# Best Software Composition Analysis Tools

*By [Adam Crivello](https://research.g2.com/insights/author/adam-crivello)*


Software composition analysis (SCA) tools enables users to analyze and manage the open-source elements of their applications. Companies and developers use SCA tools to verify licensing and assess vulnerabilities associated with each of their applications’ open-source components. More robust than [vulnerability scanner software](https://www.g2.com/categories/vulnerability-scanner), SCA tools automatically scan all open-source components to check for policy and license compliance, security risks, and version updates. SCA software also provides insights for remedying identified vulnerabilities, usually within the reports generated after a scan.

Companies and developers often use SCA tools in conjunction with [static code analysis software](https://www.g2.com/categories/static-code-analysis), which scans the code behind their applications as opposed to the open-source components.

To qualify for inclusion within the Software Composition Analysis (SCA) category, a product must:

- Automatically track and analyze an application’s open source-components
- Identify component vulnerabilities, licensing and compliance issues, and version updates
- Provide insight into vulnerability remediation





## Top Software Composition Analysis Tools at a Glance
| # | Product | Rating | Best For | What Users Say |
|---|---------|--------|----------|----------------|
| 1 | [Wiz](https://www.g2.com/products/wiz-wiz/reviews) | 4.7/5.0 (816 reviews) | Agentless code-to-cloud SCA with contextual risk prioritization | "[Wiz Delivers Clear Visibility Into Cloud Risks That Truly Matter](https://www.g2.com/survey_responses/wiz-review-12960477)" |
| 2 | [GitHub](https://www.g2.com/products/github/reviews) | 4.7/5.0 (2,306 reviews) | Dependency vulnerability tracking with CI/CD-integrated code review | "[Effortless Version Control and Collaboration with Fast, Reliable Workflows](https://www.g2.com/survey_responses/github-review-12814767)" |
| 3 | [Aikido Security](https://www.g2.com/products/aikido-security/reviews) | 4.6/5.0 (145 reviews) | Reachability-filtered dependency scanning with low-noise triage | "[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)" |
| 4 | [Snyk](https://www.g2.com/products/snyk/reviews) | 4.5/5.0 (134 reviews) | Developer-native SCA with IDE-embedded remediation | "[Seamless Dev-First Security with Fast Scans and Actionable Fixes](https://www.g2.com/survey_responses/snyk-review-12676270)" |
| 5 | [GitLab](https://www.g2.com/products/gitlab/reviews) | 4.5/5.0 (881 reviews) | Pipeline-embedded dependency and vulnerability scanning | "[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)" |
| 6 | [Semgrep](https://www.g2.com/products/semgrep/reviews) | 4.6/5.0 (55 reviews) | Reachability-filtered SCA inside CI/CD pipelines | "[Powerful Rule Engine and Autofix, but Governance at Scale Needs Work](https://www.g2.com/survey_responses/semgrep-review-11893445)" |
| 7 | [Cortex Cloud](https://www.g2.com/products/cortex-cloud/reviews) | 4.1/5.0 (115 reviews) | Multi-cloud vulnerability detection with automated remediation | "[Cortex Cloud Ends Tool Sprawl with a True Single Pane of Glass](https://www.g2.com/survey_responses/cortex-cloud-review-12972861)" |
| 8 | [OX Security](https://www.g2.com/products/ox-security/reviews) | 4.8/5.0 (51 reviews) | Consolidated open-source risk with SDLC-wide prioritization | "[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)" |
| 9 | [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews) | 4.2/5.0 (135 reviews) | Artifact-native SCA with supply chain traceability | "[JFrog Simplifies Artifact Management for Organized, Reliable Deployments](https://www.g2.com/survey_responses/jfrog-review-12870354)" |
| 10 | [CAST Highlight](https://www.g2.com/products/cast-highlight/reviews) | 4.5/5.0 (86 reviews) | Rapid OSS risk and cloud-readiness portfolio scanning | "[Efficient Analysis &amp; Confident Modernization](https://www.g2.com/survey_responses/cast-highlight-review-12250186)" |


## How Many Software Composition Analysis Tools Products Does G2 Track?
**Total Products under this Category:** 75

### Category Stats (Jul 2026)
- **Average Rating**: 4.48/5 (↓0.01 vs Jun 2026) The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Black Duck (+1.16%) - Among all products in this category, Black Duck recorded the largest rating increase compared to last month
*Last updated: July 02, 2026*


## How Does G2 Rank Software Composition Analysis Tools Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 6,100+ Authentic Reviews
- 75+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Software Composition Analysis Tools Is Best for Your Use Case?

- **Leader:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews)
- **Easiest to Use:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [GitLab](https://www.g2.com/products/gitlab/reviews)


---

**Sponsored**

### Aikido Security

Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=2041&amp;secure%5Bchosen_at%5D=2026-07-02T23%3A13%3A09Z&amp;secure%5Bdisplayable_resource_id%5D=2041&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=2041&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1259627&amp;secure%5Bresource_id%5D=2041&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fsoftware-composition-analysis%3Fopen_modal_url%3D%252Fproducts%252Fderscanner%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fsoftware-composition-analysis%2526source%253Dcategory&amp;secure%5Btoken%5D=619a65c8c881200ca3910992a0766043c88a1c4549f38859c240e697f5e3289f&amp;secure%5Burl%5D=https%3A%2F%2Fwww.aikido.dev%2Fcode%2Fopen-source-dependency-scanning-sca%3Futm_source%3Dg2%26utm_campaign%3Dg2-promoted-listing-sca%26utm_medium%3Dcpc&amp;secure%5Burl_type%5D=custom_url)

---

## What Are the Top-Rated Software Composition Analysis Tools Products in 2026?
### 1. [Wiz](https://www.g2.com/products/wiz-wiz/reviews)
Wiz transforms cloud security for customers – including more than 50% of the Fortune 100 – by enabling a new operating model. With Wiz, organizations can democratize security across the development lifecycle, empowering them to build fast and securely. Its Cloud Native Application Protection Platform (CNAPP) consolidates CSPM, KSPM, CWPP, Vulnerability management, IaC scanning, CIEM, DSPM into a single platform. Wiz drives visibility, risk prioritization, and business agility. Protecting Your Cloud Environments Requires a Unified, Cloud Native Platform. Wiz connects to every cloud environment, scans every layer, and covers every aspect of your cloud security - including elements that normally require installing agents. Its comprehensive approach has all of these cloud security solutions built in. Hundreds of organizations worldwide, including 50 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman &amp; Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks, Lightspeed and Aglaé. Visit https://www.wiz.io for more information.


**Average Rating:** 4.7/5.0
**Total Reviews:** 816
**How Do G2 Users Rate Wiz?**

- **Quality of Support:** 9.2/10 (Category avg: 9.0/10)
- **Language Support:** 8.8/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.2/10 (Category avg: 8.8/10)
- **Integration:** 9.3/10 (Category avg: 8.9/10)

**Who Is the Company Behind Wiz?**

- **Seller:** [Wiz](https://www.g2.com/sellers/wiz-76a0133b-42e5-454e-b5da-860e503471db)
- **Company Website:** https://www.wiz.io/
- **Year Founded:** 2020
- **HQ Location:** New York, US
- **Twitter:** @wiz_io (24,733 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/wizsecurity/ (3,383 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CISO, Security Engineer
- **Top Industries:** Financial Services, Computer Software
- **Company Size:** 54% Enterprise, 39% Mid-Market


#### What Are Wiz's Pros and Cons?

**Pros:**

- Features (110 reviews)
- Security (106 reviews)
- Ease of Use (103 reviews)
- Visibility (86 reviews)
- Easy Setup (67 reviews)

**Cons:**

- Learning Curve (34 reviews)
- Feature Limitations (33 reviews)
- Improvement Needed (33 reviews)
- Improvements Needed (28 reviews)
- Complexity (27 reviews)


### What Do G2 Reviewers Say About Wiz?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **capable APIs and user-friendly UI** , appreciating the continuous improvements and security feature expansions.
- Users value the **excellent security features** of Wiz, appreciating consistent improvements and robust support from the team.
- Users find Wiz&#39;s product suite incredibly **easy to use** , benefiting from seamless integration and a user-friendly UI.
- Users value the **visibility** provided by Wiz, enhancing security posture and risk management through clear insights.
- Users find the **easy setup** of Wiz to be quick and straightforward, enhancing their daily operational efficiency.

**Cons:**

- Users face a **learning curve** in mastering Wiz&#39;s extensive features, making initial use challenging and overwhelming.
- Users find the **feature limitations** of Wiz hinder effective management, complicating reporting and usability across projects.
- Users note the **improvement needed** in laggy query performance and lack of enhanced reporting capabilities for better project management.
- Users note the need for **improvements in dashboard reporting** to better manage multiple projects efficiently.
- Users often find the **complexity of the interface** overwhelming due to the extensive data and learning curve required.

