# Best Software Supply Chain Security Solutions

*By [Adam Crivello](https://research.g2.com/insights/author/adam-crivello)*


Software supply chain security tools provide automated and continuous monitoring of the various components and stages of the software development process. This includes analyzing the source code, identifying potential security risks, scanning for malicious code, and verifying the authenticity of third-party components and dependencies.

Software supply chain security refers to the process of securing the software development lifecycle from start to finish. It involves safeguarding against any potential vulnerabilities or threats to the software supply chain that could compromise the integrity of the software.

These tools can also detect any attempts to tamper with the software during the development or deployment stages. They help ensure that only trusted and validated software components are included in the final product, thereby minimizing the risk of introducing any vulnerabilities or malware into the software supply chain. Software supply chain security solutions are often used alongside tools such as [static code analysis tools](https://www.g2.com/categories/static-code-analysis) to seek out and protect against potential vulnerabilities.

To qualify for inclusion in the Software Supply Chain Security category, a product must:

- Provide automated and continuous monitoring of various components of the development process
- Detect attempts to tamper with the software during the development or deployment stages
- Scan for malicious code and security risks
- Verify authenticity of third-party components






## G2 Grid® for Software Supply Chain Security Solutions
![G2 Grid® for Software Supply Chain Security Solutions plotting products by satisfaction and market presence](https://www.g2.com/categories/software-supply-chain-security-tools/grids.png?focus%5B%5D=1259627&focus%5B%5D=36094&focus%5B%5D=143017&focus%5B%5D=7362&focus%5B%5D=14032&focus%5B%5D=1312693&focus%5B%5D=100655&focus%5B%5D=108052)
Highlighted products: Aikido Security, Snyk, JFrog, Veracode Application Security Platform, Mend.io, OX Security, Harness Platform, and Sonatype Nexus Repository.
Underlying data: [Grid® JSON](https://www.g2.com/categories/software-supply-chain-security-tools/grids.json?focus%5B%5D=aikido-security&amp;focus%5B%5D=snyk&amp;focus%5B%5D=jfrog-2024-03-28&amp;focus%5B%5D=veracode-application-security-platform&amp;focus%5B%5D=mend-io&amp;focus%5B%5D=ox-security&amp;focus%5B%5D=harness-platform&amp;focus%5B%5D=sonatype-nexus-repository)


## How Many Software Supply Chain Security Solutions Products Does G2 Track?
**Total Products under this Category:** 42

### Category Stats (Jul 2026)
- **Average Rating**: 4.49/5 (↓0.01 vs Jun 2026) The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Arnica (+0.87%) - Among all products in this category, Arnica recorded the largest rating increase compared to last month
*Last updated: July 15, 2026*


## How Does G2 Rank Software Supply Chain Security Solutions Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 1,200+ Authentic Reviews
- 42+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Software Supply Chain Security Solutions Is Best for Your Use Case?

- **Leader:** [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews)
- **Highest Performer:** [OX Security](https://www.g2.com/products/ox-security/reviews)
- **Easiest to Use:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Harness Platform](https://www.g2.com/products/harness-platform/reviews)


---

**Sponsored**

### Aikido Security

Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1006186&amp;secure%5Bchosen_at%5D=2026-07-15T20%3A47%3A41Z&amp;secure%5Bdisplayable_resource_id%5D=1006186&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1006186&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1259627&amp;secure%5Bresource_id%5D=1006186&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fsoftware-supply-chain-security-tools&amp;secure%5Btoken%5D=2275591380539bc87aac1469a45980b35b85a3f2ae791ce18e32cca0ab8bab4c&amp;secure%5Burl%5D=https%3A%2F%2Fwww.aikido.dev%2Fcode%2Fopen-source-dependency-scanning-sca%3Futm_source%3Dg2%26utm_campaign%3Dg2-promoted-listing-sca%26utm_medium%3Dcpc&amp;secure%5Burl_type%5D=custom_url)

---

## What Are the Top-Rated Software Supply Chain Security Solutions Products in 2026?
### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.


**Average Rating:** 4.6/5.0
**Total Reviews:** 185

**Who Is the Company Behind Aikido Security?**

- **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security)
- **Company Website:** https://aikido.dev
- **Year Founded:** 2022
- **HQ Location:** Ghent, Belgium
- **Twitter:** @AikidoSecurity (11,770 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Founder, CTO
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 77% Small-Business, 14% Mid-Market


#### What Are Aikido Security's Pros and Cons?

**Pros:**

- Ease of Use (78 reviews)
- Security (55 reviews)
- Features (52 reviews)
- Easy Integrations (47 reviews)
- Easy Setup (47 reviews)

**Cons:**

- Missing Features (19 reviews)
- Expensive (17 reviews)
- Limited Features (16 reviews)
- Pricing Issues (15 reviews)
- Lacking Features (14 reviews)


### What Do G2 Reviewers Say About Aikido Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Aikido Security, benefiting from clear insights and streamlined vulnerability management.
- Users commend Aikido Security for its **intuitive dashboard** that simplifies identifying and managing security issues efficiently.
- Users value the **meaningful features and usability** of Aikido Security&#39;s free tier, enhancing everyday engineering workflows.
- Users appreciate the **easy integrations** with GitHub and other systems, enhancing usability for both developers and non-developers.
- Users highlight the **easy setup** of Aikido Security, making integration and implementation a seamless experience.

**Cons:**

- Users note a desire for **additional features** in Aikido Security, particularly in the free plan and integrations.
- Users find the **pricing to be quite high** , especially for startups trying to manage costs.
- Users find Aikido Security&#39;s **limited features** hinder advanced customization and reporting for enterprise-level needs.
- Users find the **entry-level pricing** of Aikido Security quite high, especially for startups with tight budgets.
- Users find Aikido Security lacking in **essential features** , complicating workflows and limiting their development capabilities.

#### What Are Recent G2 Reviews of Aikido Security?

**"[Seamless GitHub Integration with Solid Security Findings and Smart False-Positive Analysis](https://www.g2.com/survey_responses/aikido-security-review-13109689)"**

**Rating:** 4.5/5.0 stars
*— Jordan B.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13109689)

---

**"[Enterprise Security Without an Enterprise Security Team](https://www.g2.com/survey_responses/aikido-security-review-13108704)"**

**Rating:** 4.0/5.0 stars
*— Ian M.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13108704)

---



### 2. [Snyk](https://www.g2.com/products/snyk/reviews)
Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer security solutions enable modern applications to be built securely, empowering developers to own and build security for the whole application, from code &amp; open source to containers &amp; cloud infrastructure. Secure while you code in your IDE: find issues quickly using the scanner, fix issues easily with remediation advice, verify the updated code. Integrate your source code repositories to secure applications: integrate a repository to find issues, prioritize with context, fix &amp; merge. Secure your containers as you build, throughout the SDLC: start fixing containers as soon as your write a Dockerfile, continuously monitor container images throughout their lifecycle, and prioritize with context. Secure build and deployment pipelines: Integrate natively with your CI/CD tool, configure your rules, find &amp; fix issues in your application, and monitor your applications. Secure your apps quickly with Snyk’s vulnerability scanning and automated fixes - Try for Free!


**Average Rating:** 4.5/5.0
**Total Reviews:** 135

**Who Is the Company Behind Snyk?**

- **Seller:** [Snyk](https://www.g2.com/sellers/snyk)
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @snyksec (21,057 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/10043614/ (1,370 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 44% Mid-Market, 35% Small-Business


#### What Are Snyk's Pros and Cons?

**Pros:**

- Easy Integrations (5 reviews)
- Vulnerability Detection (5 reviews)
- Ease of Use (4 reviews)
- User Interface (4 reviews)
- Vulnerability Identification (4 reviews)

**Cons:**

- Expensive (3 reviews)
- False Positives (3 reviews)
- Poor Interface Design (2 reviews)
- Pricing Issues (2 reviews)
- Scanning Issues (2 reviews)


### What Do G2 Reviewers Say About Snyk?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **easy integrations** of Snyk, facilitating seamless setup and management within their development workflows.
- Users value Snyk&#39;s **vulnerability detection** for its rapid updates and user-friendly integration, enhancing code security and efficiency.
- Users love Snyk for its **ease of use** , enjoying simple integration and intuitive navigation for vulnerability management.
- Users appreciate the **intuitive GUI and seamless integration** of Snyk, making vulnerability management straightforward and efficient.
- Users value Snyk&#39;s **efficient vulnerability identification** that enhances code security and streamlines development processes.

**Cons:**

- Users find Snyk to be **very expensive** , raising concerns about cost despite its long-term value.
- Users experience **false positive issues** with Snyk, leading to confusion and missed genuine vulnerabilities during scans.
- Users find the **interface design lacking** , especially with DAST being separate and overall usability concerns.
- Users express concerns about **pricing issues** , noting that comprehensive features may come at a high cost.
- Users often face **false positives in scanning** and delays in pipeline due to slow scans for medium repositories.

