Learn more at www.jfrog.com or follow us on X @JFrog. **Average Rating:** 4.2/5.0 **Total Reviews:** 135 **How Do G2 Users Rate JFrog?** - **Quality of Support:** 8.3/10 (Category avg: 9.0/10) - **Language Support:** 8.7/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.4/10 (Category avg: 8.8/10) - **Integration:** 8.3/10 (Category avg: 8.9/10) **Who Is the Company Behind JFrog?** - **Seller:** [JFrog Ltd](https://www.g2.com/sellers/jfrog-ltd) - **Company Website:** https://jfrog.com - **Year Founded:** 2008 - **HQ Location:** Sunnyvale, CA - **Twitter:** @jfrog (23,186 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/jfrog-ltd/ (2,364 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer, DevOps Engineer - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 51% Enterprise, 31% Mid-Market #### What Are JFrog's Pros and Cons? **Pros:** - Features (18 reviews) - Repository Management (14 reviews) - Deployment (13 reviews) - Integrations (12 reviews) - Easy Integrations (11 reviews) **Cons:** - Complexity (9 reviews) - Expensive (8 reviews) - Learning Curve (8 reviews) - Difficult Learning (7 reviews) - Learning Difficulty (7 reviews) ### What Do G2 Reviewers Say About JFrog? *AI-generated summary from verified user reviews* **Pros:** - Users value the **unified requirements** and **extensive registry support** of JFrog for effective DevOps management. - As a DevOps engineer, I value JFrog for its **efficient repository management** and reliable tracking of artifacts across environments. - Users value the **seamless integration** of JFrog with CI/CD tools, enhancing automation and streamlining development processes. - Users value the **extensive integration capabilities** of JFrog, enhancing their CI/CD workflows across multiple package formats. - Users appreciate the **easy integrations** of JFrog, allowing seamless collaboration across various tools and technologies. **Cons:** - Users find JFrog's **complexity** overwhelming, needing extensive training to navigate its numerous features and tools effectively. - Users find JFrog to be **expensive** , especially for smaller teams and individual developers, making adoption challenging. - Users often face a **steep learning curve** with JFrog, requiring significant time to become proficient. - Users find JFrog's **difficult learning curve** daunting, often requiring extensive training to navigate its complexities effectively. - Users find the **steep learning curve** of JFrog challenging, requiring significant time investment for proficiency. #### What Are Recent G2 Reviews of JFrog? **"[JFrog Simplifies Artifact Management for Organized, Reliable Deployments](https://www.g2.com/survey_responses/jfrog-review-12870354)"** **Rating:** 4.5/5.0 stars *— Subhashree S.* [Read full review](https://www.g2.com/survey_responses/jfrog-review-12870354) --- **"[Efficient, Scalable Artifact Management That Streamlines the Software Delivery Lifecycle](https://www.g2.com/survey_responses/jfrog-review-12788318)"** **Rating:** 4.0/5.0 stars *— Arkajit D.* [Read full review](https://www.g2.com/survey_responses/jfrog-review-12788318) --- #### What Are G2 Users Discussing About JFrog? - [What are the benefits and challenges of using JFrog for managing your software supply chain?](https://www.g2.com/discussions/what-are-the-benefits-and-challenges-of-using-jfrog-for-managing-your-software-supply-chain) - [What does Jfrog Platform do?](https://www.g2.com/discussions/what-does-jfrog-platform-do) - [What is difference between JFrog and Nexus?](https://www.g2.com/discussions/what-is-difference-between-jfrog-and-nexus) - [What is Artifactory software used for?](https://www.g2.com/discussions/what-is-artifactory-software-used-for) ### 10. [CAST Highlight](https://www.g2.com/products/cast-highlight/reviews) By scanning the source code of your applications, CAST Highlight instantly maps your software, generating the insights to understand, improve, and transform it. CIOs, CTOs, Enterprise Architects use CAST to: - Get the true view of all technologies and frameworks - Quantify technical debt and the ways to pay it down - See what’s going to break next, and how best to fix it - Drive cloud adoption faster, knowing what to move and optimize - Prove progress to the board with facts and industry benchmarks Businesses move faster using CAST technology to understand, improve, and transform their software. Through semantic analysis of source code, CAST produces 3D maps and dashboards to navigate inside individual applications and across entire portfolios. This intelligence empowers executives and technology leaders to steer, speed, and report on initiatives such as technical debt, GenAI, modernization, and cloud. As the pioneer of the software intelligence field, CAST is trusted by the world’s leading companies and governments, their consultancies and cloud providers. See it all at castsoftware.com. **Average Rating:** 4.5/5.0 **Total Reviews:** 86 **How Do G2 Users Rate CAST Highlight?** - **Quality of Support:** 9.1/10 (Category avg: 9.0/10) - **Language Support:** 8.5/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.5/10 (Category avg: 8.8/10) - **Integration:** 8.5/10 (Category avg: 8.9/10) **Who Is the Company Behind CAST Highlight?** - **Seller:** [CAST](https://www.g2.com/sellers/cast) - **Company Website:** https://www.castsoftware.com - **Year Founded:** 1990 - **HQ Location:** New York - **Twitter:** @SW_Intelligence (1,887 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cast/ (1,264 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 57% Enterprise, 24% Small-Business #### What Are CAST Highlight's Pros and Cons? **Pros:** - Ease of Use (8 reviews) - Easy Setup (4 reviews) - Cloud Services (3 reviews) - Efficiency (3 reviews) - Real-time Monitoring (3 reviews) **Cons:** - Complex Navigation (1 reviews) - Dashboard Issues (1 reviews) - Delayed Detection (1 reviews) - Difficulty (1 reviews) - Expensive (1 reviews) ### What Do G2 Reviewers Say About CAST Highlight? *AI-generated summary from verified user reviews* **Pros:** - Users find CAST Highlight to be incredibly **easy to use** , simplifying portfolio assessments with quick, actionable insights. - Users appreciate the **easy setup** of CAST Highlight, enabling efficient integration and immediate insights into legacy systems. - Users value the **invaluable cloud compatibility assessments** CAST Highlight provides, aiding in migration and risk analysis. - Users value the **efficiency** of CAST Highlight, noting its quick insights and streamlined application portfolio assessments. - Users value the **real-time monitoring** of CAST Highlight, enjoying swift insights for effective application portfolio management. **Cons:** - Users find the **complex navigation** in CAST Highlight challenging, affecting their ability to utilize the tool efficiently. - Users find the **dashboard issues** in CAST Highlight can hinder detailed analysis and require challenging customization for KPIs. - Users feel that CAST Highlight has **delayed detection** due to its limited depth for technical analysis and complex metrics. - Users find the **initial configuration and depth of analysis** in CAST Highlight challenging, especially for newcomers. - The high price of CAST Highlight poses a **restriction on usage** , limiting its accessibility for larger organizations. #### What Are Recent G2 Reviews of CAST Highlight? **"[Efficient Analysis & Confident Modernization](https://www.g2.com/survey_responses/cast-highlight-review-12250186)"** **Rating:** 4.5/5.0 stars *— Neha C.