#### What Are Recent G2 Reviews of Wiz?

**"[Wiz Delivers Clear Visibility Into Cloud Risks That Truly Matter](https://www.g2.com/survey_responses/wiz-review-12960477)"**

**Rating:** 4.5/5.0 stars
*— Jason I.*

[Read full review](https://www.g2.com/survey_responses/wiz-review-12960477)

---

**"[Excellent Cloud Risk Visibility and Fast Insights with Wiz](https://www.g2.com/survey_responses/wiz-review-12964571)"**

**Rating:** 4.5/5.0 stars
*— Ruben F.*

[Read full review](https://www.g2.com/survey_responses/wiz-review-12964571)

---



### 2. [GitHub](https://www.g2.com/products/github/reviews)
GitHub is where the world builds software. Millions of individuals, organizations and businesses around the world use GitHub to discover, share, and contribute software. Developers at startups to Fortune 50 companies use GitHub, every step of the way.


**Average Rating:** 4.7/5.0
**Total Reviews:** 2,306
**How Do G2 Users Rate GitHub?**

- **Quality of Support:** 8.7/10 (Category avg: 9.0/10)
- **Language Support:** 8.8/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10)
- **Integration:** 9.0/10 (Category avg: 8.9/10)

**Who Is the Company Behind GitHub?**

- **Seller:** [GitHub](https://www.g2.com/sellers/github)
- **Year Founded:** 2008
- **HQ Location:** San Francisco, CA
- **Twitter:** @github (2,673,925 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1418841/ (6,106 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Senior Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 47% Small-Business, 31% Mid-Market


#### What Are GitHub's Pros and Cons?

**Pros:**

- Features (124 reviews)
- Ease of Use (102 reviews)
- Team Collaboration (102 reviews)
- Collaboration (97 reviews)
- Version Control (97 reviews)

**Cons:**

- Complexity (45 reviews)
- Learning Curve (42 reviews)
- Learning Difficulty (41 reviews)
- Difficulty for Beginners (40 reviews)
- Steep Learning Curve (34 reviews)


### What Do G2 Reviewers Say About GitHub?
*AI-generated summary from verified user reviews*

**Pros:**

- Users praise GitHub for its **seamless collaboration and robust version control** , essential for effective code management.
- Users appreciate the **ease of use** of GitHub, making collaboration and code tracking seamless and efficient.
- Users value **seamless team collaboration** with GitHub, enhancing project transparency and code sharing across teams.
- Users appreciate the **seamless collaboration** offered by GitHub, enhancing project transparency and workflow management effortlessly.
- Users value the **seamless version control** in GitHub, enhancing collaboration and simplifying code tracking for projects.

**Cons:**

- Users find the **complexity of advanced features** challenging, particularly for new members managing large repositories.
- Users find the **learning curve steep** for GitHub, as understanding workflows and settings can be overwhelming.
- Users find the **learning difficulty** challenging, especially beginners adapting to GitHub&#39;s tools and workflows.
- Users find the **complexity of GitHub** intimidating, particularly with CI/CD workflows and permission management for beginners.
- Users find the **steep learning curve** of GitHub challenging, especially for beginners navigating complex workflows and permissions.

#### What Are Recent G2 Reviews of GitHub?

**"[GitHub Makes Team Collaboration, Automation, and Code Backup Effortless](https://www.g2.com/survey_responses/github-review-13038712)"**

**Rating:** 5.0/5.0 stars
*— Maureen  M.*

[Read full review](https://www.g2.com/survey_responses/github-review-13038712)

---

**"[Effortless Version Control and Collaboration with Fast, Reliable Workflows](https://www.g2.com/survey_responses/github-review-12814767)"**

**Rating:** 5.0/5.0 stars
*— Priyanshu J.*

[Read full review](https://www.g2.com/survey_responses/github-review-12814767)

---


#### What Are G2 Users Discussing About GitHub?

- [How is GitHub shaping the landscape of collaborative software development and version control?](https://www.g2.com/discussions/how-is-github-shaping-the-landscape-of-collaborative-software-development-and-version-control) - 4 comments
- [What is GitHub used for?](https://www.g2.com/discussions/what-is-github-used-for) - 8 comments, 4 upvotes
- [What does GitHub mean?](https://www.g2.com/discussions/what-does-github-mean) - 2 comments
- [Is GitHub a CASE tool?](https://www.g2.com/discussions/is-github-a-case-tool)
- [What can GitHub be used for?](https://www.g2.com/discussions/what-can-github-be-used-for) - 5 comments

### 3. [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.


**Average Rating:** 4.6/5.0
**Total Reviews:** 145
**How Do G2 Users Rate Aikido Security?**

- **Quality of Support:** 9.3/10 (Category avg: 9.0/10)
- **Language Support:** 9.0/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10)
- **Integration:** 9.0/10 (Category avg: 8.9/10)

**Who Is the Company Behind Aikido Security?**

- **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security)
- **Company Website:** https://aikido.dev
- **Year Founded:** 2022
- **HQ Location:** Ghent, Belgium
- **Twitter:** @AikidoSecurity (11,770 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, Founder
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 70% Small-Business, 18% Mid-Market


#### What Are Aikido Security's Pros and Cons?

**Pros:**

- Ease of Use (78 reviews)
- Security (55 reviews)
- Features (52 reviews)
- Easy Integrations (47 reviews)
- Easy Setup (47 reviews)

**Cons:**

- Missing Features (19 reviews)
- Expensive (17 reviews)
- Limited Features (16 reviews)
- Pricing Issues (15 reviews)
- Lacking Features (14 reviews)


### What Do G2 Reviewers Say About Aikido Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Aikido Security, benefiting from its clear insights and seamless integration.
- Users commend Aikido Security for its **intuitive interface** , streamlining the identification and management of security issues effectively.
- Users value Aikido Security for its **user-friendly dashboard and meaningful free tier features** that enhance security workflows.
- Users value the **easy integrations** with GitLab, enhancing day-to-day workflows and security management effortlessly.
- Users laud the **easy setup** of Aikido Security, facilitating seamless integration into existing workflows and enhancing security practices.

**Cons:**

- Users feel a need for **missing features** like code quality checks and advanced integrations for a better experience.
- Users find the **pricing overly high** , especially for startups, despite acknowledging its value.
- Users find Aikido Security&#39;s **limited features** restrict customization and reporting capabilities for complex enterprise needs.
- Users find **pricing issues** with Aikido Security, especially the high entry fees for startups and limited trial duration.
- Users find Aikido Security **lacking features** like local PR annotations and deeper analysis tools crucial for development.

#### What Are Recent G2 Reviews of Aikido Security?

**"[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)"**

**Rating:** 4.0/5.0 stars
*— Dylan E.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-12747129)

---

**"[AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos](https://www.g2.com/survey_responses/aikido-security-review-13024655)"**

**Rating:** 5.0/5.0 stars
*— Jonathon K.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13024655)

---



### 4. [Snyk](https://www.g2.com/products/snyk/reviews)
Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer security solutions enable modern applications to be built securely, empowering developers to own and build security for the whole application, from code &amp; open source to containers &amp; cloud infrastructure. Secure while you code in your IDE: find issues quickly using the scanner, fix issues easily with remediation advice, verify the updated code. Integrate your source code repositories to secure applications: integrate a repository to find issues, prioritize with context, fix &amp; merge. Secure your containers as you build, throughout the SDLC: start fixing containers as soon as your write a Dockerfile, continuously monitor container images throughout their lifecycle, and prioritize with context. Secure build and deployment pipelines: Integrate natively with your CI/CD tool, configure your rules, find &amp; fix issues in your application, and monitor your applications. Secure your apps quickly with Snyk’s vulnerability scanning and automated fixes - Try for Free!


**Average Rating:** 4.5/5.0
**Total Reviews:** 134
**How Do G2 Users Rate Snyk?**

- **Quality of Support:** 8.6/10 (Category avg: 9.0/10)
- **Language Support:** 8.1/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.7/10 (Category avg: 8.8/10)
- **Integration:** 8.8/10 (Category avg: 8.9/10)

**Who Is the Company Behind Snyk?**

- **Seller:** [Snyk](https://www.g2.com/sellers/snyk)
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @snyksec (21,057 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/10043614/ (1,370 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 44% Mid-Market, 35% Small-Business


#### What Are Snyk's Pros and Cons?

**Pros:**

- Easy Integrations (5 reviews)
- Vulnerability Detection (5 reviews)
- Ease of Use (4 reviews)
- User Interface (4 reviews)
- Vulnerability Identification (4 reviews)

**Cons:**

- Expensive (3 reviews)
- False Positives (3 reviews)
- Poor Interface Design (2 reviews)
- Pricing Issues (2 reviews)
- Scanning Issues (2 reviews)


### What Do G2 Reviewers Say About Snyk?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **easy integration** of Snyk with GitHub, streamlining vulnerability management in development workflows.
- Users appreciate Snyk for its **rapid vulnerability detection** , effectively enhancing security and efficiency in code development.
- Users find Snyk to be **highly intuitive and easy to use** , facilitating quick vulnerability identification and management.
- Users appreciate the **intuitive user interface** of Snyk, making vulnerability management straightforward and efficient.
- Users value Snyk&#39;s **extensive vulnerability identification capabilities** , allowing for swift detection and security improvements in code.