#### What Are Recent G2 Reviews of Snyk?

**"[Seamless Dev-First Security with Fast Scans and Actionable Fixes](https://www.g2.com/survey_responses/snyk-review-12676270)"**

**Rating:** 4.5/5.0 stars
*— Prateek J.*

[Read full review](https://www.g2.com/survey_responses/snyk-review-12676270)

---

**"[Developer-Friendly Security with Clear, Automated Fixes](https://www.g2.com/survey_responses/snyk-review-12974957)"**

**Rating:** 4.5/5.0 stars
*— Hemanth K.*

[Read full review](https://www.g2.com/survey_responses/snyk-review-12974957)

---


#### What Are G2 Users Discussing About Snyk?

- [What is Snyk scanning?](https://www.g2.com/discussions/what-is-snyk-scanning) - 2 comments, 2 upvotes
- [Is Snyk a SaaS?](https://www.g2.com/discussions/is-snyk-a-saas) - 2 comments
- [How good is Snyk?](https://www.g2.com/discussions/how-good-is-snyk) - 2 comments
- [What is Snyk used for?](https://www.g2.com/discussions/what-is-snyk-used-for)

### 3. [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews)
JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps, DevGovOps and MLOps platform, is on a mission to create a world of software delivered without friction from development to production. Driven by a “Liquid Software” vision to keep software continuously flowing, secure, and always up to date, the JFrog Platform serves as the definitive software supply chain system of record. It is uniquely engineered to power organizations as they build, manage, and distribute trusted software with unprecedented speed, security, and scale across hybrid and multi-cloud environments. As software engineering evolves in the AI era, JFrog’s newest offerings address the industry&#39;s most pressing trend: the rise of agentic software development and the hidden security risks of &quot;Shadow AI.&quot; In response to threat actors increasingly targeting developer workflows including a massive surge in malicious open-source AI models and infected packages; JFrog has expanded its platform capabilities to deliver absolute end-to-end visibility and automated compliance. Key new innovations include the JFrog AI Catalog, which enables organizations to centralize, govern, and control the lifecycle of AI models approved for enterprise use. To secure autonomous coding environments, JFrog introduced the Universal MCP Registry and the Agent Skills Registry (developed alongside NVIDIA). These new solutions establish the industry’s first enterprise-grade trust layer to safely manage and store AI agent skills, monitor connections, and instantly block unsafe developer tools or malicious coding extensions right where developers work. Furthermore, the integration of advanced DevGovOps and Runtime Security tools allows teams to replace slow, manual compliance audits with continuous, background policy enforcement. By shifting security left directly into the binary pipeline, JFrog ensures that the volume of AI-assisted code does not outpace an organization&#39;s ability to verify its safety. Today, millions of users and approximately 6,600 organizations worldwide, including a majority of the Fortune 100, depend on the universal JFrog Platform to eliminate point-solution fatigue, bridge the governance gap, and securely embrace digital transformation. Learn more at www.jfrog.com or follow us on X @JFrog.


**Average Rating:** 4.2/5.0
**Total Reviews:** 140

**Who Is the Company Behind JFrog?**

- **Seller:** [JFrog Ltd](https://www.g2.com/sellers/jfrog-ltd)
- **Company Website:** https://jfrog.com
- **Year Founded:** 2008
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @jfrog (23,186 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jfrog-ltd/ (2,364 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 50% Enterprise, 30% Mid-Market


#### What Are JFrog's Pros and Cons?

**Pros:**

- Features (18 reviews)
- Repository Management (14 reviews)
- Deployment (13 reviews)
- Integrations (12 reviews)
- Easy Integrations (11 reviews)

**Cons:**

- Complexity (9 reviews)
- Expensive (8 reviews)
- Learning Curve (8 reviews)
- Difficult Learning (7 reviews)
- Learning Difficulty (7 reviews)


### What Do G2 Reviewers Say About JFrog?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **unified support for diverse package formats** in JFrog, enhancing their DevOps workflows significantly.
- Users value the **centralized management of artifacts** in JFrog, enhancing security and efficiency in DevOps workflows.
- Users value the **seamless deployment integration** of JFrog, streamlining CI/CD pipelines and enhancing security across projects.
- Users value the **seamless integrations** of JFrog with various tools, enhancing their CI/CD pipeline efficiency and security.
- Users love the **easy integrations** with various tools, enhancing their CI/CD workflow and artifact management.

**Cons:**

- Users find the **complexity** of the JFrog platform overwhelming, often requiring extensive training to navigate its functionalities.
- Users feel the **cost of JFrog** can be prohibitive for smaller teams, making adoption challenging and less accessible.
- Users face a **steep learning curve** and significant setup time, making initial adoption challenging for smaller teams.
- Users find the **difficult learning curve** of JFrog challenging, necessitating extensive training to harness its full capabilities.
- Users find the **learning difficulty** of JFrog challenging, as it requires substantial time and effort to master.

#### What Are Recent G2 Reviews of JFrog?

**"[JFrog Simplifies Artifact Management for Organized, Reliable Deployments](https://www.g2.com/survey_responses/jfrog-review-12870354)"**

**Rating:** 4.5/5.0 stars
*— Subhashree S.*

[Read full review](https://www.g2.com/survey_responses/jfrog-review-12870354)

---

**"[Efficient, Scalable Artifact Management That Streamlines the Software Delivery Lifecycle](https://www.g2.com/survey_responses/jfrog-review-12788318)"**

**Rating:** 4.0/5.0 stars
*— Arkajit D.*

[Read full review](https://www.g2.com/survey_responses/jfrog-review-12788318)

---


#### What Are G2 Users Discussing About JFrog?

- [What are the benefits and challenges of using JFrog for managing your software supply chain?](https://www.g2.com/discussions/what-are-the-benefits-and-challenges-of-using-jfrog-for-managing-your-software-supply-chain)
- [What does Jfrog Platform do?](https://www.g2.com/discussions/what-does-jfrog-platform-do)
- [What is difference between JFrog and Nexus?](https://www.g2.com/discussions/what-is-difference-between-jfrog-and-nexus)
- [What is Artifactory software used for?](https://www.g2.com/discussions/what-is-artifactory-software-used-for)

### 4. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews)
Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps.


**Average Rating:** 3.8/5.0
**Total Reviews:** 25

**Who Is the Company Behind Veracode Application Security Platform?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (502 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 69% Enterprise, 31% Mid-Market


#### What Are Veracode Application Security Platform's Pros and Cons?

**Pros:**

- Security (5 reviews)
- Vulnerability Detection (5 reviews)
- Automated Scanning (3 reviews)
- Detection (3 reviews)
- Ease of Use (3 reviews)

**Cons:**

- Expensive (2 reviews)
- Lack of Information (2 reviews)
- Licensing Issues (2 reviews)
- Poor Customer Support (2 reviews)
- Pricing Issues (2 reviews)


### What Do G2 Reviewers Say About Veracode Application Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **effective security vulnerability identification** in Veracode, enhancing overall application security and adherence to best practices.
- Users value the **effective vulnerability detection** of Veracode, facilitating comprehensive security and streamlined development processes.
- Users value the **automated scanning** features of Veracode for effectively identifying and addressing security vulnerabilities.
- Users value the **robust detection capabilities** of Veracode, efficiently identifying vulnerabilities and enhancing application security.
- Users appreciate the **ease of use** of Veracode, as it streamlines integration and enhances security processes effectively.

**Cons:**

- Users find the platform **expensive** due to increasing costs and a complex licensing model that lacks justification.
- Users face a **lack of information** regarding feature availability and discrepancies between documentation and delivery.
- Users face **licensing issues** with increasing costs, complexity, and pressure from account executives, impacting overall satisfaction.
- Users experience **poor customer support** with Veracode, facing pressure, unmet promises, and complicated processes.
- Users find the **pricing issues** with Veracode challenging, citing increased costs and complex licensing that complicates usage.

#### What Are Recent G2 Reviews of Veracode Application Security Platform?

**"[Streamlined Security, Effortless Integration](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)"**

**Rating:** 5.0/5.0 stars
*— Bhanu Prakash M.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)

---

**"[Clear, Unified View of Application Capabilities](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)"**

**Rating:** 4.5/5.0 stars
*— Christopher S.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)

---


#### What Are G2 Users Discussing About Veracode Application Security Platform?

- [What is difference between veracode and SonarQube?](https://www.g2.com/discussions/what-is-difference-between-veracode-and-sonarqube)
- [What is veracode software composition analysis?](https://www.g2.com/discussions/what-is-veracode-software-composition-analysis)
- [What is veracode used for?](https://www.g2.com/discussions/what-is-veracode-used-for)
- [What is the veracode application security platform?](https://www.g2.com/discussions/what-is-the-veracode-application-security-platform)

### 5. [Mend.io](https://www.g2.com/products/mend-io/reviews)
Modern risk doesn&#39;t live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster.


**Average Rating:** 4.3/5.0
**Total Reviews:** 108

**Who Is the Company Behind Mend.io?**

- **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b)
- **Company Website:** https://mend.io
- **Year Founded:** 2011
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @Mend_io (11,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (257 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 37% Small-Business, 34% Mid-Market


#### What Are Mend.io's Pros and Cons?

**Pros:**

- Scanning Efficiency (8 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (6 reviews)
- Scanning Technology (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Integration Issues (6 reviews)
- Limited Features (3 reviews)
- Missing Features (3 reviews)
- Complex Implementation (2 reviews)
- Confusing Interface (2 reviews)


### What Do G2 Reviewers Say About Mend.io?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **scanning efficiency** of Mend.io, enabling quick and accurate scans across numerous repositories seamlessly.
- Users appreciate the **ease of use** of Mend.io, praising its seamless integration and simple navigation for vulnerability detection.
- Users value the **easy integrations** with CI/CD systems, enabling efficient scanning and streamlined workflows across repositories.
- Users value the **quick and accurate scanning** capabilities of Mend.io, enhancing their development workflow significantly.
- Users appreciate the **automated vulnerability detection** of Mend.io, enhancing early identification and resolution within their CI/CD pipelines.

**Cons:**

- Users find **integration issues** with Mend.io, particularly with on-premise tools like Jira, to be quite challenging.
- Users note the **limited features** of Mend.io, requiring custom tools and workarounds for efficient integration and functionality.
- Users find the **missing features** in Mend.io limit functionality, requiring workarounds for CI/CD integration and scanning.
- Users face **complex implementation** challenges, including many false positives and issues with integration and scanner updates.
- Users find the **interface confusing** , having to navigate between different portals for SAST and SCA products.