* [Read full review](https://www.g2.com/survey_responses/cast-highlight-review-12250186) --- **"[Portfolio Insights in One Place with CAST Highlight](https://www.g2.com/survey_responses/cast-highlight-review-12977472)"** **Rating:** 4.5/5.0 stars *— Verified User in Government Administration* [Read full review](https://www.g2.com/survey_responses/cast-highlight-review-12977472) --- #### What Are G2 Users Discussing About CAST Highlight? - [What is cast imaging?](https://www.g2.com/discussions/what-is-cast-imaging) - 1 comment - [How does a cast tool work?](https://www.g2.com/discussions/how-does-a-cast-tool-work) - [What is CAST software tool?](https://www.g2.com/discussions/what-is-cast-software-tool) - 1 comment - [What does cast highlight do?](https://www.g2.com/discussions/what-does-cast-highlight-do) - 1 comment ### 11. [Black Duck](https://www.g2.com/products/black-duck/reviews) Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com **Average Rating:** 4.0/5.0 **Total Reviews:** 28 **How Do G2 Users Rate Black Duck?** - **Quality of Support:** 7.9/10 (Category avg: 9.0/10) - **Language Support:** 9.2/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.3/10 (Category avg: 8.8/10) - **Integration:** 8.0/10 (Category avg: 8.9/10) **Who Is the Company Behind Black Duck?** - **Seller:** [Synopsys](https://www.g2.com/sellers/synopsys-53e76f66-bf39-4c28-b0f2-97178ec8ddfd) - **Year Founded:** 1986 - **HQ Location:** Mountain View, CA - **Twitter:** @synopsys (24,435 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2457/ (27,920 employees on LinkedIn®) - **Ownership:** NASDAQ:SNPS **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 45% Enterprise, 34% Mid-Market #### What Are Black Duck's Pros and Cons? **Pros:** - Accuracy of Findings (1 reviews) - Open Source (1 reviews) **Cons:** - Resource Constraints (1 reviews) ### What Do G2 Reviewers Say About Black Duck? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **accuracy of findings** from Black Duck, benefiting from its powerful engine and extensive knowledge base. - Users find Black Duck to be the best SCA tool, thanks to its **powerful open source issue identification** capabilities. **Cons:** - Users find that Black Duck requires **huge resources for on-prem deployment** , which can be a significant drawback. #### What Are Recent G2 Reviews of Black Duck? **"[Powerful Open-Source Risk Management, Needs Easier Setup](https://www.g2.com/survey_responses/black-duck-review-12832669)"** **Rating:** 4.5/5.0 stars *— VIVEK S.* [Read full review](https://www.g2.com/survey_responses/black-duck-review-12832669) --- **"[High-Performing and Effective, with Appreciated Automatic Alerts](https://www.g2.com/survey_responses/black-duck-review-12594533)"** **Rating:** 4.0/5.0 stars *— Renato Z.* [Read full review](https://www.g2.com/survey_responses/black-duck-review-12594533) --- #### What Are G2 Users Discussing About Black Duck? - [What languages does Black Duck support?](https://www.g2.com/discussions/what-languages-does-black-duck-support) - [What is software composition analysis?](https://www.g2.com/discussions/what-is-software-composition-analysis) - [What is Black Duck analysis?](https://www.g2.com/discussions/what-is-black-duck-analysis) - [What is the use of Black Duck software?](https://www.g2.com/discussions/what-is-the-use-of-black-duck-software) ### 12. [Socket](https://www.g2.com/products/socket-socket/reviews) Socket is the leading developer-first security platform that protects modern applications from malicious and vulnerable open source dependencies. By combining real-time package monitoring with AI-powered code analysis, Socket detects and blocks supply chain attacks within minutes of publication. With advanced reachability analysis, automated remediation, and license compliance features, Socket enables teams to focus on building software, while we keep their open source code secure. **Average Rating:** 4.7/5.0 **Total Reviews:** 10 **How Do G2 Users Rate Socket?** - **Quality of Support:** 9.0/10 (Category avg: 9.0/10) - **Language Support:** 8.9/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.3/10 (Category avg: 8.8/10) - **Integration:** 8.3/10 (Category avg: 8.9/10) **Who Is the Company Behind Socket?** - **Seller:** [Socket](https://www.g2.com/sellers/socket) - **Year Founded:** 2020 - **HQ Location:** San Francisco, US - **Twitter:** @SocketSecurity (21,558 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/socketinc/ (91 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 40% Mid-Market, 30% Enterprise #### What Are Socket's Pros and Cons? **Pros:** - Security (3 reviews) - Open Source (2 reviews) - Accuracy of Findings (1 reviews) - Alerts (1 reviews) - Comprehensive Security (1 reviews) **Cons:** - Missing Features (1 reviews) - System Slowness (1 reviews) ### What Do G2 Reviewers Say About Socket? *AI-generated summary from verified user reviews* **Pros:** - Users commend Socket for its **strong security features** , effectively monitoring supply chain risks and providing reliable malware detection. - Users value Socket's **robust open source security analysis** , enhancing accuracy and efficiency in evaluating packages. - Users commend the **accuracy of findings** from Socket, enhancing efficiency in open source security analysis. - Users value the **proactive alerts** from Socket, ensuring swift responses to potential supply chain threats. - Users value the **comprehensive security** provided by Socket, enhancing decision-making in third-party library management. **Cons:** - Users feel that Socket lacks **missing features** , making it difficult to consolidate tools and address more use cases. - Users experience **system slowness** with Socket, as the UI can be quite slow to load. #### What Are Recent G2 Reviews of Socket? **"[Unique Approach to Supply Chain Security Problem and Does It Really Well](https://www.g2.com/survey_responses/socket-review-12052484)"** **Rating:** 5.0/5.0 stars *— Sindhoor H.* [Read full review](https://www.g2.com/survey_responses/socket-review-12052484) --- **"[Essential Tool for Application Security with Stellar MCP Feature](https://www.g2.com/survey_responses/socket-review-12686360)"** **Rating:** 5.0/5.0 stars *— Shreejal M.* [Read full review](https://www.g2.com/survey_responses/socket-review-12686360) --- ### 13. [SOOS](https://www.g2.com/products/soos/reviews) SOOS is the complete application security posture management platform. Scan your software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate and manage Software Bill of Materials (SBOM), and fill out your compliance worksheets across all your teams. SOOS’s ASPM is a dynamic, comprehensive approach to safeguarding your application infrastructure from vulnerabilities across the Software Development Life Cycle (SDLC) and live deployments. Easy to integrate, all in one dashboard. SCA - Deep tree vulnerability scanning, license compliance, governance DAST - Automated Web & API vulnerability scanning Containers - Scan contents for vulnerabilities SAST - Analyze code for security vulnerabilities IaC - Cloud security coverage SBOMs - Create – monitor – manage **Average Rating:** 4.6/5.0 **Total Reviews:** 42 **How Do G2 Users Rate SOOS?** - **Quality of Support:** 9.3/10 (Category avg: 9.0/10) - **Language Support:** 9.5/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.4/10 (Category avg: 8.8/10) - **Integration:** 9.5/10 (Category avg: 8.9/10) **Who Is the Company Behind SOOS?