**Cons:**

- Users note that Snyk is **very expensive** , which may deter some from fully utilizing its features.
- Users report issues with **false positives** from Snyk, causing confusion and potential oversight on real vulnerabilities.
- Users find the **poor interface design** of Snyk frustrating, affecting usability and integration with other features.
- Users highlight **pricing issues** , noting high costs for full access to Snyk&#39;s extensive features, although it&#39;s a worthwhile investment.
- Users experience **false positives and slow scans** with Snyk, impacting efficiency and requiring additional tools for quality.

#### What Are Recent G2 Reviews of Snyk?

**"[Seamless DevSecOps with Smart PR Patching and Actionable Vulnerability Insights](https://www.g2.com/survey_responses/snyk-review-12669557)"**

**Rating:** 4.0/5.0 stars
*— Mainak S.*

[Read full review](https://www.g2.com/survey_responses/snyk-review-12669557)

---

**"[Seamless Dev-First Security with Fast Scans and Actionable Fixes](https://www.g2.com/survey_responses/snyk-review-12676270)"**

**Rating:** 4.5/5.0 stars
*— Prateek J.*

[Read full review](https://www.g2.com/survey_responses/snyk-review-12676270)

---


#### What Are G2 Users Discussing About Snyk?

- [What is Snyk scanning?](https://www.g2.com/discussions/what-is-snyk-scanning) - 2 comments, 2 upvotes
- [Is Snyk a SaaS?](https://www.g2.com/discussions/is-snyk-a-saas) - 2 comments
- [How good is Snyk?](https://www.g2.com/discussions/how-good-is-snyk) - 2 comments
- [What is Snyk used for?](https://www.g2.com/discussions/what-is-snyk-used-for)

### 5. [GitLab](https://www.g2.com/products/gitlab/reviews)
GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps your teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. What makes us truly different? - Flexibility: Consume as a service or manage your own deployment - Cloud-Agnostic: Deploy anywhere with no vendor lock-in - No rip and replace: Scale to a platform approach at your own pace


**Average Rating:** 4.5/5.0
**Total Reviews:** 881
**How Do G2 Users Rate GitLab?**

- **Quality of Support:** 8.5/10 (Category avg: 9.0/10)
- **Language Support:** 8.7/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10)
- **Integration:** 8.8/10 (Category avg: 8.9/10)

**Who Is the Company Behind GitLab?**

- **Seller:** [GitLab Inc.](https://www.g2.com/sellers/gitlab-inc)
- **Company Website:** https://about.gitlab.com/
- **Year Founded:** 2014
- **HQ Location:** San Francisco, California
- **Twitter:** @gitlab (171,534 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5101804/ (3,473 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Senior Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 37% Mid-Market, 36% Small-Business


#### What Are GitLab's Pros and Cons?

**Pros:**

- Ease of Use (40 reviews)
- Features (39 reviews)
- CI (33 reviews)
- Integrations (32 reviews)
- CD Integration (31 reviews)

**Cons:**

- Complexity (20 reviews)
- Difficult Learning (18 reviews)
- Confusing Interface (15 reviews)
- Complex User Interface (14 reviews)
- Learning Curve (13 reviews)


### What Do G2 Reviewers Say About GitLab?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of GitLab, enjoying its seamless CI/CD integration and efficient pipeline management.
- Users value the **single platform integration** of GitLab, streamlining workflows by combining essential DevOps tools seamlessly.
- Users praise GitLab for its **powerful and easy CI/CD integration** , enhancing automation from code to deployment.
- Users appreciate the **seamless integrations** of GitLab, enabling efficient workflows without the need for multiple tools.
- Users appreciate the **seamless CI/CD integration** in GitLab, simplifying automation and enhancing the development workflow.

**Cons:**

- Users find the **complexity of GitLab&#39;s structure and management** challenging, particularly for newcomers and in diverse environments.
- Users find the **difficult learning** curve challenging, especially for newcomers unfamiliar with the system&#39;s complexities.
- Users find the **confusing interface** of GitLab overwhelming, making it difficult to locate and utilize features effectively.
- Users find the **complex user interface** challenging to navigate, requiring significant effort to understand its functionalities.
- Users often find the **learning curve steep** , making it challenging for newcomers to adapt to GitLab&#39;s features.

#### What Are Recent G2 Reviews of GitLab?

**"[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)"**

**Rating:** 5.0/5.0 stars
*— mani s.*

[Read full review](https://www.g2.com/survey_responses/gitlab-review-12864830)

---

**"[User-Friendly Gitlab with Powerful APIs for Smooth Integrations](https://www.g2.com/survey_responses/gitlab-review-12778582)"**

**Rating:** 4.5/5.0 stars
*— Prasanth N.*

[Read full review](https://www.g2.com/survey_responses/gitlab-review-12778582)

---


#### What Are G2 Users Discussing About GitLab?

- [What is GitLab used for?](https://www.g2.com/discussions/what-is-gitlab-used-for) - 2 comments
- [Why GitLab is better than Jenkins?](https://www.g2.com/discussions/why-gitlab-is-better-than-jenkins) - 1 comment
- [Is GitLab paid?](https://www.g2.com/discussions/is-gitlab-paid) - 5 comments, 2 upvotes
- [Is GitLab free software?](https://www.g2.com/discussions/is-gitlab-free-software) - 4 comments, 1 upvote
- [What can GitLab do?](https://www.g2.com/discussions/what-can-gitlab-do) - 2 comments

### 6. [Semgrep](https://www.g2.com/products/semgrep/reviews)
Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments.


**Average Rating:** 4.6/5.0
**Total Reviews:** 55
**How Do G2 Users Rate Semgrep?**

- **Quality of Support:** 8.8/10 (Category avg: 9.0/10)
- **Language Support:** 8.4/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.3/10 (Category avg: 8.8/10)
- **Integration:** 8.2/10 (Category avg: 8.9/10)

**Who Is the Company Behind Semgrep?**

- **Seller:** [Semgrep](https://www.g2.com/sellers/semgrep)
- **Company Website:** https://semgrep.dev
- **Year Founded:** 2017
- **HQ Location:** San Francisco, US
- **Twitter:** @semgrep (4,433 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/returntocorp (262 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 45% Enterprise, 42% Mid-Market


#### What Are Semgrep's Pros and Cons?

**Pros:**

- Ease of Use (16 reviews)
- Features (14 reviews)
- Vulnerability Detection (13 reviews)
- Scanning Efficiency (12 reviews)
- Security (12 reviews)

**Cons:**

- Not User-Friendly (7 reviews)
- Limited Features (6 reviews)
- Difficult Learning (5 reviews)
- Lack of Guidance (5 reviews)
- Learning Curve (5 reviews)


### What Do G2 Reviewers Say About Semgrep?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Semgrep, enabling effortless integration and rule customization for developers.
- Users appreciate the **intuitive rule customization** and fast scanning of Semgrep, enhancing their development workflow effectively.
- Users appreciate the **effective vulnerability detection** of Semgrep, highlighted by its low false positive rates and rapid scanning.
- Users highlight the **scanning efficiency** of Semgrep, enabling quick and effective code analysis without disrupting development workflows.
- Users appreciate the **effective security vulnerability detection** capabilities of Semgrep, enabling quick fixes and enhanced code quality.

**Cons:**

- Users find Semgrep **not user-friendly** due to its steep learning curve and complex rule syntax.
- Users find Semgrep&#39;s **limited features** restrict its usability, lacking segmentation and advanced filtering options for effective management.
- Users find the **difficult learning curve** for custom rule syntax challenging, particularly for newcomers to static analysis.
- Users experience a **lack of guidance** when creating custom rules, making the learning curve quite steep.
- Users find the **learning curve steep** for Semgrep, especially for advanced rule writing and initial setup challenges.