#### What Are Recent G2 Reviews of Mend.io?

**"[Great Tool for Managing 3rd party libraries](https://www.g2.com/survey_responses/mend-io-review-6728890)"**

**Rating:** 4.5/5.0 stars
*— Johannes B.*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-6728890)

---

**"[Effortless Integration with Budget-Friendly Scanning](https://www.g2.com/survey_responses/mend-io-review-4261734)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-4261734)

---


#### What Are G2 Users Discussing About Mend.io?

- [What is your experience regarding pricing and costs for Mend.io, and how does it compare to other open-source security solutions?](https://www.g2.com/discussions/what-is-your-experience-regarding-pricing-and-costs-for-mend-io-and-how-does-it-compare-to-other-open-source-security-solutions)
- [What is Mend (formerly WhiteSource) used for?](https://www.g2.com/discussions/what-is-mend-formerly-whitesource-used-for)
- [What is white Source bolt?](https://www.g2.com/discussions/what-is-white-source-bolt)
- [What are SCA tools?](https://www.g2.com/discussions/what-are-sca-tools)
- [What is software composition analysis SCA?](https://www.g2.com/discussions/what-is-software-composition-analysis-sca)

### 6. [OX Security](https://www.g2.com/products/ox-security/reviews)
OX rewires your security program for the Mythos Age: the era where AI writes the code, chains the exploits, and moves faster than human-built defenses can track. OX is the unified Prompt to Runtime security platform. It moves your control surface upstream to the prompt, preventing and governing risk at the source instead of chasing it downstream in runtime. OX Mind and OX AI Context Lake connect AI-user governance, code security, cloud and runtime enforcement, and agentic pentesting into one system that shares context across the entire Agentic Development Lifecycle (ADLC), replacing fragmented point tools with a single platform. The platform runs on four connected pillars: OX VibeSec: Prevents unsafe AI decisions at the point of creation and governs every AI user in the organization, not just developers using coding assistants. Full visibility into which agents, MCPs, skills, and packages run, with what permissions, against what data. OX Code: Separates exploitable risk from theoretical noise using evidence from your actual deployment, threat model, and threat intelligence. OX Cloud: Prevents misconfigurations and enforces runtime boundaries that code and agents cannot cross, watching what actually runs in production. OX Agentic Pentester: Continuously simulates adversarial agent behavior to prove exploit paths back to their exact source, feeding what it finds back into OX VibeSec to sharpen governance. OX connects to your existing stack and traces every finding back to its origin (the prompt, the AI user, or the endpoint that created it), then fixes issues at the source rather than flagging them after the fact. For new deployments, OX consolidates governance, code security, cloud enforcement, and pentesting into one platform. For existing stacks, OX layers governance on top and makes current tools smarter through continuous learning, so the same issue never gets created twice. Visit https://ox.security for more information.


**Average Rating:** 4.8/5.0
**Total Reviews:** 51

**Who Is the Company Behind OX Security?**

- **Seller:** [OX Security](https://www.g2.com/sellers/ox-security)
- **Year Founded:** 2021
- **HQ Location:** New York, USA
- **LinkedIn® Page:** https://www.linkedin.com/company/ox-security/ (199 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Engineer
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 63% Mid-Market, 25% Enterprise


#### What Are OX Security's Pros and Cons?

**Pros:**

- Features (8 reviews)
- Collaboration (6 reviews)
- Customer Support (6 reviews)
- Easy Integrations (6 reviews)
- Speed (6 reviews)

**Cons:**

- Complexity (5 reviews)
- Overwhelming Interface (4 reviews)
- Complex Setup (3 reviews)
- Dashboard Issues (3 reviews)
- Difficult Learning (3 reviews)


### What Do G2 Reviewers Say About OX Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **intuitive dashboard** and seamless integration capabilities of OX Security for effective issue management.
- Users value the **effective collaboration** facilitated by OX Security, enhancing team efforts and streamlining workflows.
- Users praise the **responsive customer support** of OX Security, which enhances their overall experience and integration success.
- Users highlight the **seamless integrations** of OX Security, enhancing workflows and boosting development confidence without bottlenecks.
- Users value the **speed and efficiency** of OX Security, enabling faster triage and remediation of security issues.

**Cons:**

- Users find OX Security&#39;s **complexity overwhelming** , facing a steep learning curve and inadequate documentation for guidance.
- Users find the **interface overwhelming** , struggling with the extensive options and lacking clear documentation for navigation.
- Users find the **complex setup** of OX Security challenging, especially due to unclear documentation and overwhelming UI.
- Users find the **dashboard issues** can be overwhelming and lack effective reporting for management on security progress.
- Users find the **difficult learning** curve challenging due to OX Security&#39;s complex interface and insufficient documentation.

#### What Are Recent G2 Reviews of OX Security?

**"[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Gambling &amp; Casinos*

[Read full review](https://www.g2.com/survey_responses/ox-security-review-10961361)

---

**"[A Transformative Game-Changer in Application Security Posture Management](https://www.g2.com/survey_responses/ox-security-review-10618682)"**

**Rating:** 5.0/5.0 stars
*— Dudi E.*

[Read full review](https://www.g2.com/survey_responses/ox-security-review-10618682)

---



### 7. [Harness Platform](https://www.g2.com/products/harness-platform/reviews)
Simplify your developer experience with the world&#39;s first AI-augmented software delivery platform. Upgrade your software delivery with Harness&#39; innovative CI/CD, Feature Flags, Infrastructure as Code Management, and Chaos Engineering tools. We are a software delivery platform that helps developers and infrastructure engineers build and ship code for cloud and on-premise projects. We automate the continuous integration and continuous delivery (CI/CD) process to help teams build faster, ship more frequently, and improve quality, efficiency, and governance. We help companies in four key areas: Number one, we accelerate innovation through DevOps modernization. We provide an approach for software delivery that automates processes, reduces manual interventions, consolidates tools, and accelerates time-to-market for new products, features, and fixes. Number two, we improve developer experience. We give you the ability to attract, retain, and onboard high-caliber engineering talent while fostering a culture of continuous innovation and improvement. Number three, we secure software delivery. We give you the ability to integrate security into every phase of the SDLC. And last but not least is, we optimize cloud costs. We give you the ability to eliminate waste and to ensure that appropriate cloud resources are allocated at the right place at the right time.


**Average Rating:** 4.6/5.0
**Total Reviews:** 300

**Who Is the Company Behind Harness Platform?**

- **Seller:** [Harness](https://www.g2.com/sellers/harness-25016f40-e80f-4417-bea8-39412055d17a)
- **Company Website:** https://harness.io/
- **Year Founded:** 2018
- **HQ Location:** San Francisco
- **Twitter:** @HarnessWealth (1,389 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/harnessinc/ (1,701 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 43% Enterprise, 38% Mid-Market


#### What Are Harness Platform's Pros and Cons?

**Pros:**

- Ease of Use (114 reviews)
- Features (73 reviews)
- Feature Flags (49 reviews)
- Easy Setup (40 reviews)
- Easy Integrations (31 reviews)

**Cons:**

- Missing Features (23 reviews)
- Limitations (20 reviews)
- Limited Features (20 reviews)
- Learning Curve (17 reviews)
- Poor UI (16 reviews)


### What Do G2 Reviewers Say About Harness Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find the **ease of use** of the Harness Platform simplifies project implementation and streamlines their workflow.
- Users value the **flexible targeting options** in Harness Platform, enhancing project implementation and feature management.
- Users appreciate the **user-friendly interface** of Split.io, enabling seamless feature flag management for all team members.
- Users appreciate the **easy setup** of Harness Platform, enabling quick implementation and immediate cost savings.
- Users admire the **easy integrations** of Harness Platform, enhancing the streamlined software delivery process with AI and modularity.

**Cons:**

- Users highlight a **lack of multiple filters** and missing features that could enhance the Harness Platform experience.
- Users face **limitations in configuration and management** options within Harness Platform, hindering usability and flexibility.
- Users note the **limited features** of Harness Platform, particularly the lack of advanced filtering options and intuitiveness.
- Users find the **steep learning curve** challenging and desire better documentation for easier navigation of the platform.
- Users find the **poor UI** of Harness Platform to be complex and not user-friendly, causing frustration.

#### What Are Recent G2 Reviews of Harness Platform?

**"[Harness - World of automation](https://www.g2.com/survey_responses/harness-platform-review-11792426)"**

**Rating:** 4.5/5.0 stars
*— Sunil A.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11792426)

---

**"[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)"**

**Rating:** 5.0/5.0 stars
*— Satendra V.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11543262)

---


#### What Are G2 Users Discussing About Harness Platform?

- [What is Harness Continuous Delivery used for?](https://www.g2.com/discussions/what-is-harness-continuous-delivery-used-for) - 1 comment
- [What is Propelo used for?](https://www.g2.com/discussions/what-is-propelo-used-for)
- [What is Harness Cloud Cost Management used for?](https://www.g2.com/discussions/what-is-harness-cloud-cost-management-used-for)
- [What is the difference between harness and Jenkins?](https://www.g2.com/discussions/what-is-the-difference-between-harness-and-jenkins) - 1 comment
- [What is streaming Split IO?](https://www.g2.com/discussions/what-is-streaming-split-io) - 1 comment

### 8. [Sonatype Nexus Repository](https://www.g2.com/products/sonatype-nexus-repository/reviews)
World’s #1 Repository Manager with Free and Pro versions - Single source of truth for all of your components, binaries, and build artifacts. - Efficiently distribute parts and containers to developers. - Used by more than 5 million developers globally. Centralize Give your teams a single source of truth for every component they use. Store Optimize build performance and reliability by caching proxies of remote repositories. Adapt Deliver universal coverage for all major package types and formats Scale Install on an unlimited amount of servers for an unlimited amount of users. Universal Support for all Popular Build Tools Store and distribute Maven/Java, npm, NuGet, Helm, Docker, P2, OBR, APT, GO, R, Conan components and more. Manage components from dev through delivery: binaries, containers, assemblies, and finished goods. Awesome support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy. Compatible with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more. Enterprise Control of Binaries and Build Artifacts Deliver innovation 24x7x365 with high availability. A single source of truth for components used across your entire software development lifecycle including QA, staging, and operations. Easily integrate with existing user and access provisioning systems including LDAP, Atlassian Crowd, and more. SAML/SSO authentication for enhanced security and single sign-on experience. See the Health of Your Software Supply Chain Repository Health Check (RHC) provides up-to-date component intelligence, so your teams make informed decisions early on. View components in need of remediation, prioritized by the severity of vulnerability. Easily avoid known security and license issues for Maven/Java, npm, NuGet, and PyPI components. Modern Features for Continuous Innovation Deploy directly to a desired repository with your choice of build or deployment tool or directly via HTTP. Stage and manage releases with dedicated security and automated rule validation. Enhanced staging provides streamlined oversight and approval of workflows for release candidates. Share binaries, snapshots and releases between groups of developers or post a collection of related, staged artifacts which can be easily tested, promoted, or discarded.