** - **Seller:** [SOOS](https://www.g2.com/sellers/soos) - **Year Founded:** 2019 - **HQ Location:** Winooski, US - **Twitter:** @soostech (44 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/53122310 (25 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 50% Mid-Market, 43% Small-Business #### What Are SOOS's Pros and Cons? **Pros:** - Ease of Use (8 reviews) - Easy Integrations (6 reviews) - Integrations (6 reviews) - Customer Support (5 reviews) - Vulnerability Detection (5 reviews) **Cons:** - Inadequate Reporting (4 reviews) - Poor Reporting (4 reviews) - Lacking Features (3 reviews) - Lack of Guidance (3 reviews) - Dashboard Issues (2 reviews) ### What Do G2 Reviewers Say About SOOS? *AI-generated summary from verified user reviews* **Pros:** - Users highlight the **ease of use** of SOOS, making implementation in workflows seamless and intuitive. - Users value the **easy integrations** of SOOS, allowing seamless workflow and proactive vulnerability management in development processes. - Users value the **seamless integrations** of SOOS, enhancing security and compliance through continuous monitoring and assessments. - Users applaud the **efficient customer support** of SOOS, enhancing the overall onboarding and maintenance experience. - Users appreciate the **continuous security assessment** of SOOS, enhancing visibility and proactive management of vulnerabilities and licenses. **Cons:** - Users find SOOS's **inadequate reporting** limits customization and hinders effective vulnerability management and stakeholder communication. - Users note the need for **better reporting capabilities** in SOOS to enhance analysis and increase visibility. - Users feel SOOS is **lacking features** , particularly in advanced reporting and intuitive usability for new users. - Users express a need for better **guidance and documentation** to enhance onboarding and issue resolution with SOOS. - Users face **dashboard issues** due to limited reporting options and uncomfortable sign-in, impacting their overall experience. #### What Are Recent G2 Reviews of SOOS? **"[Awesome tool for detecting vulnerabilities within project dependecies](https://www.g2.com/survey_responses/soos-review-7753830)"** **Rating:** 4.5/5.0 stars *— Nayan C.* [Read full review](https://www.g2.com/survey_responses/soos-review-7753830) --- **"[Reliable continuous security assessment for our pipelines](https://www.g2.com/survey_responses/soos-review-7744758)"** **Rating:** 4.0/5.0 stars *— Brallan G.* [Read full review](https://www.g2.com/survey_responses/soos-review-7744758) --- ### 14. [SonarQube](https://www.g2.com/products/sonarqube/reviews) Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company. **Average Rating:** 4.4/5.0 **Total Reviews:** 145 **How Do G2 Users Rate SonarQube?** - **Quality of Support:** 8.2/10 (Category avg: 9.0/10) **Who Is the Company Behind SonarQube?** - **Seller:** [SonarSource Sàrl](https://www.g2.com/sellers/sonarsource-sarl) - **Company Website:** https://www.sonarsource.com - **Year Founded:** 2008 - **HQ Location:** Geneva, Switzerland - **Twitter:** @SonarSource (10,913 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/sonarsource/ (929 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer, DevOps Engineer - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 43% Enterprise, 39% Mid-Market #### What Are SonarQube's Pros and Cons? **Pros:** - Code Quality (24 reviews) - Features (20 reviews) - Issue Identification (19 reviews) - Ease of Use (18 reviews) - Easy Integrations (18 reviews) **Cons:** - Software Bugs (12 reviews) - Complex Configuration (10 reviews) - False Positives (10 reviews) - Complexity (8 reviews) - Complex Setup (8 reviews) ### What Do G2 Reviewers Say About SonarQube? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **quick identification of code quality and security issues** by SonarQube, enhancing maintainability and reliability. - Users value the **real-time code quality and security checks** provided by SonarQube, enhancing code reliability and maintainability. - Users appreciate how SonarQube **quickly flags code quality and security issues** , aiding in maintaining a clean codebase. - Users value the **ease of use** of SonarQube, finding it intuitive and seamlessly integrable into workflows. - Users appreciate the **easy integrations** of SonarCloud, allowing seamless use within existing development workflows. **Cons:** - Users experience **software bugs** that can lead to issues slipping into production and vague error messages during scans. - Users find the **complex configuration** process challenging, especially for new teams and large projects, impacting efficiency. - Users often face **false positives** that necessitate frequent adjustments, impacting their workflow and experience with SonarQube. - Users find SonarQube's interface **complex and difficult to configure** , impacting ease of use and efficiency. - Users find the **complex setup** of SonarQube challenging, requiring time and planning to effectively utilize its features. #### What Are Recent G2 Reviews of SonarQube? **"[SonarQube improves the code quality](https://www.g2.com/survey_responses/sonarqube-review-12997941)"** **Rating:** 4.0/5.0 stars *— Gaurav V.* [Read full review](https://www.g2.com/survey_responses/sonarqube-review-12997941) --- **"[Automated Code Quality Gatekeeper That Catches Sneaky Bugs Early](https://www.g2.com/survey_responses/sonarqube-review-12974008)"** **Rating:** 5.0/5.0 stars *— Shailja S.* [Read full review](https://www.g2.com/survey_responses/sonarqube-review-12974008) --- #### What Are G2 Users Discussing About SonarQube? - [What is SonarLint used for?](https://www.g2.com/discussions/what-is-sonarlint-used-for) - [What is SonarQube and how does it work?](https://www.g2.com/discussions/what-is-sonarqube-and-how-does-it-work) - 1 upvote - [What is the benefit of SonarQube?](https://www.g2.com/discussions/what-is-the-benefit-of-sonarqube) - [What are the main components of SonarQube platform?](https://www.g2.com/discussions/what-are-the-main-components-of-sonarqube-platform) - [What is SonarQube and its features?](https://www.g2.com/discussions/what-is-sonarqube-and-its-features) ### 15. [Jit](https://www.g2.com/products/jit/reviews) Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit's AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit's platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​ **Average Rating:** 4.5/5.0 **Total Reviews:** 43 **How Do G2 Users Rate Jit?** - **Quality of Support:** 9.3/10 (Category avg: 9.0/10) - **Language Support:** 8.3/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.5/10 (Category avg: 8.8/10) - **Integration:** 8.8/10 (Category avg: 8.9/10) **Who Is the Company Behind Jit?** - **Seller:** [jit](https://www.g2.com/sellers/jit) - **Year Founded:** 2021 - **HQ Location:** Boston, MA - **Twitter:** @jit_io (522 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 44% Mid-Market, 42% Small-Business #### What Are Jit's Pros and Cons? **Pros:** - Security (10 reviews) - Easy Integrations (8 reviews) - Ease of Use (7 reviews) - Efficiency (7 reviews) - Integration Support (7 reviews) **Cons:** - Integration Issues (4 reviews) - Limited Features (4 reviews) - Limited Integration (4 reviews) - Poor Documentation (4 reviews) - Complexity (3 reviews) ### What Do G2 Reviewers Say About Jit? *AI-generated summary from verified user reviews* **Pros:** - Users value the **robust security features** of Jit, seamlessly integrating security and development for improved collaboration. - Users value the **easy integrations** of Jit, seamlessly incorporating security into their development practices and workflows. - Users appreciate the **ease of use** of Jit, finding it lightweight and simple to integrate into workflows. - Users value the **efficient integration** of security in development workflows, significantly saving time and reducing complexity. - Users appreciate the **easy integration support** of Jit, seamlessly embedding security into their development workflows. **Cons:** - Users encounter **integration issues** with Jit, particularly with third-party tools and CI setups requiring additional manual configuration. - Users find the **limited features** of Jit lacking for complex needs, desiring more customization and better analytics. - Users encounter **limited integration** with third-party tools, affecting advanced configurations and overall functionality. - Users feel the **documentation is lacking** , especially for advanced configurations, complicating the overall user experience. - Users find that the **complexity in configuration** and onboarding can hinder their overall experience with Jit. #### What Are Recent G2 Reviews of Jit? **"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"** **Rating:** 4.0/5.0 stars *— Mohamed A.