#### What Are Recent G2 Reviews of Semgrep?

**"[Streamlined Code Security with Semgrep](https://www.g2.com/survey_responses/semgrep-review-11971635)"**

**Rating:** 5.0/5.0 stars
*— Shreekanth k.*

[Read full review](https://www.g2.com/survey_responses/semgrep-review-11971635)

---

**"[Powerful Rule Engine and Autofix, but Governance at Scale Needs Work](https://www.g2.com/survey_responses/semgrep-review-11893445)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/semgrep-review-11893445)

---



### 7. [Cortex Cloud](https://www.g2.com/products/cortex-cloud/reviews)
Cortex Cloud by Palo Alto Networks, the next version of Prisma Cloud, understands a unified security approach is essential for effectively addressing AppSec, CloudSec, and SecOps. Connecting cloud security and SOC workflows enables teams to achieve holistic visibility, trace risk across the lifecycle, and correlate real-time threat activity with development and runtime contexts. Cortex Cloud is a unified platform built on three core pillars: data integration, AI-driven intelligence, and automation. Now you can safeguard applications, data, and infrastructure across multicloud and hybrid environments with a unified data model that consolidates telemetry from code, runtime, identity, and endpoints, all into a single data source. Empower teams with precise, AI-powered insights and 2200+ machine learning models to identify and stop zero-day threats with real-time advanced threat detection and response. And automate with 1000+ prebuilt playbooks across your cloud stack to reduce manual workloads, accelerate remediations, and cut response times tenfold. Cortex Cloud delivers more than tools—it transforms how organizations secure their cloud environments.


**Average Rating:** 4.1/5.0
**Total Reviews:** 115
**How Do G2 Users Rate Cortex Cloud?**

- **Quality of Support:** 7.9/10 (Category avg: 9.0/10)
- **Language Support:** 6.7/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 7.2/10 (Category avg: 8.8/10)
- **Integration:** 9.2/10 (Category avg: 8.9/10)

**Who Is the Company Behind Cortex Cloud?**

- **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks)
- **Company Website:** https://www.paloaltonetworks.com
- **Year Founded:** 2005
- **HQ Location:** Santa Clara, CA
- **Twitter:** @PaloAltoNtwks (128,951 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (22,313 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 39% Enterprise, 31% Mid-Market


#### What Are Cortex Cloud's Pros and Cons?

**Pros:**

- Ease of Use (49 reviews)
- Features (45 reviews)
- Security (43 reviews)
- Visibility (38 reviews)
- Cloud Integration (34 reviews)

**Cons:**

- Expensive (31 reviews)
- Difficult Learning (30 reviews)
- Learning Curve (29 reviews)
- Pricing Issues (24 reviews)
- Complex Setup (21 reviews)


### What Do G2 Reviewers Say About Cortex Cloud?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Cortex Cloud&#39;s **ease of use** essential, appreciating its intuitive interface and straightforward integration.
- Users appreciate the **strong cloud security** of Cortex Cloud, quickly identifying misconfigurations and ensuring compliance effortlessly.
- Users value the **ease of managing cloud security** with Cortex Cloud, enhancing focus on critical issues efficiently.
- Users value the **clear visibility** Cortex Cloud provides into microservices and team roles, enhancing their cloud security management.
- Users appreciate the **ease of use and integration** of Cortex Cloud, making cloud security management efficient and user-friendly.

**Cons:**

- Users often find Cortex Cloud **expensive** , particularly with high licensing costs and escalating usage-based pricing.
- Users find the **difficult learning curve** of Cortex Cloud challenging, especially for beginners navigating its complex features.
- Users find the **learning curve steep** , requiring significant time and knowledge to navigate Cortex Cloud effectively.
- Users express concerns over **pricing issues** , noting that costs can escalate quickly without careful data management.
- Users find the **complex setup** of Cortex Cloud to be time-consuming and challenging, impacting initial usability.

#### What Are Recent G2 Reviews of Cortex Cloud?

**"[Cortex Cloud Unifies Cloud Security with Real-Time Protection and Smart Prioritization](https://www.g2.com/survey_responses/cortex-cloud-review-12997786)"**

**Rating:** 4.0/5.0 stars
*— Galateya M.*

[Read full review](https://www.g2.com/survey_responses/cortex-cloud-review-12997786)

---

**"[Cortex Cloud Ends Tool Sprawl with a True Single Pane of Glass](https://www.g2.com/survey_responses/cortex-cloud-review-12972861)"**

**Rating:** 4.5/5.0 stars
*— Murtuza M.*

[Read full review](https://www.g2.com/survey_responses/cortex-cloud-review-12972861)

---



### 8. [OX Security](https://www.g2.com/products/ox-security/reviews)
OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform. Unlike traditional “Shift Left” approaches that collapsed under AI’s speed, VibeSec makes software secure by default by preventing risks before they exist. Powered by the OX AI Data Lake and dynamic code-to-runtime context, OX Security delivers: Autonomous, embedded security that runs as fast as developers. Dynamic risk context that shrinks security backlogs before they spiral. Continuous alignment across code, cloud, APIs, and runtime. With OX, developers focus on building while security runs itself, giving enterprises complete confidence that every release ships secure. OX Security -Vendor desc (request to update): OX Security is the company behind VibeSec, an AI-native autonomous security platform built for the AI development era. Unlike traditional tools that chase vulnerabilities after code is written, VibeSec embeds dynamic security context directly into AI coding environments like Cursor and Copilot. The result: every line of code is secure by default. For the first time, security moves at the speed of AI-driven development, preventing vulnerabilities before they exist, shrinking backlogs with every commit, and making security a seamless part of the development flow.


**Average Rating:** 4.8/5.0
**Total Reviews:** 51
**How Do G2 Users Rate OX Security?**

- **Quality of Support:** 9.6/10 (Category avg: 9.0/10)
- **Language Support:** 8.7/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.8/10 (Category avg: 8.8/10)
- **Integration:** 9.4/10 (Category avg: 8.9/10)

**Who Is the Company Behind OX Security?**

- **Seller:** [OX Security](https://www.g2.com/sellers/ox-security)
- **Year Founded:** 2021
- **HQ Location:** New York, USA
- **LinkedIn® Page:** https://www.linkedin.com/company/ox-security/ (199 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Engineer
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 63% Mid-Market, 25% Enterprise


#### What Are OX Security's Pros and Cons?

**Pros:**

- Features (8 reviews)
- Collaboration (6 reviews)
- Customer Support (6 reviews)
- Easy Integrations (6 reviews)
- Speed (6 reviews)

**Cons:**

- Complexity (5 reviews)
- Overwhelming Interface (4 reviews)
- Complex Setup (3 reviews)
- Dashboard Issues (3 reviews)
- Difficult Learning (3 reviews)


### What Do G2 Reviewers Say About OX Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **comprehensive security testing** OX Security offers, streamlining issue management and enhancing team focus.
- Users value the **seamless collaboration** offered by OX Security, enhancing integration and communication within development workflows.
- Users commend the **responsive customer support** of OX Security, facilitating seamless integration and effective issue resolution.
- Users value the **seamless integrations** with tools, enhancing workflows and boosting overall security without delays.
- Users commend OX Security for its **speed in vulnerability remediation** , enabling faster triage and efficient management of security issues.

**Cons:**

- Users find OX Security&#39;s **complexity overwhelming** , especially due to inadequate documentation and a steep learning curve.
- Users find the **overwhelming interface** of OX Security challenging, especially with inadequate documentation and tiny text sizes.
- Users find the **complex setup** challenging, especially due to lacking documentation and overwhelming UI for new users.
- Users find the **dashboard issues** hinder effective reporting and can be overwhelming during the initial implementation phase.
- Users find the **difficult learning** curve challenging due to OX Security&#39;s overwhelming interface and lack of documentation.

#### What Are Recent G2 Reviews of OX Security?

**"[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Gambling &amp; Casinos*

[Read full review](https://www.g2.com/survey_responses/ox-security-review-10961361)

---

**"[A Transformative Game-Changer in Application Security Posture Management](https://www.g2.com/survey_responses/ox-security-review-10618682)"**

**Rating:** 5.0/5.0 stars
*— Dudi E.*

[Read full review](https://www.g2.com/survey_responses/ox-security-review-10618682)

---



### 9. [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews)
JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps, DevGovOps and MLOps platform, is on a mission to create a world of software delivered without friction from development to production. Driven by a “Liquid Software” vision to keep software continuously flowing, secure, and always up to date, the JFrog Platform serves as the definitive software supply chain system of record. It is uniquely engineered to power organizations as they build, manage, and distribute trusted software with unprecedented speed, security, and scale across hybrid and multi-cloud environments. As software engineering evolves in the AI era, JFrog’s newest offerings address the industry&#39;s most pressing trend: the rise of agentic software development and the hidden security risks of &quot;Shadow AI.&quot; In response to threat actors increasingly targeting developer workflows including a massive surge in malicious open-source AI models and infected packages; JFrog has expanded its platform capabilities to deliver absolute end-to-end visibility and automated compliance. Key new innovations include the JFrog AI Catalog, which enables organizations to centralize, govern, and control the lifecycle of AI models approved for enterprise use. To secure autonomous coding environments, JFrog introduced the Universal MCP Registry and the Agent Skills Registry (developed alongside NVIDIA). These new solutions establish the industry’s first enterprise-grade trust layer to safely manage and store AI agent skills, monitor connections, and instantly block unsafe developer tools or malicious coding extensions right where developers work. Furthermore, the integration of advanced DevGovOps and Runtime Security tools allows teams to replace slow, manual compliance audits with continuous, background policy enforcement. By shifting security left directly into the binary pipeline, JFrog ensures that the volume of AI-assisted code does not outpace an organization&#39;s ability to verify its safety. Today, millions of users and approximately 6,600 organizations worldwide, including a majority of the Fortune 100, depend on the universal JFrog Platform to eliminate point-solution fatigue, bridge the governance gap, and securely embrace digital transformation. Learn more at www.jfrog.com or follow us on X @JFrog.