**Average Rating:** 4.5/5.0
**Total Reviews:** 21

**Who Is the Company Behind Sonatype Nexus Repository?**

- **Seller:** [Sonatype](https://www.g2.com/sellers/sonatype)
- **Year Founded:** 2008
- **HQ Location:** Fulton, US
- **Twitter:** @sonatype (10,589 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/210324/ (551 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 43% Enterprise, 39% Mid-Market



#### What Are Recent G2 Reviews of Sonatype Nexus Repository?

**"[Perfect solution for artifact management](https://www.g2.com/survey_responses/sonatype-nexus-repository-review-9115886)"**

**Rating:** 4.0/5.0 stars
*— Juan Diego P.*

[Read full review](https://www.g2.com/survey_responses/sonatype-nexus-repository-review-9115886)

---

**"[Easy to use repository for sharing artifacts within team](https://www.g2.com/survey_responses/sonatype-nexus-repository-review-9407466)"**

**Rating:** 4.0/5.0 stars
*— Ardhiya C.*

[Read full review](https://www.g2.com/survey_responses/sonatype-nexus-repository-review-9407466)

---


#### What Are G2 Users Discussing About Sonatype Nexus Repository?

- [What does a repository manager do?](https://www.g2.com/discussions/nexus-repository-manager-what-does-a-repository-manager-do)
- [What does a repository manager do?](https://www.g2.com/discussions/what-does-a-repository-manager-do)
- [What is Nexus repository tool?](https://www.g2.com/discussions/what-is-nexus-repository-tool)
- [What is Nexus software used for?](https://www.g2.com/discussions/what-is-nexus-software-used-for) - 1 comment
- [What is Nexus repository manager used for?](https://www.g2.com/discussions/what-is-nexus-repository-manager-used-for)

### 9. [Jit](https://www.g2.com/products/jit/reviews)
Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit&#39;s AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit&#39;s platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​


**Average Rating:** 4.5/5.0
**Total Reviews:** 43

**Who Is the Company Behind Jit?**

- **Seller:** [jit](https://www.g2.com/sellers/jit)
- **Year Founded:** 2021
- **HQ Location:** Boston, MA
- **Twitter:** @jit_io (522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 44% Mid-Market, 42% Small-Business


#### What Are Jit's Pros and Cons?

**Pros:**

- Security (10 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (7 reviews)
- Efficiency (7 reviews)
- Automation (6 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Limited Features (4 reviews)
- Limited Integration (4 reviews)
- Poor Documentation (4 reviews)
- Complexity (3 reviews)


### What Do G2 Reviewers Say About Jit?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate how Jit offers **seamless integration of security** into workflows, enhancing efficiency and consistency.
- Users appreciate the **ease of use** of Jit, enabling efficient processes and streamlined security integration without complexity.
- Users appreciate the **easy integrations** of Jit, streamlining security within their development workflows effortlessly.
- Users value the **efficiency of JIT** , which minimizes waste and streamlines processes for better productivity.
- Users appreciate the **automation of security controls** in Jit, which enhances workflow efficiency without adding overhead.

**Cons:**

- Users note **integration issues** with some enterprise tools, requiring extra setup and lacking comprehensive support for frameworks.
- Users find the **limited features** of Jit restrict customization and deeper analytics for complex environments.
- Users note the **limited integration** with certain tools, impacting functionality and requiring additional manual setup.
- Users feel the **documentation is lacking** , making advanced configurations and integrations challenging, especially for first-time users.
- Users find Jit&#39;s **complexity** overwhelming, particularly in configurations and for those unfamiliar with DevSecOps.

#### What Are Recent G2 Reviews of Jit?

**"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"**

**Rating:** 4.0/5.0 stars
*— Mohamed A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11751139)

---

**"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"**

**Rating:** 4.0/5.0 stars
*— Ali A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11750234)

---



### 10. [Finite State](https://www.g2.com/products/finite-state/reviews)
Finite State empowers device OEMs to ship securely while enabling engineering teams to move at the speed of AI, immediately transforming product artifacts into audit-ready assurance through a single automated workflow. Leveraging deep binary analysis and AI-native execution, the platform unifies code, compiled components, and firmware in minutes—connecting security design with deployed software. By continuously generating SBOMs, VEX, and signed compliance packages, Finite State enables connected device companies across industries such as medical devices and automotive to meet evolving regulations, including the EU Cyber Resilience Act (CRA), and deliver continuous compliance at speed. Learn more at https://finitestate.io/


**Average Rating:** 4.3/5.0
**Total Reviews:** 12

**Who Is the Company Behind Finite State?**

- **Seller:** [Finite State](https://www.g2.com/sellers/finite-state)
- **Company Website:** https://finitestate.io
- **Year Founded:** 2017
- **HQ Location:** Columbus, Ohio, United States
- **Twitter:** @FiniteStateInc (670 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/finitestate (78 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 50% Enterprise, 25% Mid-Market



#### What Are Recent G2 Reviews of Finite State?

**"[Deep Visibility Into Supply Chain Risks and CVEs—Boosting Product Security](https://www.g2.com/survey_responses/finite-state-review-12966722)"**

**Rating:** 5.0/5.0 stars
*— Suru S.*

[Read full review](https://www.g2.com/survey_responses/finite-state-review-12966722)

---

**"[Finite State Review: Firmware Security Simplified](https://www.g2.com/survey_responses/finite-state-review-12997919)"**

**Rating:** 5.0/5.0 stars
*— Prasanth B.*

[Read full review](https://www.g2.com/survey_responses/finite-state-review-12997919)

---



### 11. [SOOS](https://www.g2.com/products/soos/reviews)
SOOS is the complete application security posture management platform. Scan your software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate and manage Software Bill of Materials (SBOM), and fill out your compliance worksheets across all your teams. SOOS’s ASPM is a dynamic, comprehensive approach to safeguarding your application infrastructure from vulnerabilities across the Software Development Life Cycle (SDLC) and live deployments. Easy to integrate, all in one dashboard. SCA - Deep tree vulnerability scanning, license compliance, governance DAST - Automated Web &amp; API vulnerability scanning Containers - Scan contents for vulnerabilities SAST - Analyze code for security vulnerabilities IaC - Cloud security coverage SBOMs - Create – monitor – manage


**Average Rating:** 4.6/5.0
**Total Reviews:** 42

**Who Is the Company Behind SOOS?**

- **Seller:** [SOOS](https://www.g2.com/sellers/soos)
- **Year Founded:** 2019
- **HQ Location:** Winooski, US
- **Twitter:** @soostech (44 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/53122310 (24 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 50% Mid-Market, 43% Small-Business


#### What Are SOOS's Pros and Cons?

**Pros:**

- Ease of Use (9 reviews)
- Customer Support (5 reviews)
- Easy Integrations (5 reviews)
- Integrations (5 reviews)
- Easy Setup (4 reviews)

**Cons:**

- Lack of Guidance (3 reviews)
- Poor Reporting (3 reviews)
- Dashboard Issues (2 reviews)
- Inadequate Reporting (2 reviews)
- Lacking Features (2 reviews)


### What Do G2 Reviewers Say About SOOS?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find the **ease of use** of SOOS exceptional, appreciating user-friendly configurations and supportive onboarding experiences.
- Users praise the **awesome customer support** from SooS, enhancing their experience and setup process significantly.
- Users appreciate the **easy integrations** of SOOS, facilitating smooth development workflows without disruptions.
- Users value the **smooth integrations** of SOOS, ensuring effortless maintenance and reliable vulnerability visibility in workflows.
- Users love the **easy setup** of SOOS, enabling quick integration and intuitive usage for seamless API scanning.

**Cons:**

- Users note a **lack of guidance** in documentation and actionable remediation context, making onboarding and fixes challenging.
- Users find the **reporting poor** , lacking necessary filtering and grouping options for effective analysis of vulnerabilities.
- Users find the **dashboard issues** challenging, especially regarding reporting capabilities and asynchronous scanning limitations.
- Users find the **inadequate reporting** options in SOOS limit effective analysis and stakeholder communication.
- Users feel SOOS has **lacking features** , particularly in reporting options and intuitive navigation for new users.

#### What Are Recent G2 Reviews of SOOS?

**"[Awesome tool for detecting vulnerabilities within project dependecies](https://www.g2.com/survey_responses/soos-review-7753830)"**

**Rating:** 4.5/5.0 stars
*— Nayan C.*

[Read full review](https://www.g2.com/survey_responses/soos-review-7753830)

---

**"[Reliable continuous security assessment for our pipelines](https://www.g2.com/survey_responses/soos-review-7744758)"**

**Rating:** 4.0/5.0 stars
*— Brallan G.*

[Read full review](https://www.g2.com/survey_responses/soos-review-7744758)

---



### 12. [Cybeats](https://www.g2.com/products/cybeats/reviews)
Cybeats is at the forefront of cybersecurity innovation and is focused explicitly on automating Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) management. Our platform has built-in support for HBOM and AIBOM. Our mission is to empower organizations to rapidly identify and address vulnerabilities, significantly reducing costs while enhancing the security posture of their products. With our focus on the vision of &quot;Building trust in every layer of your technology,&quot; Cybeats provides a robust platform that ensures transparency and security throughout the technological stack. Core Offerings - SBOM Management &amp; Continuous Monitoring Cybeats offers a scalable solution for managing and monitoring SBOMs. Our platform stores enriches and distributes SBOMs efficiently across the organization and the organization&#39;s customers. This continuous monitoring helps proactively identify and mitigate software component risks. - SBOM Inventory &amp; Management We provide a centralized system for SBOM inventory management that ensures all software components are accounted for, up-to-date, and secure. This systematic approach helps maintain a clear overview of all software elements, facilitating easier management and compliance. - Vulnerability Lifecycle Management (VLM) Our VLM capabilities integrate Vulnerability Exploitability Exchange (VEX) and Vulnerability Disclosure Program (VDP) processes. This integration helps identify, assess, manage, and mitigate vulnerabilities throughout their lifecycle, ensuring continuous protection against potential software supply chain threats. - Regulatory Compliance Cybeats aligns with global regulatory requirements, assisting organizations in staying compliant with evolving cybersecurity standards. Our solution simplifies compliance management, reducing the complexity and resources required to meet legal and industry standards. With the introduction of regulatory requirements of the FDA pre-market and post-market, the EU CRA, PCI-SSF, and others, companies that develop software-based products must align with the SBOM and Vulnerability management requirements. - OSS and Comercial Licensing Risk Assessment Understanding and managing licensing risks associated with software components is crucial. Cybeats provides tools to assess these risks, helping organizations avoid legal and financial repercussions related to software licensing. - SBOM Sharing and Exchange We facilitate secure sharing and exchange of SBOMs within and across organizations. This capability ensures that all parties in the software supply chain have access to accurate and timely information, enhancing collaborative efforts toward secure software development.