* [Read full review](https://www.g2.com/survey_responses/jit-review-11751139) --- **"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"** **Rating:** 4.0/5.0 stars *— Ali A.* [Read full review](https://www.g2.com/survey_responses/jit-review-11750234) --- ### 16. [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews) Microsoft Defender for Cloud is a cloud native application protection platform for multicloud and hybrid environments with comprehensive security across the full lifecycle, from development to runtime. **Average Rating:** 4.4/5.0 **Total Reviews:** 288 **How Do G2 Users Rate Microsoft Defender for Cloud?** - **Quality of Support:** 8.6/10 (Category avg: 9.0/10) - **Language Support:** 9.4/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 10.0/10 (Category avg: 8.8/10) - **Integration:** 9.9/10 (Category avg: 8.9/10) **Who Is the Company Behind Microsoft Defender for Cloud?** - **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft) - **Year Founded:** 1975 - **HQ Location:** Redmond, Washington - **Twitter:** @microsoft (13,091,739 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (231,632 employees on LinkedIn®) - **Ownership:** MSFT **Who Uses This Product?** - **Who Uses This:** Saas Consultant, Software Engineer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 38% Mid-Market, 35% Enterprise #### What Are Microsoft Defender for Cloud's Pros and Cons? **Pros:** - Security (121 reviews) - Comprehensive Security (92 reviews) - Cloud Security (71 reviews) - Vulnerability Detection (63 reviews) - Threat Detection (57 reviews) **Cons:** - Complexity (27 reviews) - Expensive (24 reviews) - Delayed Detection (22 reviews) - False Positives (19 reviews) - Improvement Needed (19 reviews) ### What Do G2 Reviewers Say About Microsoft Defender for Cloud? *AI-generated summary from verified user reviews* **Pros:** - Users value the **robust security features** of Microsoft Defender for Cloud, praising its comprehensive protection against cyber threats. - Users appreciate the **comprehensive security** features of Microsoft Defender for Cloud, ensuring robust protection against cyber threats. - Users appreciate the **robust security features** of Microsoft Defender for Cloud, enhancing protection against various cyber threats. - Users value the **continuous vulnerability detection** in Microsoft Defender for Cloud, enhancing security across Azure resources. - Users commend the **effective threat detection** features of Microsoft Defender for Cloud, enhancing their overall cloud security. **Cons:** - Users find the **complex configuration** of Microsoft Defender for Cloud challenging, often requiring advanced knowledge for effective use. - Users note that while Microsoft Defender for Cloud is exceptional, it can be **expensive for small to medium businesses**. - Users experience **delayed detection** of threats, with occasional false positives and confusing interface hampering overall effectiveness. - Users experience **false positives** with Microsoft Defender for Cloud, causing confusion with legitimate files being flagged incorrectly. - Users note that **improvement is needed** in the interface and responsiveness of alerts in Microsoft Defender for Cloud. #### What Are Recent G2 Reviews of Microsoft Defender for Cloud? **"[Unified Cloud Security with Actionable Insights and Deep Visibility](https://www.g2.com/survey_responses/microsoft-defender-for-cloud-review-12621279)"** **Rating:** 4.0/5.0 stars *— datha s.* [Read full review](https://www.g2.com/survey_responses/microsoft-defender-for-cloud-review-12621279) --- **"[A Robust Cloud Security Tool That Gives IT Teams Peace of Mind](https://www.g2.com/survey_responses/microsoft-defender-for-cloud-review-12611783)"** **Rating:** 4.0/5.0 stars *— Archit J.* [Read full review](https://www.g2.com/survey_responses/microsoft-defender-for-cloud-review-12611783) --- #### What Are G2 Users Discussing About Microsoft Defender for Cloud? - [What is Microsoft Defender for Cloud used for?](https://www.g2.com/discussions/what-is-microsoft-defender-for-cloud-used-for) - 1 comment - [What are the three security services provided by Windows Azure?](https://www.g2.com/discussions/what-are-the-three-security-services-provided-by-windows-azure) - 2 comments - [What is Azure security management?](https://www.g2.com/discussions/what-is-azure-security-management) - 1 comment - [Is Azure security Center a SIEM?](https://www.g2.com/discussions/is-azure-security-center-a-siem) - 1 comment, 1 upvote - [How does Azure provide security?](https://www.g2.com/discussions/how-does-azure-provide-security) ### 17. [Mend.io](https://www.g2.com/products/mend-io/reviews) Modern risk doesn't live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster. **Average Rating:** 4.3/5.0 **Total Reviews:** 106 **How Do G2 Users Rate Mend.io?** - **Quality of Support:** 8.6/10 (Category avg: 9.0/10) - **Language Support:** 8.5/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.8/10 (Category avg: 8.8/10) - **Integration:** 8.5/10 (Category avg: 8.9/10) **Who Is the Company Behind Mend.io?** - **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b) - **Company Website:** https://mend.io - **Year Founded:** 2011 - **HQ Location:** Boston, Massachusetts - **Twitter:** @Mend_io (11,256 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (256 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 38% Small-Business, 35% Mid-Market #### What Are Mend.io's Pros and Cons? **Pros:** - Scanning Efficiency (8 reviews) - Ease of Use (7 reviews) - Easy Integrations (6 reviews) - Scanning Technology (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Integration Issues (6 reviews) - Limited Features (3 reviews) - Missing Features (3 reviews) - Complex Implementation (2 reviews) - Confusing Interface (2 reviews) ### What Do G2 Reviewers Say About Mend.io? *AI-generated summary from verified user reviews* **Pros:** - Users value the **scanning efficiency** of Mend.io, appreciating quick scans and detailed reports for streamlined management. - Users find Mend.io to be an **easy-to-use** tool that enhances application security and simplifies integration. - Users value the **easy integrations** of Mend.io, allowing quick setup and seamless connection with development tools. - Users love the **scanning capabilities** of Mend.io, appreciating its comprehensive support for binaries and compliance checks. - Users find the **Vulnerability Detection** feature of Mend.io invaluable for maintaining secure and compliant applications. **Cons:** - Users often face **integration issues** with on-premise tools, requiring custom solutions to streamline their workflows. - Users find **limited features** in Mend.io, often relying on workarounds to meet their integration and scanning needs. - Users feel that Mend.io has **missing features** and lacks full integration support, complicating their workflows. - Users find the **complex implementation** of Mend.io challenging, often requiring extensive support and time for successful integration. - Users find the **confusing interface** of Mend.io awkward, especially when toggling between different product portals. #### What Are Recent G2 Reviews of Mend.io? **"[Mend has been an excellent tool, both for OSA and SAST](https://www.g2.com/survey_responses/mend-io-review-9695869)"** **Rating:** 5.0/5.0 stars *— Verified User in Financial Services* [Read full review](https://www.g2.com/survey_responses/mend-io-review-9695869) --- **"[Useful tool](https://www.g2.com/survey_responses/mend-io-review-10828034)"** **Rating:** 5.0/5.0 stars *— Israel Sebastián E.