**Average Rating:** 4.2/5.0
**Total Reviews:** 135
**How Do G2 Users Rate JFrog?**

- **Quality of Support:** 8.3/10 (Category avg: 9.0/10)
- **Language Support:** 8.7/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.4/10 (Category avg: 8.8/10)
- **Integration:** 8.3/10 (Category avg: 8.9/10)

**Who Is the Company Behind JFrog?**

- **Seller:** [JFrog Ltd](https://www.g2.com/sellers/jfrog-ltd)
- **Company Website:** https://jfrog.com
- **Year Founded:** 2008
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @jfrog (23,186 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jfrog-ltd/ (2,364 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 51% Enterprise, 31% Mid-Market


#### What Are JFrog's Pros and Cons?

**Pros:**

- Features (18 reviews)
- Repository Management (14 reviews)
- Deployment (13 reviews)
- Integrations (12 reviews)
- Easy Integrations (11 reviews)

**Cons:**

- Complexity (9 reviews)
- Expensive (8 reviews)
- Learning Curve (8 reviews)
- Difficult Learning (7 reviews)
- Learning Difficulty (7 reviews)


### What Do G2 Reviewers Say About JFrog?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **unified support for diverse package formats** in JFrog, enhancing their DevOps workflows significantly.
- Users value the **centralized management of artifacts** in JFrog, enhancing security and efficiency in DevOps workflows.
- Users value the **seamless deployment integration** of JFrog, streamlining CI/CD pipelines and enhancing security across projects.
- Users value the **seamless integrations** of JFrog with various tools, enhancing their CI/CD pipeline efficiency and security.
- Users love the **easy integrations** with various tools, enhancing their CI/CD workflow and artifact management.

**Cons:**

- Users find the **complexity** of the JFrog platform overwhelming, often requiring extensive training to navigate its functionalities.
- Users feel the **cost of JFrog** can be prohibitive for smaller teams, making adoption challenging and less accessible.
- Users face a **steep learning curve** and significant setup time, making initial adoption challenging for smaller teams.
- Users find the **difficult learning curve** of JFrog challenging, necessitating extensive training to harness its full capabilities.
- Users find the **learning difficulty** of JFrog challenging, as it requires substantial time and effort to master.

#### What Are Recent G2 Reviews of JFrog?

**"[Efficient, Scalable Artifact Management That Streamlines the Software Delivery Lifecycle](https://www.g2.com/survey_responses/jfrog-review-12788318)"**

**Rating:** 4.0/5.0 stars
*— Arkajit D.*

[Read full review](https://www.g2.com/survey_responses/jfrog-review-12788318)

---

**"[JFrog Simplifies Artifact Management for Organized, Reliable Deployments](https://www.g2.com/survey_responses/jfrog-review-12870354)"**

**Rating:** 4.5/5.0 stars
*— Subhashree S.*

[Read full review](https://www.g2.com/survey_responses/jfrog-review-12870354)

---


#### What Are G2 Users Discussing About JFrog?

- [What are the benefits and challenges of using JFrog for managing your software supply chain?](https://www.g2.com/discussions/what-are-the-benefits-and-challenges-of-using-jfrog-for-managing-your-software-supply-chain)
- [What does Jfrog Platform do?](https://www.g2.com/discussions/what-does-jfrog-platform-do)
- [What is difference between JFrog and Nexus?](https://www.g2.com/discussions/what-is-difference-between-jfrog-and-nexus)
- [What is Artifactory software used for?](https://www.g2.com/discussions/what-is-artifactory-software-used-for)

### 10. [CAST Highlight](https://www.g2.com/products/cast-highlight/reviews)
Portfolio-level insights for app modernization, AI readiness, tech debt, OSS risks CAST Highlight is a SaaS software intelligence technology that delivers rapid, fact-based insights across your entire application portfolio. By automatically analyzing the source code of hundreds or thousands of applications, CAST Highlight helps organizations assess cloud maturity, AI &amp; Agentic readiness, software health, open source risk, resiliency, technical debt, and sustainability from a single lightweight scan. CAST Highlight is designed for CIOs, CTOs, enterprise architects, cloud leaders, application owners, security teams, and modernization teams that need a fact-based way to prioritize modernization, cloud, and AI adoption decisions at scale. It helps teams identify which applications are ready to move quickly, which require remediation, and where hidden software risks may affect transformation cost, timelines, security, resilience, or business outcomes. Unlike traditional manual or survey-based assessments, CAST Highlight analyzes application source code directly to rapidly segment portfolios, prioritize modernization paths, and uncover risks before they impact transformation programs. Organizations use CAST Highlight to: - Accelerate cloud migration and modernization planning - Segment applications by cloud maturity and transformation path - Identify high-value AI adoption opportunities - Assess Agentic Readiness across application portfolios - Prioritize technical debt, resiliency, and maintainability improvements - Assess open source vulnerabilities and IP / license exposure - Evaluate software sustainability with Green Impact insights - Reduce complexity, cost, and risk across transformation programs Businesses move faster using CAST to understand, improve, and transform their software. Through semantic analysis of source code, CAST generates dashboards and 3D maps for executives, technologists, and AI to navigate inside individual applications and across entire portfolios. This intelligence enables companies to steer, speed, and report on initiatives such as technical debt, modernization, and cloud. As the pioneer of the software intelligence field, CAST is trusted by the world’s leading companies and governments, their consultancies and cloud providers. See it all at castsoftware.com.


**Average Rating:** 4.5/5.0
**Total Reviews:** 86
**How Do G2 Users Rate CAST Highlight?**

- **Quality of Support:** 9.1/10 (Category avg: 9.0/10)
- **Language Support:** 8.5/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.5/10 (Category avg: 8.8/10)
- **Integration:** 8.5/10 (Category avg: 8.9/10)

**Who Is the Company Behind CAST Highlight?**

- **Seller:** [CAST](https://www.g2.com/sellers/cast)
- **Company Website:** https://www.castsoftware.com
- **Year Founded:** 1990
- **HQ Location:** New York
- **Twitter:** @SW_Intelligence (1,887 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cast/ (1,264 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 57% Enterprise, 24% Small-Business


#### What Are CAST Highlight's Pros and Cons?

**Pros:**

- Ease of Use (8 reviews)
- Easy Setup (4 reviews)
- Cloud Services (3 reviews)
- Efficiency (3 reviews)
- Real-time Monitoring (3 reviews)

**Cons:**

- Complex Navigation (1 reviews)
- Dashboard Issues (1 reviews)
- Delayed Detection (1 reviews)
- Difficulty (1 reviews)
- Expensive (1 reviews)


### What Do G2 Reviewers Say About CAST Highlight?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of CAST Highlight, finding it simple for efficient application analysis and insights.
- Users appreciate the **easy setup** of CAST Highlight, enabling quick onboarding and efficient portfolio analysis with minimal effort.
- Users value the **insightful assessments of cloud compatibility** from CAST Highlight, enhancing decision-making for software migration.
- Users find CAST Highlight invaluable for its **efficient analysis** of applications, enhancing modernization strategies with quick insights.
- Users value the **real-time monitoring** of CAST Highlight for its swift, actionable insights and ease of use.

**Cons:**

- Users find the **complex navigation** of CAST Highlight challenging, hindering their overall experience and efficiency.
- Users find that the **dashboard issues** can hinder customization and clarity, particularly affecting new teams&#39; experience.
- Users find the **delayed detection** can hinder deep technical analysis, impacting effective metric interpretation and usage.
- Users find that CAST Highlight can be **difficult to configure and interpret** , particularly for teams unfamiliar with the platform.
- Users feel the **high price** restricts CAST Highlight&#39;s usability, limiting its accessibility for larger companies.