**Average Rating:** 4.4/5.0
**Total Reviews:** 15

**Who Is the Company Behind Cybeats?**

- **Seller:** [CYBEATS](https://www.g2.com/sellers/cybeats)
- **Year Founded:** 2017
- **HQ Location:** Toronto, Ontario
- **Twitter:** @cybeatstech (616 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cybeats/ (32 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 47% Small-Business, 33% Mid-Market



#### What Are Recent G2 Reviews of Cybeats?

**"[Great Computer Security Service Solutin](https://www.g2.com/survey_responses/cybeats-review-7160083)"**

**Rating:** 4.5/5.0 stars
*— Patrícia P.*

[Read full review](https://www.g2.com/survey_responses/cybeats-review-7160083)

---

**"[A safe and secure enterprise supply chain management system is created and enabled by Cybeats](https://www.g2.com/survey_responses/cybeats-review-7468992)"**

**Rating:** 4.5/5.0 stars
*— Karan C.*

[Read full review](https://www.g2.com/survey_responses/cybeats-review-7468992)

---



### 13. [Socket](https://www.g2.com/products/socket-socket/reviews)
Socket is the leading developer-first security platform that protects modern applications from malicious and vulnerable open source dependencies. By combining real-time package monitoring with AI-powered code analysis, Socket detects and blocks supply chain attacks within minutes of publication. With advanced reachability analysis, automated remediation, and license compliance features, Socket enables teams to focus on building software, while we keep their open source code secure.


**Average Rating:** 4.7/5.0
**Total Reviews:** 10

**Who Is the Company Behind Socket?**

- **Seller:** [Socket](https://www.g2.com/sellers/socket)
- **Year Founded:** 2020
- **HQ Location:** San Francisco, US
- **Twitter:** @SocketSecurity (21,558 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/socketinc/ (115 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 40% Mid-Market, 30% Enterprise


#### What Are Socket's Pros and Cons?

**Pros:**

- Security (3 reviews)
- Open Source (2 reviews)
- Accuracy of Findings (1 reviews)
- Alerts (1 reviews)
- Comprehensive Security (1 reviews)

**Cons:**

- Missing Features (1 reviews)
- System Slowness (1 reviews)


### What Do G2 Reviewers Say About Socket?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend Socket for its **high-signal malware detection** and proactive support, enhancing supply chain security significantly.
- Users commend Socket for its **thorough open source security analysis** , greatly enhancing package evaluation and simplifying workflows.
- Users commend Socket for its **highly accurate analysis** , enhancing efficiency in managing open source security challenges.
- Users value the **proactive alerts** for supply chain attacks, ensuring strong security and quick customer support responses.
- Users value the **comprehensive security** offered by Socket, enhancing decision-making in managing software supply-chain risks.

**Cons:**

- Users find the **missing features** of Socket limiting, wishing for more use case coverage to streamline their tools.
- Users report **system slowness** , particularly with UI loading times, which can hinder overall usability.

#### What Are Recent G2 Reviews of Socket?

**"[Unique Approach to Supply Chain Security Problem and Does It Really Well](https://www.g2.com/survey_responses/socket-review-12052484)"**

**Rating:** 5.0/5.0 stars
*— Sindhoor H.*

[Read full review](https://www.g2.com/survey_responses/socket-review-12052484)

---

**"[Essential Tool for Application Security with Stellar MCP Feature](https://www.g2.com/survey_responses/socket-review-12686360)"**

**Rating:** 5.0/5.0 stars
*— Shreejal M.*

[Read full review](https://www.g2.com/survey_responses/socket-review-12686360)

---



### 14. [Arnica](https://www.g2.com/products/arnica/reviews)
Arnica is a comprehensive application security posture management (ASPM) platform that protects developers, source code, and products throughout the software development lifecycle. The platform provides real-time application security scanning with 100% coverage across the software supply chain, addressing risks in Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC), hardcoded secrets detection, and more. At its core, Arnica offers AI-native security governance that takes control of AI-generated code through advanced AI SAST scanning and agentic rules enforcement. The platform automatically injects centrally-controlled security requirements into AI coding agents like Copilot, Cursor, and Claude at the point of code generation, ensuring every line of AI-written code is secure by default before vulnerabilities reach production. This approach addresses 92% of risks before they ever reach production environments. Arnica&#39;s pipelineless architecture provides automatic coverage for every repository without requiring CI/CD pipeline integrations or IDE deployments. The platform scans every code change at the feature branch level, delivering developer-native workflows that keep teams focused on building features rather than chasing security issues. Risk prioritization is enhanced through OWASP Top 10, CVSS, EPSS, and KEV scoring, combined with organizational context to surface the most critical vulnerabilities. The platform excels in developer experience by delivering security findings directly within existing workflows through Slack, Microsoft Teams, pull request comments, and automated ticket management in Jira and Azure DevOps Boards. AI-powered mitigation suggestions provide context-aware, automated fixes that align with organizational coding standards, significantly reducing mean-time-to-remediation. Key security capabilities include real-time secrets detection with automatic validation and mitigation, comprehensive container scanning that maps vulnerabilities directly to source code, and intelligent dependency management with automated SCA upgrades. The platform maintains SOC 2 Type 2 compliance and ISO 27001 certification, ensuring enterprise-grade security standards. Arnica&#39;s unique value proposition lies in its ability to scale security across entire organizations while maintaining development velocity, providing complete visibility into code risks, and enabling proactive security measures that prevent vulnerabilities from reaching production environments.


**Average Rating:** 4.9/5.0
**Total Reviews:** 8

**Who Is the Company Behind Arnica?**

- **Seller:** [Arnica](https://www.g2.com/sellers/arnica)
- **Company Website:** https://www.arnica.io
- **Year Founded:** 2021
- **HQ Location:** Alpharetta, Georgia
- **Twitter:** @arnicaio (124 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/arnica-io/about (60 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 63% Enterprise, 25% Small-Business


#### What Are Arnica's Pros and Cons?

**Pros:**

- Accuracy of Findings (1 reviews)
- Actionable Recommendations (1 reviews)
- Ease of Use (1 reviews)
- Easy Setup (1 reviews)
- Remediation Solutions (1 reviews)

**Cons:**

- Paid Features (1 reviews)


### What Do G2 Reviewers Say About Arnica?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of findings** from Arnica, which enhances security while ensuring proper privilege management.
- Users value the **actionable recommendations** from Arnica, enabling effective reduction of unused privileges and security risks.
- Users praise the **ease of setup** for Arnica, noting a quick and efficient administration process.
- Users love the **easy setup** of Arnica, allowing for quick administration and efficient implementation without hassle.
- Users value Arnica for its ability to **simplify remediation of over-provisioning** in source code repositories, enhancing security effortlessly.

**Cons:**

- Users express concerns about **paid features limited to GitHub Enterprise** , restricting access for smaller teams to essential protections.

#### What Are Recent G2 Reviews of Arnica?

**"[Developer-friendly AppSec with a flexible policy engine](https://www.g2.com/survey_responses/arnica-review-12962349)"**

**Rating:** 5.0/5.0 stars
*— Thomas G.*

[Read full review](https://www.g2.com/survey_responses/arnica-review-12962349)

---

**"[Intuitive Dashboards and AI That Finds Real Issues](https://www.g2.com/survey_responses/arnica-review-12972680)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/arnica-review-12972680)

---


#### What Are G2 Users Discussing About Arnica?

- [What is Arnica used for?](https://www.g2.com/discussions/what-is-arnica-used-for)

### 15. [Endor Labs](https://www.g2.com/products/endor-labs/reviews)
Endor Labs turns application security into a competitive advantage. At the core is AURI, the security harness for agentic development. It helps coding agents write secure code by default, automates PR security reviews, and gives agents deterministic context to fix what matters fast. At the core is our patented code context graph: a continuously updated model of application behavior across code, dependencies, secrets, and containers. The result: 83% fewer blocked PRs, 10x fewer security tickets, and 6x faster remediation at Atlassian, Cursor, Rubrik, and Snowflake.


**Average Rating:** 4.8/5.0
**Total Reviews:** 9

**Who Is the Company Behind Endor Labs?**

- **Seller:** [Endor Labs](https://www.g2.com/sellers/endor-labs)
- **Company Website:** https://www.endorlabs.com/
- **Year Founded:** 2021
- **HQ Location:** Palo Alto, California, United States
- **Twitter:** @EndorLabs (592 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/endorlabs (207 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 78% Mid-Market, 22% Enterprise


#### What Are Endor Labs's Pros and Cons?

**Pros:**

- Features (5 reviews)
- Ease of Use (4 reviews)
- Accuracy of Findings (3 reviews)
- Customer Support (3 reviews)
- Integration Support (3 reviews)

**Cons:**

- UX Improvement (3 reviews)
- API Limitations (1 reviews)
- Difficult Setup (1 reviews)
- Integration Issues (1 reviews)
- Missing Features (1 reviews)


### What Do G2 Reviewers Say About Endor Labs?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **reachability analysis feature** of Endor Labs for its precise recommendations and user-friendly interface.
- Users find the **ease of use** of Endor Labs remarkable, making data access and functionality straightforward and efficient.
- Users praise the **accuracy of findings** from Endor Labs, noting significant improvements in risk assessment and usability.
- Users value the **responsive customer support** of Endor Labs, which promptly addresses issues and implements feature requests.
- Users value the **responsive integration support** from Endor Labs, making setup and troubleshooting hassle-free and efficient.

**Cons:**

- Users feel that the **UI/UX requires improvements** , particularly in API accessibility and integration features.
- Users feel there are **API limitations** in Endor Labs, wishing for more features to be accessible in the UI.
- Users find the **difficult setup** of Endor Labs challenging due to unclear error messages during project integration.
- Users find **integration issues** frustrating, particularly with Jira, but improvements are in progress.
- Users find the **UI/UX lacking** , particularly in authentication clarity and branch monitoring settings.