* [Read full review](https://www.g2.com/survey_responses/mend-io-review-10828034) --- #### What Are G2 Users Discussing About Mend.io? - [What is your experience regarding pricing and costs for Mend.io, and how does it compare to other open-source security solutions?](https://www.g2.com/discussions/what-is-your-experience-regarding-pricing-and-costs-for-mend-io-and-how-does-it-compare-to-other-open-source-security-solutions) - [What is Mend (formerly WhiteSource) used for?](https://www.g2.com/discussions/what-is-mend-formerly-whitesource-used-for) - [What is white Source bolt?](https://www.g2.com/discussions/what-is-white-source-bolt) - [What are SCA tools?](https://www.g2.com/discussions/what-are-sca-tools) - [What is software composition analysis SCA?](https://www.g2.com/discussions/what-is-software-composition-analysis-sca) ### 18. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews) Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats. **Average Rating:** 4.5/5.0 **Total Reviews:** 49 **How Do G2 Users Rate Contrast Security?** - **Quality of Support:** 9.3/10 (Category avg: 9.0/10) - **Language Support:** 8.1/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10) - **Integration:** 8.8/10 (Category avg: 8.9/10) **Who Is the Company Behind Contrast Security?** - **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security) - **Company Website:** https://contrastsecurity.com - **Year Founded:** 2014 - **HQ Location:** Pleasanton, CA - **Twitter:** @contrastsec (5,468 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (196 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Insurance, Information Technology and Services - **Company Size:** 67% Enterprise, 20% Mid-Market #### What Are Contrast Security's Pros and Cons? **Pros:** - Accuracy of Findings (2 reviews) - Accuracy of Results (2 reviews) - Vulnerability Detection (2 reviews) - Automated Scanning (1 reviews) - Automation (1 reviews) **Cons:** - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Performance Issues (1 reviews) - Problematic Updates (1 reviews) - Setup Complexity (1 reviews) ### What Do G2 Reviewers Say About Contrast Security? *AI-generated summary from verified user reviews* **Pros:** - Users value the **accuracy of findings** from Contrast Security, ensuring greater precision in identifying vulnerabilities. - Users value the **accuracy of results** from Contrast Security, benefiting from precise vulnerability monitoring and analysis. - Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick feedback and agile support. - Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick turnaround and excellent support. - Users value the **real-time security testing** and excellent support from Contrast Security, enhancing their overall security posture. **Cons:** - Users experienced **performance issues** with Contrast Security, particularly with Java applications, but found support helpful in resolving them. #### What Are Recent G2 Reviews of Contrast Security? **"[Shift-Smart with Contrast](https://www.g2.com/survey_responses/contrast-security-review-8492224)"** **Rating:** 5.0/5.0 stars *— Kiran S.* [Read full review](https://www.g2.com/survey_responses/contrast-security-review-8492224) --- **"[Contrast Security makes application security simple](https://www.g2.com/survey_responses/contrast-security-review-8516563)"** **Rating:** 5.0/5.0 stars *— Verified User in Higher Education* [Read full review](https://www.g2.com/survey_responses/contrast-security-review-8516563) --- #### What Are G2 Users Discussing About Contrast Security? - [What is contrast protect?](https://www.g2.com/discussions/what-is-contrast-protect) - [Is Contrast security SaaS?](https://www.g2.com/discussions/is-contrast-security-saas) - [What is Contrast security tool?](https://www.g2.com/discussions/what-is-contrast-security-tool) - [What does contrast security do?](https://www.g2.com/discussions/what-does-contrast-security-do) ### 19. [Aqua Security](https://www.g2.com/products/aqua-security/reviews) Aqua Security sees and stops attacks across the entire cloud native application lifecycle in a single, integrated platform. From software supply chain security for developers to cloud security and runtime protection for security teams, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry’s most comprehensive Cloud Native Application Protection Platform (CNAPP). Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. **Average Rating:** 4.2/5.0 **Total Reviews:** 57 **How Do G2 Users Rate Aqua Security?** - **Quality of Support:** 8.0/10 (Category avg: 9.0/10) - **Language Support:** 7.3/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 6.3/10 (Category avg: 8.8/10) - **Integration:** 7.3/10 (Category avg: 8.9/10) **Who Is the Company Behind Aqua Security?** - **Seller:** [Aqua Security Software Ltd](https://www.g2.com/sellers/aqua-security-software-ltd) - **Year Founded:** 2015 - **HQ Location:** Burlington, US - **Twitter:** @AquaSecTeam (7,673 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aquasecteam/ (466 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 56% Enterprise, 39% Mid-Market #### What Are Aqua Security's Pros and Cons? **Pros:** - Security (18 reviews) - Ease of Use (15 reviews) - Detection (10 reviews) - Features (10 reviews) - Comprehensive Security (8 reviews) **Cons:** - Missing Features (7 reviews) - Lack of Features (5 reviews) - Improvement Needed (4 reviews) - Limited Features (4 reviews) - Complexity (3 reviews) ### What Do G2 Reviewers Say About Aqua Security? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **proactive threat intelligence** of Aqua Security, which aids in identifying code security issues early. - Users value the **ease of use** of Aqua Security, highlighted by its intuitive UI and straightforward implementation. - Users value Aqua Security for its **effective threat detection** , providing timely insights to address security issues proactively. - Users appreciate the **insightful security detection** features of Aqua Security, facilitating proactive code vulnerability management. - Users value the **comprehensive security features** of Aqua Security, facilitating effective management of cloud security and containers. **Cons:** - Users note the **missing features** in Aqua Security, impacting functionality, reporting, and integration capabilities. - Users note a **lack of features** in Aqua Security, including limited dashboard capabilities and integration shortcomings. - Users note the need for **improvements in functionality** , including better integration, reporting, and actionable insights from widgets. - Users find the **limited features** of Aqua Security lack essential functionalities like enhanced reporting and GitLab integration. - Users find Aqua Security's interface **complex and difficult** to navigate, requiring technical skills for effective setup. #### What Are Recent G2 Reviews of Aqua Security? **"[AquaSec have been very efficient and user friendly.](https://www.g2.com/survey_responses/aqua-security-review-7802942)"** **Rating:** 5.0/5.0 stars *— Adefolarin B.* [Read full review](https://www.g2.com/survey_responses/aqua-security-review-7802942) --- **"[Allows us to monitor security of or platforms and scan images easily.](https://www.g2.com/survey_responses/aqua-security-review-10502217)"** **Rating:** 5.0/5.0 stars *— Mitchell M.* [Read full review](https://www.g2.com/survey_responses/aqua-security-review-10502217) --- ### 20. [FOSSA](https://www.g2.com/products/fossa/reviews) Open source is a critical part of your software. In the average modern software product, over 80% of the source code shipped is derived from open source. Each component can have cascading legal, security, and quality implications for your customers, making it one of the most important things to manage correctly. FOSSA helps you manage your open source components. We plug into your development workflow to help your team automatically track, manage, and remediate issues with the open source you use to: - Stay compliant with software licenses and generate required attribution documents - Enforce usage and licensing policies throughout your CI/CD workflow - Monitor and remediate security vulnerabilities - Flag code quality issues and outdated components proactively By enabling open source, we help development teams increase development velocity and decrease risk. **Average Rating:** 4.2/5.0 **Total Reviews:** 15 **How Do G2 Users Rate FOSSA?