#### What Are Recent G2 Reviews of CAST Highlight?

**"[Portfolio Insights in One Place with CAST Highlight](https://www.g2.com/survey_responses/cast-highlight-review-12977472)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Government Administration*

[Read full review](https://www.g2.com/survey_responses/cast-highlight-review-12977472)

---

**"[Efficient Analysis &amp; Confident Modernization](https://www.g2.com/survey_responses/cast-highlight-review-12250186)"**

**Rating:** 4.5/5.0 stars
*— Neha C.*

[Read full review](https://www.g2.com/survey_responses/cast-highlight-review-12250186)

---


#### What Are G2 Users Discussing About CAST Highlight?

- [What is cast imaging?](https://www.g2.com/discussions/what-is-cast-imaging) - 1 comment
- [How does a cast tool work?](https://www.g2.com/discussions/how-does-a-cast-tool-work)
- [What is CAST software tool?](https://www.g2.com/discussions/what-is-cast-software-tool) - 1 comment
- [What does cast highlight do?](https://www.g2.com/discussions/what-does-cast-highlight-do) - 1 comment

### 11. [Socket](https://www.g2.com/products/socket-socket/reviews)
Socket is the leading developer-first security platform that protects modern applications from malicious and vulnerable open source dependencies. By combining real-time package monitoring with AI-powered code analysis, Socket detects and blocks supply chain attacks within minutes of publication. With advanced reachability analysis, automated remediation, and license compliance features, Socket enables teams to focus on building software, while we keep their open source code secure.


**Average Rating:** 4.7/5.0
**Total Reviews:** 10
**How Do G2 Users Rate Socket?**

- **Quality of Support:** 9.0/10 (Category avg: 9.0/10)
- **Language Support:** 8.9/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.3/10 (Category avg: 8.8/10)
- **Integration:** 8.3/10 (Category avg: 8.9/10)

**Who Is the Company Behind Socket?**

- **Seller:** [Socket](https://www.g2.com/sellers/socket)
- **Year Founded:** 2020
- **HQ Location:** San Francisco, US
- **Twitter:** @SocketSecurity (21,558 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/socketinc/ (91 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 40% Mid-Market, 30% Enterprise


#### What Are Socket's Pros and Cons?

**Pros:**

- Security (3 reviews)
- Open Source (2 reviews)
- Accuracy of Findings (1 reviews)
- Alerts (1 reviews)
- Comprehensive Security (1 reviews)

**Cons:**

- Missing Features (1 reviews)
- System Slowness (1 reviews)


### What Do G2 Reviewers Say About Socket?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **robust security features** of Socket, ensuring protection against supply chain attacks and integration with risk programs.
- Users appreciate Socket&#39;s **effective open source security analysis** , making package evaluations accurate and time-efficient.
- Users commend the **accuracy of findings** from Socket&#39;s analysis, enhancing efficiency in reviewing open source packages.
- Users value the **proactive alerts** from Socket, ensuring strong monitoring against supply chain attacks and responsive support.
- Users value the **comprehensive security** of Socket, enhancing decision-making and risk management in software supply chains.

**Cons:**

- Users feel the need for **missing features** in Socket, desiring broader coverage to consolidate tools effectively.
- Users experience **system slowness** with Socket, noting that the UI takes considerable time to load.

#### What Are Recent G2 Reviews of Socket?

**"[Unique Approach to Supply Chain Security Problem and Does It Really Well](https://www.g2.com/survey_responses/socket-review-12052484)"**

**Rating:** 5.0/5.0 stars
*— Sindhoor H.*

[Read full review](https://www.g2.com/survey_responses/socket-review-12052484)

---

**"[Essential Tool for Application Security with Stellar MCP Feature](https://www.g2.com/survey_responses/socket-review-12686360)"**

**Rating:** 5.0/5.0 stars
*— Shreejal M.*

[Read full review](https://www.g2.com/survey_responses/socket-review-12686360)

---



### 12. [Black Duck](https://www.g2.com/products/black-duck/reviews)
Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com


**Average Rating:** 4.1/5.0
**Total Reviews:** 30
**How Do G2 Users Rate Black Duck?**

- **Quality of Support:** 7.9/10 (Category avg: 9.0/10)
- **Language Support:** 9.2/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.3/10 (Category avg: 8.8/10)
- **Integration:** 8.0/10 (Category avg: 8.9/10)

**Who Is the Company Behind Black Duck?**

- **Seller:** [Synopsys](https://www.g2.com/sellers/synopsys-53e76f66-bf39-4c28-b0f2-97178ec8ddfd)
- **Year Founded:** 1986
- **HQ Location:** Mountain View, CA
- **Twitter:** @synopsys (24,435 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2457/ (27,920 employees on LinkedIn®)
- **Ownership:** NASDAQ:SNPS

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 45% Enterprise, 35% Mid-Market


#### What Are Black Duck's Pros and Cons?

**Pros:**

- Accuracy of Findings (1 reviews)
- Open Source (1 reviews)

**Cons:**

- Resource Constraints (1 reviews)


### What Do G2 Reviewers Say About Black Duck?
*AI-generated summary from verified user reviews*

**Pros:**

- Users praise Black Duck for its **powerful accuracy in identifying open source issues** through its extensive knowledge base.
- Users value the **powerful identification of Open Source issues** by Black Duck, benefiting from its extensive knowledge base.

**Cons:**

- Users find that Black Duck requires **huge resources to deploy on-prem** , which can strain organizational capabilities.

#### What Are Recent G2 Reviews of Black Duck?

**"[Comprehensive Visibility into Open-Source Dependencies and Security Risks](https://www.g2.com/survey_responses/black-duck-review-13033411)"**

**Rating:** 5.0/5.0 stars
*— Md Sarfaraz H.*

[Read full review](https://www.g2.com/survey_responses/black-duck-review-13033411)

---

**"[Powerful Open-Source Risk Management, Needs Easier Setup](https://www.g2.com/survey_responses/black-duck-review-12832669)"**

**Rating:** 4.5/5.0 stars
*— VIVEK S.*

[Read full review](https://www.g2.com/survey_responses/black-duck-review-12832669)

---


#### What Are G2 Users Discussing About Black Duck?

- [What languages does Black Duck support?](https://www.g2.com/discussions/what-languages-does-black-duck-support)
- [What is software composition analysis?](https://www.g2.com/discussions/what-is-software-composition-analysis)
- [What is Black Duck analysis?](https://www.g2.com/discussions/what-is-black-duck-analysis)
- [What is the use of Black Duck software?](https://www.g2.com/discussions/what-is-the-use-of-black-duck-software)

### 13. [SOOS](https://www.g2.com/products/soos/reviews)
SOOS is the complete application security posture management platform. Scan your software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate and manage Software Bill of Materials (SBOM), and fill out your compliance worksheets across all your teams. SOOS’s ASPM is a dynamic, comprehensive approach to safeguarding your application infrastructure from vulnerabilities across the Software Development Life Cycle (SDLC) and live deployments. Easy to integrate, all in one dashboard. SCA - Deep tree vulnerability scanning, license compliance, governance DAST - Automated Web &amp; API vulnerability scanning Containers - Scan contents for vulnerabilities SAST - Analyze code for security vulnerabilities IaC - Cloud security coverage SBOMs - Create – monitor – manage


**Average Rating:** 4.6/5.0
**Total Reviews:** 42
**How Do G2 Users Rate SOOS?**

- **Quality of Support:** 9.3/10 (Category avg: 9.0/10)
- **Language Support:** 9.5/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.4/10 (Category avg: 8.8/10)
- **Integration:** 9.5/10 (Category avg: 8.9/10)

**Who Is the Company Behind SOOS?**

- **Seller:** [SOOS](https://www.g2.com/sellers/soos)
- **Year Founded:** 2019
- **HQ Location:** Winooski, US
- **Twitter:** @soostech (44 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/53122310 (25 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 50% Mid-Market, 43% Small-Business


#### What Are SOOS's Pros and Cons?

**Pros:**

- Ease of Use (9 reviews)
- Customer Support (5 reviews)
- Easy Integrations (5 reviews)
- Integrations (5 reviews)
- Easy Setup (4 reviews)

**Cons:**

- Lack of Guidance (3 reviews)
- Poor Reporting (3 reviews)
- Dashboard Issues (2 reviews)
- Inadequate Reporting (2 reviews)
- Lacking Features (2 reviews)


### What Do G2 Reviewers Say About SOOS?
*AI-generated summary from verified user reviews*

**Pros:**

- Users rave about the **ease of use** of SOOS, highlighting effortless setup and excellent support throughout the process.
- Users commend the **awesome customer support** of SOOS, making onboarding and setup a seamless experience.
- Users appreciate the **easy integrations** of SOOS, seamlessly enhancing their development workflow and visibility into vulnerabilities.
- Users appreciate the **seamless integrations** of SOOS, enhancing workflow and providing clear visibility into vulnerabilities.
- Users celebrate the **easy setup** of SOOS, finding it intuitive and supported by helpful examples and team engagement.