#### What Are Recent G2 Reviews of Endor Labs?

**"[Took the SCA scans to whole another level with their reachability analysis](https://www.g2.com/survey_responses/endor-labs-review-11697384)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/endor-labs-review-11697384)

---

**"[Easy SCA Integration with Clear, Actionable Vulnerability Insights](https://www.g2.com/survey_responses/endor-labs-review-12503518)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Security and Investigations*

[Read full review](https://www.g2.com/survey_responses/endor-labs-review-12503518)

---



### 16. [Jscrambler](https://www.g2.com/products/jscrambler/reviews)
Jscrambler is the leader in Client-Side Security for the modern, composable web. As organizations increasingly build digital experiences through third-party software supply chains and AI-powered agents, sensitive data is now created directly in the browser — the point of creation for digital interactions — making it one of the enterprise’s most privileged yet least governed attack surfaces. Jscrambler’s Client-Side Security Platform is powered by a Behavioral Enforcement Core that governs how application code, third-party scripts, and sensitive data behave at runtime. By enforcing software integrity and data governance directly in the browser, the platform ensures sensitive data and AI inputs are controlled according to enterprise policy at the point of creation — before they leave the client environment. Trusted by leading global retailers, airlines, financial services providers, and healthcare organizations, Jscrambler provides the visibility and enforcement organizations need to stop client-side attacks, prevent data leakage, and maintain compliance with regulations including PCI DSS, GDPR, HIPAA, CCPA, and the EU AI Act.


**Average Rating:** 4.4/5.0
**Total Reviews:** 31

**Who Is the Company Behind Jscrambler?**

- **Seller:** [Jscrambler](https://www.g2.com/sellers/jscrambler)
- **Company Website:** https://jscrambler.com
- **Year Founded:** 2014
- **HQ Location:** San Francisco, California
- **Twitter:** @Jscrambler (1,161 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1005462/ (89 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 35% Mid-Market, 29% Small-Business


#### What Are Jscrambler's Pros and Cons?

**Pros:**

- Ease of Use (3 reviews)
- Automation (2 reviews)
- Customer Support (2 reviews)
- Security (2 reviews)
- Comprehensive Overview (1 reviews)

**Cons:**

- Slow Performance (2 reviews)
- Dashboard Issues (1 reviews)
- Difficult Initiation (1 reviews)
- Error Handling (1 reviews)
- Lack of Guidance (1 reviews)


### What Do G2 Reviewers Say About Jscrambler?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Jscrambler, highlighting its user-friendly interface and seamless integration.
- Users value the **automation capabilities** of Jscrambler, seamlessly integrating it into CI/CD pipelines for enhanced security.
- Users commend the **rapid and helpful customer support** of Jscrambler, enhancing their overall experience significantly.
- Users praise Jscrambler for its **robust security features** that effectively protect intellectual property in web applications.
- Users value the **comprehensive overview** of Jscrambler, enhancing security and performance through gradual feature enablement.

**Cons:**

- Users experience **slow performance** that affects user experience, requiring tuning and better documentation for improvement.
- Users feel the **dashboard lacks detail** , needing enhancements for a clearer view of each installation.
- Users experience a **difficult initiation** with Jscrambler, as the installation process is complex and involves a learning curve.
- Users experience **intermittent issues with obfuscated pages** and project file limits, complicating their workflow.
- Users often experience **limited guidance** for exporting reports, leading to frustration and inefficiency in the application.

#### What Are Recent G2 Reviews of Jscrambler?

**"[Unmatched Code Protection with Jscrambler](https://www.g2.com/survey_responses/jscrambler-review-12607132)"**

**Rating:** 5.0/5.0 stars
*— Bruno V.*

[Read full review](https://www.g2.com/survey_responses/jscrambler-review-12607132)

---

**"[Jscrambler Integrates Seamlessly Into CI/CD for Enhanced Web App Security](https://www.g2.com/survey_responses/jscrambler-review-11802189)"**

**Rating:** 5.0/5.0 stars
*— Daniel G.*

[Read full review](https://www.g2.com/survey_responses/jscrambler-review-11802189)

---


#### What Are G2 Users Discussing About Jscrambler?

- [What is Jscrambler used for?](https://www.g2.com/discussions/what-is-jscrambler-used-for)

### 17. [Cloudsmith](https://www.g2.com/products/cloudsmith/reviews)
Cloudsmith is the modern artifact management and software supply chain security platform. It gives engineering teams a unified control layer for every package, container, binary, and ML model moving through their software supply chain – across 30+ formats, with built-in policy enforcement and continuous security monitoring. Modern engineering teams assemble software more than they author it and AI agents pull in open source dependencies at a pace that exceeds ad hoc governance. Cloudsmith functions as a private registry that sits between public sources and your builds; It is the first place every artifact lands and where policy enforcement occurs before anything enters your environment. Splitting artifact management and security across disconnected tools causes teams to lose the consistent visibility and control they need to move fast – and with confidence. Cloudsmith replaces that complexity with a unified platform that scales with your organization. Built for platform engineering teams, security leads, and the engineering leaders who support them, Cloudsmith reduces the operational burden of managing artifact infrastructure, enforces governance consistently across every team and format, and gives organizations full traceability across their supply chain.


**Average Rating:** 4.5/5.0
**Total Reviews:** 42

**Who Is the Company Behind Cloudsmith?**

- **Seller:** [Cloudsmith](https://www.g2.com/sellers/cloudsmith)
- **Company Website:** https://cloudsmith.com
- **Year Founded:** 2016
- **HQ Location:** Belfast, Northern Ireland
- **Twitter:** @cloudsmith (1,094 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cloudsmith/ (152 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 38% Small-Business, 36% Mid-Market


#### What Are Cloudsmith's Pros and Cons?

**Pros:**

- Ease of Use (2 reviews)
- Integrations (2 reviews)
- Reliability (2 reviews)
- Cloud Integration (1 reviews)
- Development Efficiency (1 reviews)

**Cons:**

- Difficult Setup (1 reviews)
- Expensive (1 reviews)
- Integration Issues (1 reviews)


### What Do G2 Reviewers Say About Cloudsmith?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of Cloudsmith, appreciating its simplicity and streamlined artifact management across formats.
- Users value the **seamless integrations** of Cloudsmith, simplifying workflows and enhancing artifact management across all formats.
- Users value the **reliability** of Cloudsmith, experiencing no issues or downtime during daily artifact management operations.
- Users value the **cloud-native integration** of Cloudsmith, simplifying artifact management and enhancing efficiency across multiple formats.
- Users value the **development efficiency** of Cloudsmith, thanks to its simplicity and comprehensive support for various artifact types.

**Cons:**

- Users struggle with a **difficult setup** , facing challenges related to onboarding and native integrations in Cloudsmith.
- Users find the **pricing model too expensive** , especially for teams with large artifacts or frequent downloads.
- Users find **integration issues** with Cloudsmith due to unclear onboarding and costly pricing based on usage metrics.

#### What Are Recent G2 Reviews of Cloudsmith?

**"[An Excellent Platform for a Secure Software Supply Chain ](https://www.g2.com/survey_responses/cloudsmith-review-12507384)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Semiconductors*

[Read full review](https://www.g2.com/survey_responses/cloudsmith-review-12507384)

---

**"[Streamlined Artifact Management with Stellar Support](https://www.g2.com/survey_responses/cloudsmith-review-12919092)"**

**Rating:** 4.5/5.0 stars
*— Benjamin J.*

[Read full review](https://www.g2.com/survey_responses/cloudsmith-review-12919092)

---


#### What Are G2 Users Discussing About Cloudsmith?

- [What is Cloudsmith used for?](https://www.g2.com/discussions/what-is-cloudsmith-used-for) - 1 comment

### 18. [DryRun Security](https://www.g2.com/products/dryrun-security/reviews)
Security leaders face a paradox: ship faster and enable agentic development while staying secure and keeping developers productive. DryRun Security resolves this by securing every pull request and repo with a high-precision, automated security engineer review right where developers and their agents build. DryRun Security is the industry’s most accurate agentic code security intelligence platform. Powered by its proprietary Contextual Security Analysis (CSA) engine, DryRun Security delivers the AI moment for security teams in an AI-native developer world. Traditional static application security testing (SAST) floods teams with alerts, misses higher-order risk, and burns time in triage. DryRun Security goes beyond SAST with contextual analysis that prioritizes what is exploitable and impactful in your codebase, then helps engineers remediate fast. Instead of “find everything and hope someone sorts it out,” DryRun Security delivers code security intelligence that is ready to act on. DryRun Security puts a security engineer directly into developer workflows. In pull requests, the Code Review Agent reviews changes in context, explains risk in plain language, and guides fixes where developers already work. In repos, the DeepScan Agent produces focused, human-grade findings for the issues that actually matter, without weeks of manual review before major milestones. The Custom Policy Agent enforces guardrails with Natural Language Code Policies, so you can standardize security and compliance requirements across teams without brittle rule sets. Codebase Insights allows leaders to ask questions of their entire codebase like &quot;Are we exposed to this new vulnerability&quot; and have confidence in minutes. DryRun Security also integrates with AI coding workflows, so remediation happens with the precision of a security engineer working at machine speed. Teams connect DryRun Security insights and guidance into Claude, Cursor, OpenAI Codex, and Windsurf, helping developers and their agents fix issues with contextual, security-engineered direction tied to the PR and codebase. What DryRun Security delivers (beyond SAST) • Automated secure code review in every pull request with high-signal findings and low noise • Contextual Security Analysis that catches common vulnerabilities and deeper multi-dependency and logic risks • Automated remediation guidance that helps engineers fix faster, with explanations and next steps • Secrets analysis identifies genuine hardcoded secrets and suppresses the usual false alarms • Policy enforcement in PRs using Natural Language Code Policies for consistent guardrails across repos • Codebase intelligence and reporting for AppSec visibility, prioritization, and audit-ready evidence DryRun Security supports most code environments, languages, and frameworks, including: • GitHub, GitLab • C#, Golang, Elixir, JavaScript, TypeScript, Python, Ruby, Java, Kotlin, PHP, Swift, HTML • Infrastructure as Code (Terraform, YAML) • And more


**Average Rating:** 4.9/5.0
**Total Reviews:** 20

**Who Is the Company Behind DryRun Security?**

- **Seller:** [DryRun Security](https://www.g2.com/sellers/dryrun-security)
- **Year Founded:** 2023
- **HQ Location:** Austin, US
- **LinkedIn® Page:** https://www.linkedin.com/company/dryrun-security/ (16 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer &amp; Network Security
- **Company Size:** 40% Small-Business, 30% Mid-Market


#### What Are DryRun Security's Pros and Cons?

**Pros:**

- Security (13 reviews)
- Vulnerability Detection (9 reviews)
- Features (8 reviews)
- Accuracy (7 reviews)
- Easy Setup (7 reviews)

**Cons:**

- Slow Performance (2 reviews)
- Slow Speed (2 reviews)
- UX Improvement (2 reviews)
- Limited Customization (1 reviews)
- Workflow Issues (1 reviews)


### What Do G2 Reviewers Say About DryRun Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **context-aware security feedback** of DryRun Security, effectively reducing vulnerabilities before deployment.
- Users value the **context-aware vulnerability detection** of DryRun Security, enhancing their ability to deliver secure code efficiently.
- Users value the **seamless integration and advanced detections** of DryRun Security, greatly enhancing their code security processes.
- Users commend DryRun Security for its **high accuracy in detecting vulnerabilities** , especially in complex logic flows and AI-generated code.
- Users find the **easy setup** of DryRun Security to be seamless, enhancing their workflow and accelerating secure development.