** - **Quality of Support:** 8.3/10 (Category avg: 9.0/10) - **Language Support:** 8.8/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.5/10 (Category avg: 8.8/10) - **Integration:** 9.2/10 (Category avg: 8.9/10) **Who Is the Company Behind FOSSA?** - **Seller:** [FOSSA](https://www.g2.com/sellers/fossa) - **Year Founded:** 2015 - **HQ Location:** San Francisco, California - **Twitter:** @getfossa (774 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/fossa/ (59 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 47% Small-Business, 33% Mid-Market #### What Are FOSSA's Pros and Cons? **Pros:** - Easy Integrations (1 reviews) - Issue Resolution (1 reviews) - Remediation Solutions (1 reviews) - Risk Management (1 reviews) - Security (1 reviews) ### What Do G2 Reviewers Say About FOSSA? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **easy integrations** of FOSSA, which streamline scanning for security and library dependencies. - Users value FOSSA's **issue resolution capabilities** , effectively identifying vulnerabilities and recommending fixes for their applications. - Users find FOSSA's **remediation solutions** effective in identifying vulnerabilities and recommending fixes for dependencies. - Users value FOSSA's **robust risk management** capabilities, effectively identifying vulnerabilities and recommending fixes for dependencies. - Users value the **security insights** provided by FOSSA, helping to identify vulnerabilities and recommend fixes. #### What Are Recent G2 Reviews of FOSSA? **"[Fossa for enterprise applications](https://www.g2.com/survey_responses/fossa-review-10931000)"** **Rating:** 4.0/5.0 stars *— Pavan Kumar G.* [Read full review](https://www.g2.com/survey_responses/fossa-review-10931000) --- **"["The FOSSA Experience"](https://www.g2.com/survey_responses/fossa-review-8576931)"** **Rating:** 5.0/5.0 stars *— Elvis M.* [Read full review](https://www.g2.com/survey_responses/fossa-review-8576931) --- ### 21. [MergeBase](https://www.g2.com/products/mergebase/reviews) MergeBase is revolutionizing software supply chain protection with a full-featured, developer-oriented SCA solution that brings the lowest false positives in the industry and complete DevOps coverage from coding/building to deployment and run-time. MergeBase’s SCA tool analyzes the open-source/third-party libraries for vulnerabilities. Our mission is to protect the software supply chain. We provide a full-featured, developer-oriented solution that has the industry’s lowest false positive rates and complete coverage of the DevOps process. **Average Rating:** 4.5/5.0 **Total Reviews:** 20 **How Do G2 Users Rate MergeBase?** - **Quality of Support:** 9.3/10 (Category avg: 9.0/10) - **Language Support:** 7.9/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 8.5/10 (Category avg: 8.8/10) - **Integration:** 8.5/10 (Category avg: 8.9/10) **Who Is the Company Behind MergeBase?** - **Seller:** [MergeBase Software](https://www.g2.com/sellers/mergebase-software) - **Year Founded:** 2018 - **HQ Location:** Coquitlam, British Columbia - **Twitter:** @mergebasesecure (86 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/mergebase/ **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 40% Small-Business, 35% Mid-Market #### What Are Recent G2 Reviews of MergeBase? **"[MergeBase Detector of risk and vulnerabilities](https://www.g2.com/survey_responses/mergebase-review-7833957)"** **Rating:** 4.5/5.0 stars *— Prashant S.* [Read full review](https://www.g2.com/survey_responses/mergebase-review-7833957) --- **"[Revolutionizing Software Supply Chain Protection with MergeBase's SCA Platform](https://www.g2.com/survey_responses/mergebase-review-7670163)"** **Rating:** 5.0/5.0 stars *— Disha K.* [Read full review](https://www.g2.com/survey_responses/mergebase-review-7670163) --- ### 22. [Sandworm](https://www.g2.com/products/sandworm/reviews) Sandworm is a comprehensive software supply chain security solution that detects vulnerabilities in dependencies, provides actionable insights, and ensures a secure and reliable development process for organizations across multiple programming languages. It empowers developers to identify and remediate potential risks, strengthens cybersecurity resilience, and fosters a safer software ecosystem. **Average Rating:** 5.0/5.0 **Total Reviews:** 11 **How Do G2 Users Rate Sandworm?** - **Quality of Support:** 9.6/10 (Category avg: 9.0/10) - **Language Support:** 9.1/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.6/10 (Category avg: 8.8/10) - **Integration:** 9.1/10 (Category avg: 8.9/10) **Who Is the Company Behind Sandworm?** - **Seller:** [Sandworm](https://www.g2.com/sellers/sandworm) - **Year Founded:** 2023 - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/sandworm-dev/ (2 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Marketing and Advertising - **Company Size:** 73% Small-Business, 18% Mid-Market #### What Are Recent G2 Reviews of Sandworm? **"[Uncovering Hidden Risks](https://www.g2.com/survey_responses/sandworm-review-8920177)"** **Rating:** 5.0/5.0 stars *— Jeffrey L.* [Read full review](https://www.g2.com/survey_responses/sandworm-review-8920177) --- **"[Powerful tool for dependencies audits!](https://www.g2.com/survey_responses/sandworm-review-8884593)"** **Rating:** 5.0/5.0 stars *— Josh B.* [Read full review](https://www.g2.com/survey_responses/sandworm-review-8884593) --- ### 23. [Endor Labs](https://www.g2.com/products/endor-labs/reviews) Endor Labs helps you build and ship secure software fast, whether it's written by humans and AI. While conventional code scanning tools drown teams in false positives, Endor Labs zeroes in on real risks, empowering developers without slowing them down. Trusted by OpenAI, Snowflake, Peloton, Robinhood, Dropbox, Rubrik, and more, Endor Labs is transforming AppSec. • 92% less alerts: Unify code scanning (SAST, SCA, container, secrets, malware, AI models) and automate security code reviews with AI. Pinpoint real vulnerabilities with function-level reachability, filtering out unreachable risks and letting developers fix what matters as they code. • 6X faster fixes: Skip the guesswork. Endor Labs guides developers towards safe OSS upgrades, and backports fixes for hard-to-update libraries. • Guardrails for AI coding assistants: Endor Labs natively integrates into AI coding assistants to help them produce code securely by default. Additionally, Endor Labs has built multiple agents to review the AI and human generated code for architecture and business-logic issues. • Compliance, streamlined: FedRAMP, PCI, NIST, and SLSA compliance is simplified with artifact signing, SBOM, VEX, and more—accelerating your path to secure, compliant code. Learn more at: www.endorlabs.com/demo-request **Average Rating:** 4.8/5.0 **Total Reviews:** 9 **How Do G2 Users Rate Endor Labs?** - **Quality of Support:** 9.8/10 (Category avg: 9.0/10) - **Language Support:** 9.4/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.7/10 (Category avg: 8.8/10) - **Integration:** 9.2/10 (Category avg: 8.9/10) **Who Is the Company Behind Endor Labs?