**Cons:**

- Users report a **lack of guidance** on vulnerabilities and best practices, complicating the onboarding and remediation process.
- Users note the need for **better reporting options** in SOOS to effectively analyze vulnerabilities and recommendations.
- Users face **dashboard issues** due to limited reporting options and inconvenient sign-in and scanning processes.
- Users find the **reporting inadequate** , seeking improved customization and filtering capabilities for better analysis and sharing.
- Users find the **lack of features** in SOOS limits analysis and makes the platform unintuitive for new users.

#### What Are Recent G2 Reviews of SOOS?

**"[Awesome tool for detecting vulnerabilities within project dependecies](https://www.g2.com/survey_responses/soos-review-7753830)"**

**Rating:** 4.5/5.0 stars
*— Nayan C.*

[Read full review](https://www.g2.com/survey_responses/soos-review-7753830)

---

**"[Reliable continuous security assessment for our pipelines](https://www.g2.com/survey_responses/soos-review-7744758)"**

**Rating:** 4.0/5.0 stars
*— Brallan G.*

[Read full review](https://www.g2.com/survey_responses/soos-review-7744758)

---



### 14. [SonarQube](https://www.g2.com/products/sonarqube/reviews)
Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.


**Average Rating:** 4.4/5.0
**Total Reviews:** 147
**How Do G2 Users Rate SonarQube?**

- **Quality of Support:** 8.2/10 (Category avg: 9.0/10)

**Who Is the Company Behind SonarQube?**

- **Seller:** [SonarSource Sàrl](https://www.g2.com/sellers/sonarsource-sarl)
- **Company Website:** https://www.sonarsource.com
- **Year Founded:** 2008
- **HQ Location:** Geneva, Switzerland
- **Twitter:** @SonarSource (10,913 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/sonarsource/ (929 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 44% Enterprise, 39% Mid-Market


#### What Are SonarQube's Pros and Cons?

**Pros:**

- Code Quality (24 reviews)
- Features (20 reviews)
- Issue Identification (19 reviews)
- Ease of Use (18 reviews)
- Easy Integrations (18 reviews)

**Cons:**

- Software Bugs (12 reviews)
- Complex Configuration (10 reviews)
- False Positives (10 reviews)
- Complexity (8 reviews)
- Complex Setup (8 reviews)


### What Do G2 Reviewers Say About SonarQube?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **rapid identification of code quality and security issues** with SonarQube, simplifying code maintenance and reliability.
- Users value the **quick code quality and security issue detection** of SonarQube, enhancing maintainability and reliability over time.
- Users value SonarQube for its **efficient issue identification** , improving code quality and maintainability effortlessly.
- Users appreciate the **ease of use** of SonarQube, allowing seamless integration and daily applications without hassle.
- Users appreciate the **easy integrations** of SonarCloud, enhancing their development workflows seamlessly.

**Cons:**

- Users face challenges with **software bugs** in SonarQube, leading to issues slipping into production unexpectedly.
- Users find the **complex configuration** of SonarQube challenging, often requiring extensive tuning and setup time.
- Users often face **false positives** , complicating the effectiveness of SonarQube in real-world and legacy code projects.
- Users find SonarQube&#39;s **complexity** challenging, particularly during configuration and excessive warning management.
- Users find the **complex setup** of SonarQube time-consuming and challenging, especially for legacy projects and specific environments.

#### What Are Recent G2 Reviews of SonarQube?

**"[SonarQube improves the code quality](https://www.g2.com/survey_responses/sonarqube-review-12997941)"**

**Rating:** 4.0/5.0 stars
*— Gaurav V.*

[Read full review](https://www.g2.com/survey_responses/sonarqube-review-12997941)

---

**"[SonarQube: Easy Integration, Simple UI, and Solid Free Code Quality Scanning](https://www.g2.com/survey_responses/sonarqube-review-12975264)"**

**Rating:** 4.5/5.0 stars
*— Divyarajsinh  C.*

[Read full review](https://www.g2.com/survey_responses/sonarqube-review-12975264)

---


#### What Are G2 Users Discussing About SonarQube?

- [What is SonarLint used for?](https://www.g2.com/discussions/what-is-sonarlint-used-for)
- [What is SonarQube and how does it work?](https://www.g2.com/discussions/what-is-sonarqube-and-how-does-it-work) - 1 upvote
- [What is the benefit of SonarQube?](https://www.g2.com/discussions/what-is-the-benefit-of-sonarqube)
- [What are the main components of SonarQube platform?](https://www.g2.com/discussions/what-are-the-main-components-of-sonarqube-platform)
- [What is SonarQube and its features?](https://www.g2.com/discussions/what-is-sonarqube-and-its-features)

### 15. [Mend.io](https://www.g2.com/products/mend-io/reviews)
Modern risk doesn&#39;t live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster.


**Average Rating:** 4.3/5.0
**Total Reviews:** 105
**How Do G2 Users Rate Mend.io?**

- **Quality of Support:** 8.6/10 (Category avg: 9.0/10)
- **Language Support:** 8.5/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.8/10 (Category avg: 8.8/10)
- **Integration:** 8.5/10 (Category avg: 8.9/10)

**Who Is the Company Behind Mend.io?**

- **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b)
- **Company Website:** https://mend.io
- **Year Founded:** 2011
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @Mend_io (11,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (256 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 38% Small-Business, 34% Mid-Market


#### What Are Mend.io's Pros and Cons?

**Pros:**

- Scanning Efficiency (8 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (6 reviews)
- Scanning Technology (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Integration Issues (6 reviews)
- Limited Features (3 reviews)
- Missing Features (3 reviews)
- Complex Implementation (2 reviews)
- Confusing Interface (2 reviews)


### What Do G2 Reviewers Say About Mend.io?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **scanning efficiency** of Mend.io, highlighting quick scans and detailed reporting for better management.
- Users find Mend.io to be an **easy-to-use** tool that enhances security and provides responsive support.
- Users value the **easy integrations** with source code repositories, enhancing security and simplifying their workflows.
- Users find Mend.io&#39;s **scanning technology highly effective** for comprehensive binary, source code, and container scans.
- Users value the **Vulnerability Detection** in Mend.io for its efficiency in identifying and prioritizing critical vulnerabilities quickly.

**Cons:**

- Users face **integration issues** with on-premise tools and experience difficulty getting features to work effectively.
- Users feel the **limited features** of Mend.io hinder integration and functionality, leading to additional workarounds.
- Users find the **missing features** in Mend.io limit functionality, requiring workarounds for integration and scanning processes.
- Users face **complex implementation** challenges with Mend.io, requiring extensive support and causing delays in integration.
- Users find the **confusing interface** of Mend.io awkward, especially when switching between different product portals.

#### What Are Recent G2 Reviews of Mend.io?

**"[Mend.io review](https://www.g2.com/survey_responses/mend-io-review-8301799)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Human Resources*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-8301799)

---

**"[Useful tool](https://www.g2.com/survey_responses/mend-io-review-10828034)"**

**Rating:** 5.0/5.0 stars
*— Israel Sebastián E.*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-10828034)

---


#### What Are G2 Users Discussing About Mend.io?

- [What is your experience regarding pricing and costs for Mend.io, and how does it compare to other open-source security solutions?](https://www.g2.com/discussions/what-is-your-experience-regarding-pricing-and-costs-for-mend-io-and-how-does-it-compare-to-other-open-source-security-solutions)
- [What is Mend (formerly WhiteSource) used for?](https://www.g2.com/discussions/what-is-mend-formerly-whitesource-used-for)
- [What is white Source bolt?](https://www.g2.com/discussions/what-is-white-source-bolt)
- [What are SCA tools?](https://www.g2.com/discussions/what-are-sca-tools)
- [What is software composition analysis SCA?](https://www.g2.com/discussions/what-is-software-composition-analysis-sca)

### 16. [Jit](https://www.g2.com/products/jit/reviews)
Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit&#39;s AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit&#39;s platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​


**Average Rating:** 4.5/5.0
**Total Reviews:** 43
**How Do G2 Users Rate Jit?**

- **Quality of Support:** 9.3/10 (Category avg: 9.0/10)
- **Language Support:** 8.3/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.5/10 (Category avg: 8.8/10)
- **Integration:** 8.8/10 (Category avg: 8.9/10)

**Who Is the Company Behind Jit?**

- **Seller:** [jit](https://www.g2.com/sellers/jit)
- **Year Founded:** 2021
- **HQ Location:** Boston, MA
- **Twitter:** @jit_io (522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 44% Mid-Market, 42% Small-Business


#### What Are Jit's Pros and Cons?

**Pros:**

- Security (10 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (7 reviews)
- Efficiency (7 reviews)
- Automation (6 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Limited Features (4 reviews)
- Limited Integration (4 reviews)
- Poor Documentation (4 reviews)
- Complexity (3 reviews)


### What Do G2 Reviewers Say About Jit?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **seamless integration of security** in Jit, enhancing efficiency and consistency in their workflows.
- Users praise the **ease of use** of Jit, noting its lightweight setup and seamless integration into development workflows.
- Users value the **easy integrations** of Jit, streamlining security within existing workflows effortlessly.
- Users value the **efficiency** of Jit, which reduces waste and streamlines processes for better productivity.
- Users value the **automation of security controls** , streamlining workflows and enhancing consistency without overwhelming teams.