**Cons:**

- Users experience **slow performance** in the management portal, with noticeable loading times affecting usability and efficiency.
- Users find the **slow speed** of the management portal frustrating, affecting overall usability and efficiency.
- Users note the **sluggish UI** and desire enhancements for a more developer-friendly experience in DryRun Security.
- Users desire more **customization options** for the analyzers to enhance their experience with DryRun Security.
- Users feel there&#39;s a need for **better workflow integration** to enhance the developer experience and encourage adoption.

#### What Are Recent G2 Reviews of DryRun Security?

**"[Catches Logic and Authorization Flaws Traditional SAST Often Misses](https://www.g2.com/survey_responses/dryrun-security-review-12357188)"**

**Rating:** 5.0/5.0 stars
*— Jabez A.*

[Read full review](https://www.g2.com/survey_responses/dryrun-security-review-12357188)

---

**"[Next Gen of SAST Tool That Has Cutting Edge Tech](https://www.g2.com/survey_responses/dryrun-security-review-12462338)"**

**Rating:** 5.0/5.0 stars
*— Francis D.*

[Read full review](https://www.g2.com/survey_responses/dryrun-security-review-12462338)

---



### 19. [Xygeni](https://www.g2.com/products/xygeni/reviews)
Secure your Software Development and Delivery! Xygeni Security specializes in Application Security Posture Management (ASPM), using deep contextual insights to effectively prioritize and manage security risks while minimizing noise and overwhelming alerts. Our innovative technologies automatically detect malicious code in real-time upon new and updated components publication, immediately notifying customers and quarantining affected components to prevent potential breaches. With extensive coverage spanning the entire Software Supply Chain—including Open Source components, CI/CD processes and infrastructure, Anomaly detection, Secret leakage, Infrastructure as Code (IaC), and Container security—Xygeni ensures robust protection for your software applications. Trust Xygeni to protect your operations and empower your team to build and deliver with integrity and security.


**Average Rating:** 4.6/5.0
**Total Reviews:** 4

**Who Is the Company Behind Xygeni?**

- **Seller:** [Xygeni Security](https://www.g2.com/sellers/xygeni-security)
- **Year Founded:** 2021
- **HQ Location:** Madrid, ES
- **Twitter:** @xygeni (178 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/xygeni/ (30 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 60% Small-Business, 40% Mid-Market


#### What Are Xygeni's Pros and Cons?

**Pros:**

- Comprehensive Security (2 reviews)
- Prioritization (2 reviews)
- Risk Management (2 reviews)
- Security (2 reviews)
- Cloud Integration (1 reviews)

**Cons:**

- Difficult Setup (1 reviews)
- Learning Curve (1 reviews)


### What Do G2 Reviewers Say About Xygeni?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend the **comprehensive security** of Xygeni, enhancing their development process with effective risk management and compliance.
- Users value Xygeni&#39;s **contextual risk prioritization** , empowering teams to focus on critical security issues effectively.
- Users highlight the **advanced risk management capabilities** of Xygeni, effectively identifying and prioritizing security vulnerabilities.
- Users value the **robust security features** of Xygeni, enabling proactive threat management and compliance automation in development.
- Users value the **seamless CI/CD integration** of Xygeni, enhancing security while maintaining efficient development processes.

**Cons:**

- Users experience **difficult setup** with Xygeni, as certain edge cases complicate the integration with CI/CD pipelines.
- Users note a **steep learning curve** for first-time users, requiring familiarity with AppSec best practices.

#### What Are Recent G2 Reviews of Xygeni?

**"[The essential tool for proactive security and confident development](https://www.g2.com/survey_responses/xygeni-review-11393516)"**

**Rating:** 4.5/5.0 stars
*— Marcos C.*

[Read full review](https://www.g2.com/survey_responses/xygeni-review-11393516)

---

**"[Revolutionized Our Security Workflow with Unified, AI-Driven Efficiency](https://www.g2.com/survey_responses/xygeni-review-11998435)"**

**Rating:** 5.0/5.0 stars
*— Yerassyl K.*

[Read full review](https://www.g2.com/survey_responses/xygeni-review-11998435)

---



### 20. [Arnica EmailServer](https://www.g2.com/products/arnica-emailserver/reviews)
Arnica EmailServer is an enterprise-strength tool for automating both mass-emailing and single email processing tasks.


**Average Rating:** 4.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind Arnica EmailServer?**

- **Seller:** [Arnica](https://www.g2.com/sellers/arnica)
- **Year Founded:** 2021
- **HQ Location:** Alpharetta, Georgia
- **Twitter:** @arnicaio (124 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/arnica-io/about (60 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of Arnica EmailServer?

**"[Email control and management](https://www.g2.com/survey_responses/arnica-emailserver-review-5191040)"**

**Rating:** 4.0/5.0 stars
*— Miguel E.*

[Read full review](https://www.g2.com/survey_responses/arnica-emailserver-review-5191040)

---


#### What Are G2 Users Discussing About Arnica EmailServer?

- [What is Arnica EmailServer used for?](https://www.g2.com/discussions/what-is-arnica-emailserver-used-for)

### 21. [Cycode](https://www.g2.com/products/cycode/reviews)
Cycode’s AI-Native Application Security Platform unites security and development teams with actionable context from code to runtime to identify, prioritize, and fix the software risks that matter. Powered by proprietary scanners, third-party integrations, and the Context Intelligence Graph (CIG), Cycode delivers unified, correlated insight across the Software Factory. Its unique ability to sense, reason, and act with context in the AI-Era comes from its foundational convergence of AST, ASPM, and Software Supply Chain Security—purpose-built to secure both AI- and human-generated code.


**Average Rating:** 4.0/5.0
**Total Reviews:** 2

**Who Is the Company Behind Cycode?**

- **Seller:** [Cycode](https://www.g2.com/sellers/cycode)
- **Year Founded:** 2019
- **HQ Location:** New York, New York, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/cycode (159 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 67% Mid-Market, 33% Enterprise



#### What Are Recent G2 Reviews of Cycode?

**"[Totally impressed with cycode](https://www.g2.com/survey_responses/cycode-review-9567648)"**

**Rating:** 4.0/5.0 stars
*— J P.*

[Read full review](https://www.g2.com/survey_responses/cycode-review-9567648)

---

**"[Cycode abilities](https://www.g2.com/survey_responses/cycode-review-7475976)"**

**Rating:** 4.0/5.0 stars
*— Sachin P.*

[Read full review](https://www.g2.com/survey_responses/cycode-review-7475976)

---



### 22. [ReversingLabs](https://www.g2.com/products/reversinglabs/reviews)
ReversingLabs is the trusted name in file and software security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, RL Spectra Core powers the software supply chain and file security insights, tracking over 422 billion searchable files with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.


**Average Rating:** 4.7/5.0
**Total Reviews:** 10

**Who Is the Company Behind ReversingLabs?**

- **Seller:** [ReversingLabs](https://www.g2.com/sellers/reversinglabs)
- **Year Founded:** 2009
- **HQ Location:** Cambridge, US
- **Twitter:** @ReversingLabs (7,022 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/reversinglabs/ (321 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 80% Small-Business, 10% Mid-Market


#### What Are ReversingLabs's Pros and Cons?

**Pros:**

- Accuracy of Information (2 reviews)
- Customer Support (2 reviews)
- Efficiency (2 reviews)
- Prioritization (2 reviews)
- Reliability (2 reviews)

**Cons:**

- Complex Querying (1 reviews)
- Confusing Interface (1 reviews)
- Navigation Issues (1 reviews)
- UX Improvement (1 reviews)


### What Do G2 Reviewers Say About ReversingLabs?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend the **accuracy of information** from ReversingLabs, benefiting from its vast repository of files.
- Users appreciate the **exceptional customer support** of ReversingLabs, noting its clarity and involvement in addressing needs.
- Users commend the **seamless efficiency** of ReversingLabs, appreciating its easy setup and high-quality support throughout.
- Users commend ReversingLabs for its **effective risk prioritization** and comprehensive support throughout the onboarding process.
- Users commend the **high reliability** of ReversingLabs, appreciating its seamless setup and extensive file repository.

**Cons:**

- Users find the **endpoints for checking usage confusing** , which complicates the overall experience with ReversingLabs.
- Users find the **interface confusing** when checking usage through the available endpoints.
- Users find the **navigation issues** with endpoints for checking usage to be quite confusing and frustrating.
- Users feel that the **UI could be nicer** , but it doesn&#39;t hinder their overall experience with ReversingLabs.