** - **Seller:** [Endor Labs](https://www.g2.com/sellers/endor-labs) - **Company Website:** https://www.endorlabs.com/ - **Year Founded:** 2021 - **HQ Location:** Palo Alto, California, United States - **Twitter:** @EndorLabs (592 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/endorlabs (200 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 78% Mid-Market, 22% Enterprise #### What Are Endor Labs's Pros and Cons? **Pros:** - Features (5 reviews) - Ease of Use (4 reviews) - Accuracy of Findings (3 reviews) - Customer Support (3 reviews) - Integration Support (3 reviews) **Cons:** - UX Improvement (3 reviews) - API Limitations (1 reviews) - Difficult Setup (1 reviews) - Integration Issues (1 reviews) - Missing Features (1 reviews) ### What Do G2 Reviewers Say About Endor Labs? *AI-generated summary from verified user reviews* **Pros:** - Users value the **efficient reachability analysis** feature of Endor Labs, enhancing security while simplifying vulnerability management. - Users value the **user-friendly interface** of Endor Labs, which simplifies access to crucial data and insights. - Users commend the **accuracy of findings** in Endor Labs, enhancing their understanding of vulnerabilities effectively. - Users commend the **prompt and effective customer support** from Endor Labs, enhancing their operational efficiency and confidence. - Users appreciate the **helpful support and seamless integration** of Endor Labs, enhancing our operational efficiency and confidence. **Cons:** - Users find the **UI/UX needs improvement** , particularly in API access and custom IdP authentication clarity. - Users feel that Endor Labs has **API limitations** that hinder accessibility and integration with the user interface. - Users find the **difficult setup** of Endor Labs could be more straightforward, particularly with clearer error messages. - Users point out **integration issues** with Jira, but improvements in UI/UX are noticeable over time. - Users feel the **missing features** like a refined UI/UX and default monitored branch settings hinder their experience. #### What Are Recent G2 Reviews of Endor Labs? **"[Easy SCA Integration with Clear, Actionable Vulnerability Insights](https://www.g2.com/survey_responses/endor-labs-review-12503518)"** **Rating:** 4.5/5.0 stars *— Verified User in Security and Investigations* [Read full review](https://www.g2.com/survey_responses/endor-labs-review-12503518) --- **"[Took the SCA scans to whole another level with their reachability analysis](https://www.g2.com/survey_responses/endor-labs-review-11697384)"** **Rating:** 4.0/5.0 stars *— Verified User in Information Technology and Services* [Read full review](https://www.g2.com/survey_responses/endor-labs-review-11697384) --- ### 24. [Rainforest Application](https://www.g2.com/products/rainforest-technologies-rainforest-application/reviews) Rainforest is the all-in-one cyber security platform with an end-to-end approach to simplify corporate reputation protection by using multiple intelligences and proactive observability, adding Application and Cloud Security (from DevOps to DevSecOps), Vulnerability Intelligence, and Brand reputation (Fraud and Leak monitoring). Rainforest Application, Rainforest Cloud, and Rainforest Asset modules allow development and security teams have visibility of all applications lifecycle, in a simple and quick way, providing vulnerability management always that a new line is coded. Rainforest Fraud, Rainforest Leak, and Rainforest Asset build an integrated vision of Vulnerability and Brand Intelligence, guiding security and compliance teams in an efficient manner on potential exposure points, according to their importance to the business regarding the company's reputation. **Average Rating:** 4.9/5.0 **Total Reviews:** 12 **How Do G2 Users Rate Rainforest Application?** - **Quality of Support:** 9.8/10 (Category avg: 9.0/10) - **Language Support:** 8.0/10 (Category avg: 8.5/10) - **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10) - **Integration:** 8.7/10 (Category avg: 8.9/10) **Who Is the Company Behind Rainforest Application?** - **Seller:** [Rainforest Technologies](https://www.g2.com/sellers/rainforest-technologies) - **HQ Location:** Wilmington, Delaware - **LinkedIn® Page:** https://www.linkedin.com/company/80967943 (11 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 42% Mid-Market, 42% Small-Business #### What Are Recent G2 Reviews of Rainforest Application? **"[Rainforest is very safe!](https://www.g2.com/survey_responses/rainforest-application-review-9743078)"** **Rating:** 5.0/5.0 stars *— Paulo Z.* [Read full review](https://www.g2.com/survey_responses/rainforest-application-review-9743078) --- **"[My Experience with Rainforest Platform](https://www.g2.com/survey_responses/rainforest-application-review-9843958)"** **Rating:** 4.5/5.0 stars *— Lucas M.* [Read full review](https://www.g2.com/survey_responses/rainforest-application-review-9843958) --- ### 25. [Codacy](https://www.g2.com/products/codacy/reviews) Codacy is the code quality and security platform for AI-assisted engineering teams. AI is now embedded through the engineering workflow, which has made teams faster, but also adds risk to everything they ship. Codacy helps AI-assisted teams ship high-quality, secure code across the full software development lifecycle, starting in the agent and editor, through pull requests in Git, and into containers and runtime security. At each stage we check for quality issues, security vulnerabilities and AI coding risk introduced into the codebase, and help devs and agent fix them effortlessly. A team's standards become automated guardrails that apply across every IDE, AI coding agent, and Pull Request. More than 250,000 developers rely on Codacy to keep quality and security stable as AI changes how software gets built. Add your repo and get your free scan report in minutes: https://codacy.com **Average Rating:** 4.6/5.0 **Total Reviews:** 29 **How Do G2 Users Rate Codacy?** - **Quality of Support:** 9.1/10 (Category avg: 9.0/10) **Who Is the Company Behind Codacy?** - **Seller:** [Codacy](https://www.g2.com/sellers/codacy) - **Year Founded:** 2012 - **HQ Location:** Lisbon, Lisboa - **Twitter:** @codacy (5,002 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/3310124/ (71 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 59% Small-Business, 24% Mid-Market #### What Are Codacy's Pros and Cons? **Pros:** - Security (2 reviews) - Automation (1 reviews) - Automation Testing (1 reviews) - Code Quality (1 reviews) - Customer Support (1 reviews) **Cons:** - Expensive (1 reviews) ### What Do G2 Reviewers Say About Codacy? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **robust security features** of Codacy, noting its integrated automation and effective vulnerability management. - Users appreciate the **integrated automation** of Codacy, finding it easy to use for maintaining clean and safe code. - Users appreciate the **integrated automation testing** of Codacy, finding it easy to use for quality assurance. - Users appreciate the **excellent quality gates and static code analysis** of Codacy, enhancing code safety and cleanliness. - Users praise the **helpful customer support** of Codacy, noting their immediate assistance and availability when needed. **Cons:** - Users find Codacy **expensive** at $19/month, making it less accessible for smaller organizations. #### What Are Recent G2 Reviews of Codacy? **"[Codacy is a security must-have tool in our company](https://www.g2.com/survey_responses/codacy-review-10264506)"** **Rating:** 5.0/5.0 stars *— David M.* [Read full review](https://www.g2.com/survey_responses/codacy-review-10264506) --- **"[Easy GitHub & CI/CD Integration That Catches Bugs Before Production](https://www.g2.com/survey_responses/codacy-review-12739228)"** **Rating:** 4.5/5.0 stars *— Arjun M.