#### What Are Recent G2 Reviews of ReversingLabs?

**"[Deep File Reputation Intelligence with Excellent Format Coverage](https://www.g2.com/survey_responses/reversinglabs-review-12547875)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/reversinglabs-review-12547875)

---

**"[Very good, with small drawbacks in the interface](https://www.g2.com/survey_responses/reversinglabs-review-12310983)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/reversinglabs-review-12310983)

---



### 23. [Sonatype Lifecycle](https://www.g2.com/products/sonatype-lifecycle/reviews)
Continuously secure your software supply chain with Sonatype Nexus Lifecycle, a software composition analysis (SCA) solution. Nexus Lifecycle helps development, security, and compliance teams reduce open source risk without slowing delivery. It detects vulnerable or non-compliant components early, provides clear remediation guidance, and enforces the same policies from development through CI/CD and release - powered by Sonatype Nexus Intelligence. Choose safer components up front: A Chrome extension and IDE integrations surface vulnerability, license, and quality insights as developers browse public repositories or add dependencies. Fix issues fast where work happens: In Eclipse, IntelliJ, and Visual Studio, developers can see exactly what&#39;s wrong and upgrade to an approved version with a click - no guesswork. Automate remediation in source control: Integrations with GitHub, GitLab, and Atlassian Bitbucket can comment on pull/merge requests and identify the specific dependency change that introduces risk, along with recommended versions to resolve it. You can also generate automated pull requests to update components that violate policy. Enforce open source policies across the SDLC: Create security, license, and architectural policies tailored by application type, team, or organization, then apply them consistently in developer tools, CI/CD, and repositories to prevent risky components from reaching production. Generate SBOMs in minutes: Produce accurate Software Bills of Materials (SBOMs) per application to understand what components and transitive dependencies are in use and verify compliance. Prove progress with reporting: Track trends like Mean Time to Resolution (MTTR) and violation reduction over time to demonstrate measurable risk reduction to stakeholders. Nexus Lifecycle integrates with common developer, CI/CD, and repository tools including Nexus Repository, Artifactory, Jira, Jenkins, Azure DevOps, and more.


**Average Rating:** 4.2/5.0
**Total Reviews:** 3

**Who Is the Company Behind Sonatype Lifecycle?**

- **Seller:** [Sonatype](https://www.g2.com/sellers/sonatype)
- **Year Founded:** 2008
- **HQ Location:** Fulton, US
- **Twitter:** @sonatype (10,589 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/210324/ (551 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 75% Enterprise, 25% Mid-Market



#### What Are Recent G2 Reviews of Sonatype Lifecycle?

**"[Best SCA tool in the market for Java, and .NET](https://www.g2.com/survey_responses/sonatype-lifecycle-review-6933703)"**

**Rating:** 5.0/5.0 stars
*— Vis C.*

[Read full review](https://www.g2.com/survey_responses/sonatype-lifecycle-review-6933703)

---

**"[So many features, easily configurable and wide support for a lot of languages](https://www.g2.com/survey_responses/sonatype-lifecycle-review-4165826)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Financial Services*

[Read full review](https://www.g2.com/survey_responses/sonatype-lifecycle-review-4165826)

---



### 24. [Sonatype Repository Firewall](https://www.g2.com/products/sonatype-repository-firewall/reviews)
Sonatype Repository Firewall helps protect your software supply chain by blocking open source malware and other high-risk components before they enter your artifact repositories and development workflows. Repository Firewall evaluates components at the point of download using automated analysis plus policy enforcement, so risky packages can be prevented (or quarantined) before they spread across builds, teams, and environments. Key capabilities: - Detect and block known and suspicious open source malware before it reaches developers - Enforce security, license, and quality policies early, at the repository perimeter - Identify risky or malicious components already present in repositories to support cleanup and response - Provide clear, auditable policy decisions and guidance so teams understand why a component was blocked and what to use instead - Integrate with common repository managers (including Nexus Repository and JFrog Artifactory) to add protection without slowing delivery Repository Firewall is ideal for organizations that depend heavily on public registries and want a preventative control to reduce supply chain attacks, lower rework, and keep development moving with trusted components.


**Average Rating:** 5.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind Sonatype Repository Firewall?**

- **Seller:** [Sonatype](https://www.g2.com/sellers/sonatype)
- **Year Founded:** 2008
- **HQ Location:** Fulton, US
- **Twitter:** @sonatype (10,589 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/210324/ (551 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market


#### What Are Sonatype Repository Firewall's Pros and Cons?

**Pros:**

- Control (1 reviews)
- Network Security (1 reviews)
- Protection (1 reviews)

**Cons:**

- Expertise Required (1 reviews)
- Inadequate Learning Resources (1 reviews)
- Poor Customer Support (1 reviews)


### What Do G2 Reviewers Say About Sonatype Repository Firewall?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **control over security** that Sonatype Repository Firewall provides, ensuring safe use of approved components.
- Users value the **network security** of Sonatype Repository Firewall, ensuring data protection and prevention of unapproved components.
- Users value the **protection against malicious activities** provided by Sonatype Repository Firewall, ensuring data and network security.

**Cons:**

- Users note that **expertise is required** to effectively utilize Sonatype Repository Firewall, impacting ease of use and support.
- Users report a **lack of adequate learning resources** , hindering understanding of SDLC and Nexus Repository Manager.
- Users report **poor customer support** , lacking necessary technical knowledge and understanding of product solutions.

#### What Are Recent G2 Reviews of Sonatype Repository Firewall?

**"[Nexus Firewall](https://www.g2.com/survey_responses/sonatype-repository-firewall-review-7860570)"**

**Rating:** 5.0/5.0 stars
*— Preeti R.*

[Read full review](https://www.g2.com/survey_responses/sonatype-repository-firewall-review-7860570)

---



### 25. [ZeroPath](https://www.g2.com/products/zeropath/reviews)
ZeroPath (YC S24) is the first AI-native application security platform that fundamentally reimagines how organizations find and fix vulnerabilities. Unlike deterministic SAST tools that bolt AI onto legacy rule engines, ZeroPath was built from the ground up to combine large language models with advanced program analysis (AST, data flow, taint tracking) by Ex-Tesla Red Team and Google Security engineers. ZeroPath&#39;s core differentiation is detecting critical vulnerabilities that pattern-matching SAST fundamentally cannot find. It catches IDORs, authorization bypasses, race conditions, and authentication bugs by reasoning about application behavior and developer intent. This capability achieved a 92% alert reduction when triaging findings from legacy tools. ZeroPath is best suited for enterprises and startups that want a complete appsec experience with: AI-powered SAST across 16+ languages, SCA with exploitability analysis (90% noise reduction by determining if dependency CVEs are actually reachable in your code), secrets detection with validation, IaC scanning for Terraform/CloudFormation/Kubernetes, and natural language security policies. Context-aware autopatch generation fixes 70% of vulnerabilities automatically with framework-specific patches that match your coding standards. To keep the developer experience seamless, ZeroPath integrates into existing workflows with zero configuration. It provides Sub-60-second PR scans on GitHub, GitLab, Bitbucket, and Azure DevOps to provide instant security feedback without blocking development. Developers receive clear explanations, one-click fixes, and can refine patches using natural language commands directly in PR comments. The platform automatically attributes vulnerabilities to responsible developers and syncs bidirectionally with Jira, Linear, and more. Overall, less noise, along with the breadth of integrations, has already made security teams faster in triaging and finding real vulnerabilities. Having been security engineers ourselves, we also understand how important visibility is for the evaluations. ZeroPath users get executive dashboards with real-time MTTR tracking, automated compliance reporting for SOC2 and ISO27001, and risk-based prioritization using CVSS 4.0 scoring. The platform provides complete visibility across organizational repositories, including security models, authentication patterns, and filtering logic, without manual configuration. Our research team dogfeeds our own technology and has discovered CVE-2025-61928 (critical account takeover in better-auth with 300k+ weekly downloads), identified 170+ verified bugs in curl, found 7 vulnerabilities in django-allauth enabling account impersonation, and discovered 0-days in production systems at Netflix, Hulu, and Salesforce. Currently trusted by 750+ companies running 200k+ scans monthly, ZeroPath delivers what security-conscious engineering teams need: more real vulnerabilities, dramatically less noise, and automated fixes that actually work.


**Average Rating:** 4.5/5.0
**Total Reviews:** 11

**Who Is the Company Behind ZeroPath?**

- **Seller:** [ZeroPath](https://www.g2.com/sellers/zeropath)
- **Company Website:** https://zeropath.com
- **Year Founded:** 2024
- **HQ Location:** San Francisco, US
- **LinkedIn® Page:** https://www.linkedin.com/company/zeropathai/ (12 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 36% Small-Business, 27% Mid-Market


#### What Are ZeroPath's Pros and Cons?

**Pros:**

- Accuracy (6 reviews)
- Accuracy of Findings (6 reviews)
- Security (6 reviews)
- Vulnerability Detection (5 reviews)
- Vulnerability Identification (4 reviews)

**Cons:**

- Bug Issues (2 reviews)
- Bugs (2 reviews)
- Software Bugs (2 reviews)
- Cost Issues (1 reviews)
- Dashboard Issues (1 reviews)


### What Do G2 Reviewers Say About ZeroPath?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend ZeroPath for its **high accuracy** , consistently surfacing relevant issues with minimal false alarms.
- Users commend the **accuracy of findings** with ZeroPath, effectively identifying real security issues and minimizing false positives.
- Users value the **high accuracy and low false positive rate** of ZeroPath, effectively identifying real security issues.
- Users find **vulnerability detection** of ZeroPath to be accurate, effectively surfacing genuine security issues with low false positives.
- Users praise the **effective vulnerability identification** of ZeroPath, noting its accuracy and low false positive rate.

**Cons:**

- Users note **bug issues** in ZeroPath, but appreciate the team&#39;s quick response to resolve them.
- Users report encountering **small bugs** in ZeroPath, though the team addresses them promptly.
- Users experience **software bugs** with ZeroPath, although the team is quick to resolve them.
- Users find the **pricing to be unreasonable** for their organization&#39;s current budget and needs.
- Users report encountering **dashboard issues** due to bugs, though the support team is responsive in addressing them.

#### What Are Recent G2 Reviews of ZeroPath?

**"[ZeroPath: ease of use and results superior to the competition](https://www.g2.com/survey_responses/zeropath-review-12308821)"**

**Rating:** 4.0/5.0 stars
*— Maxime J.*

[Read full review](https://www.g2.com/survey_responses/zeropath-review-12308821)

---

**"[Accurate Source-to-Sink Analysis with Surprisingly Reliable Auto-Patches](https://www.g2.com/survey_responses/zeropath-review-12564698)"**

**Rating:** 5.0/5.0 stars
*— Rohit J.*

[Read full review](https://www.g2.com/survey_responses/zeropath-review-12564698)

---




## What Is Software Supply Chain Security Solutions?

[Development Software](https://www.g2.com/categories/development)

## What Software Categories Are Similar to Software Supply Chain Security Solutions?

- [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast)
- [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)
- [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom)