* [Read full review](https://www.g2.com/survey_responses/codacy-review-12739228) --- ## What Is Software Composition Analysis Tools? [DevSecOps Software](https://www.g2.com/categories/devsecops) ## What Software Categories Are Similar to Software Composition Analysis Tools? - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner) - [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) - [Secure Code Review Software](https://www.g2.com/categories/secure-code-review) --- ## How Do You Choose the Right Software Composition Analysis Tools? ### What You Should Know About Software Composition Analysis Software ### What is Software Composition Analysis Software? Software composition analysis (SCA) refers to the management and evaluation of open source and third-party components within the development environment. Software developers and development teams use SCA to keep tabs on the hundreds of open source components incorporated in their builds. These components fall out of compliance and require version updates; if left unchecked they can pose major security risks. With so many components to track, developers lean on SCA to automatically manage issues. SCA tools scan for actionable items and alerts developers, allowing teams to focus on development rather than manually combing through a mess of software components. In conjunction with tools such as [vulnerability scanner](https://www.g2.com/categories/vulnerability-scanner) and [dynamic application security testing (DAST) software](https://www.g2.com/categories/dynamic-application-security-testing-dast), software composition analysis integrates with the development environment to curate a secure DevOps workflow. The synergy between cybersecurity and DevOps, sometimes referred to as DevSecOps, answers an urgent call for developers to approach software development with a security-first mindset. For a long time, software developers have relied on open source and third-party components, leaving siloed cybersecurity professionals to clean up builds. This outdated standard often leaves large unresolved gaps in security for stretches of time. Software composition analysis presents a solution for ensuring secure compliance before the worst happens. Key Benefits of Software Composition Analysis Software - Help keep development secure - Ease the workloads of developers - Build a productive workflow across teams ### Why Use Software Composition Analysis Software? Security best practices are a necessary staple in any DevOps environment. Beyond industry standards, secure development is increasingly important as issues such as API vulnerabilities come to the forefront of cybersecurity. There are often many open source and third-party components in a software build—ensuring components are constantly updated and secure is a task better left to software. Software composition analysis does the job and saves development teams significant time and energy. **Peace of mind —** Software composition analysis software constantly evaluates open source components. This means developers and teams can focus on advancing their projects without worrying about a mess of unchecked components. In the event of any issues, SCA software alerts users and provides suggestions for remediation. **Seamless security —** Most SCA software integrates with preexisting development environments, meaning users don’t have to navigate between windows to address vulnerabilities. Developers can receive important and relevant information about the open source and third-party components in their builds without detaching themselves from their workspace. ### Who Uses Software Composition Analysis Software? DevOps teams that want to implement security best practices use SCA software as an integral part of the DevSecOps tool kit. SCA software empowers developers to proactively keep their open source and third-party components secure, rather than leave a mess of vulnerabilities for siloed cybersecurity team members to clean up. Tools like SCA software help break down the barriers between DevOps and cybersecurity practices, curating an integrated and agile workflow. **Solo developers —** While SCA software does wonders for larger teams looking to marry their cybersecurity and DevOps processes, solo developers benefit from their own automated security watchdog. Developers working alone on personal projects can’t expect cybersecurity to be taken care of by someone else, so tools like SCA software help them manage their open source vulnerabilities without eating into their time and energy. **Small development teams —** Similar to solo developers, small development teams often lack the assets to employ a full-time cybersecurity professional. SCA software also aids these teams, allowing them to focus their limited resources on building their project. **Large DevOps teams —** Midsize and enterprise DevOps teams rely on SCA software to shape a secure and common sense DevSecOps workflow. Rather than isolate cybersecurity professionals from the DevOps process, companies use tools like SCA to integrate cybersecurity as a default standard for development. This practice mitigates stressors on both developers and IT teams by enabling a more agile environment. ### Software Composition Analysis Software Features **Comprehensive insights —** SCA software gives users meaningful visibility into the open source and third-party components they use. These tools organize relevant and timely information and present developers with useful updates. This interface often requires some level of development knowledge, meaning the onus is on developers to act on any information presented by SCA tools. Version updates, compliance issues, and vulnerabilities are constantly evaluated so users can be alerted as soon as issues arise. **Remediation information —** Beyond identifying issues with developers’ open source components, SCA software provides users with relevant documentation for remediation. These suggestions give knowledgeable developers a jumping off point so they can address vulnerabilities in a timely manner. These remediation suggestions typically require development knowledge to understand, but developers can often pass these remediation tasks to cybersecurity professionals on their team. ### Trends Related to Software Composition Analysis Software **DevOps —** DevOps refers to the marriage of development and IT operations management to make unified software development pipelines. Teams have implemented DevOps best practices to build, test, and release software. SCA software’s seamless blending with integrated development environments (IDEs) means it fits right in with any DevOps cycle. **Cybersecurity —** Calls for standardized cybersecurity best practices as part of DevOps philosophy, often referred to as DevSecOps, have shifted the responsibility for secure applications to developers. SCA software’s vulnerability detection and remediation features play a necessary role in establishing secure DevOps practices. ### Software and Services Related to Software Composition Analysis Software [**Vulnerability scanner software**](https://www.g2.com/categories/vulnerability-scanner) **—** Vulnerability scanners constantly monitor applications and networks to identify vulnerabilities. These tools scan full applications and networks then test them against known vulnerabilities. All of these functions work in conjunction with SCA software to form a comprehensive security stack. [**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST software inspects and analyzes an application’s code to discover security vulnerabilities without actually executing code. Similar to SCA software, these tools identify vulnerabilities and provide remediation suggestions. There is functional overlap with static code analysis software, but SAST software specifically focuses on security, while static code analysis software has a broader scope. [**Dynamic application security testing (DAST) software**](https://www.g2.com/categories/dynamic-application-security-testing-dast) **—** DAST tools automate security tests for a variety of real-world threats. These tools run applications against simulated attacks and other cybersecurity scenarios using black box testing, or testing performed outside an application. [**Static code analysis software**](https://www.g2.com/categories/static-code-analysis) **—** Static code analysis is a debugging and quality assurance method that inspects a computer program’s code without executing the program. Static code analysis software scans code to identify security vulnerabilities, catch bugs, and ensure the code adheres to industry standards. These tools help software developers automate the core aspects of program comprehension. While static code analysis is similar to static application security testing, this software covers a broader scope as opposed to focusing solely on security.