**Cons:**

- Users face **integration issues** with Jit, as coverage for all enterprise environments and tools is limited.
- Users note the **limited features** in Jit, wishing for more customization and in-depth analytics options.
- Users note **limited integration** options with Jit, wishing for broader support across various enterprise environments.
- Users find the **documentation lacking** , especially for advanced configurations, complicating the setup process and understanding.
- Users find the **configuration complexity** daunting, particularly for newcomers and when integrating with other services.

#### What Are Recent G2 Reviews of Jit?

**"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"**

**Rating:** 4.0/5.0 stars
*— Mohamed A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11751139)

---

**"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"**

**Rating:** 4.0/5.0 stars
*— Ali A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11750234)

---



### 17. [Microsoft Defender for Cloud](https://www.g2.com/products/microsoft-defender-for-cloud/reviews)
Microsoft Defender for Cloud is a cloud native application protection platform for multicloud and hybrid environments with comprehensive security across the full lifecycle, from development to runtime.


**Average Rating:** 4.4/5.0
**Total Reviews:** 295
**How Do G2 Users Rate Microsoft Defender for Cloud?**

- **Quality of Support:** 8.6/10 (Category avg: 9.0/10)
- **Language Support:** 9.4/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Integration:** 9.9/10 (Category avg: 8.9/10)

**Who Is the Company Behind Microsoft Defender for Cloud?**

- **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft)
- **Year Founded:** 1975
- **HQ Location:** Redmond, Washington
- **Twitter:** @microsoft (13,091,739 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (231,632 employees on LinkedIn®)
- **Ownership:** MSFT

**Who Uses This Product?**
- **Who Uses This:** Saas Consultant, Software Engineer
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 38% Mid-Market, 35% Enterprise


#### What Are Microsoft Defender for Cloud's Pros and Cons?

**Pros:**

- Security (121 reviews)
- Comprehensive Security (92 reviews)
- Cloud Security (71 reviews)
- Vulnerability Detection (63 reviews)
- Threat Detection (57 reviews)

**Cons:**

- Complexity (27 reviews)
- Expensive (24 reviews)
- Delayed Detection (22 reviews)
- False Positives (19 reviews)
- Improvement Needed (19 reviews)


### What Do G2 Reviewers Say About Microsoft Defender for Cloud?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **robust security features** of Microsoft Defender for Cloud, effectively protecting against various cyber threats.
- Users value the **comprehensive security features** of Microsoft Defender for Cloud, effectively protecting against various cyber threats.
- Users praise the **robust security features** of Microsoft Defender for Cloud, enhancing protection against various cyber threats.
- Users value the **vulnerability detection** in Microsoft Defender for Cloud, enjoying its continuous monitoring and threat analysis capabilities.
- Users value the **effective threat detection** capabilities of Microsoft Defender for Cloud, enhancing their security posture significantly.

**Cons:**

- Users find Microsoft Defender for Cloud&#39;s **complexity in configurations** challenging, often requiring extensive knowledge and adjustment.
- Users note that the product can be **expensive** , particularly for small to medium-sized businesses, affecting affordability.
- Users report **delayed detection** of threats, sometimes missing suspicious emails and failing to meet security expectations.
- Users experience **false positives** with Microsoft Defender for Cloud, leading to confusion and concerns over legitimate files being flagged.
- Users notice **improvement needed** in Microsoft Defender for Cloud, particularly in policy generation and malware detection capabilities.

#### What Are Recent G2 Reviews of Microsoft Defender for Cloud?

**"[Unified Cloud Security with Actionable Insights and Deep Visibility](https://www.g2.com/survey_responses/microsoft-defender-for-cloud-review-12621279)"**

**Rating:** 4.0/5.0 stars
*— datha s.*

[Read full review](https://www.g2.com/survey_responses/microsoft-defender-for-cloud-review-12621279)

---

**"[Unified Multi-Cloud Security with Clear Recommendations and Strong Performance](https://www.g2.com/survey_responses/microsoft-defender-for-cloud-review-13048283)"**

**Rating:** 4.5/5.0 stars
*— Jeni J.*

[Read full review](https://www.g2.com/survey_responses/microsoft-defender-for-cloud-review-13048283)

---


#### What Are G2 Users Discussing About Microsoft Defender for Cloud?

- [What is Microsoft Defender for Cloud used for?](https://www.g2.com/discussions/what-is-microsoft-defender-for-cloud-used-for) - 1 comment
- [What are the three security services provided by Windows Azure?](https://www.g2.com/discussions/what-are-the-three-security-services-provided-by-windows-azure) - 2 comments
- [What is Azure security management?](https://www.g2.com/discussions/what-is-azure-security-management) - 1 comment
- [Is Azure security Center a SIEM?](https://www.g2.com/discussions/is-azure-security-center-a-siem) - 1 comment, 1 upvote
- [How does Azure provide security?](https://www.g2.com/discussions/how-does-azure-provide-security)

### 18. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews)
Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats.


**Average Rating:** 4.5/5.0
**Total Reviews:** 49
**How Do G2 Users Rate Contrast Security?**

- **Quality of Support:** 9.3/10 (Category avg: 9.0/10)
- **Language Support:** 8.1/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10)
- **Integration:** 8.8/10 (Category avg: 8.9/10)

**Who Is the Company Behind Contrast Security?**

- **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security)
- **Company Website:** https://contrastsecurity.com
- **Year Founded:** 2014
- **HQ Location:** Pleasanton, CA
- **Twitter:** @contrastsec (5,468 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (196 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Insurance, Information Technology and Services
- **Company Size:** 67% Enterprise, 20% Mid-Market


#### What Are Contrast Security's Pros and Cons?

**Pros:**

- Accuracy of Findings (2 reviews)
- Accuracy of Results (2 reviews)
- Vulnerability Detection (2 reviews)
- Automated Scanning (1 reviews)
- Automation (1 reviews)

**Cons:**

- Complex Setup (1 reviews)
- Difficult Setup (1 reviews)
- Performance Issues (1 reviews)
- Problematic Updates (1 reviews)
- Setup Complexity (1 reviews)


### What Do G2 Reviewers Say About Contrast Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of findings** from Contrast Security, ensuring greater precision in identifying vulnerabilities.
- Users value the **accuracy of results** from Contrast Security, benefiting from precise vulnerability monitoring and analysis.
- Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick feedback and agile support.
- Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick turnaround and excellent support.
- Users value the **real-time security testing** and excellent support from Contrast Security, enhancing their overall security posture.

**Cons:**

- Users experienced **performance issues** with Contrast Security, particularly with Java applications, but found support helpful in resolving them.

#### What Are Recent G2 Reviews of Contrast Security?

**"[Contrast Security makes application security simple](https://www.g2.com/survey_responses/contrast-security-review-8516563)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Higher Education*

[Read full review](https://www.g2.com/survey_responses/contrast-security-review-8516563)

---

**"[Shift-Smart with Contrast](https://www.g2.com/survey_responses/contrast-security-review-8492224)"**

**Rating:** 5.0/5.0 stars
*— Kiran S.*

[Read full review](https://www.g2.com/survey_responses/contrast-security-review-8492224)

---


#### What Are G2 Users Discussing About Contrast Security?

- [What is contrast protect?](https://www.g2.com/discussions/what-is-contrast-protect)
- [Is Contrast security SaaS?](https://www.g2.com/discussions/is-contrast-security-saas)
- [What is Contrast security tool?](https://www.g2.com/discussions/what-is-contrast-security-tool)
- [What does contrast security do?](https://www.g2.com/discussions/what-does-contrast-security-do)

### 19. [Aqua Security](https://www.g2.com/products/aqua-security/reviews)
Aqua Security sees and stops attacks across the entire cloud native application lifecycle in a single, integrated platform. From software supply chain security for developers to cloud security and runtime protection for security teams, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry’s most comprehensive Cloud Native Application Protection Platform (CNAPP). Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.


**Average Rating:** 4.2/5.0
**Total Reviews:** 57
**How Do G2 Users Rate Aqua Security?**

- **Quality of Support:** 8.0/10 (Category avg: 9.0/10)
- **Language Support:** 7.3/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 6.3/10 (Category avg: 8.8/10)
- **Integration:** 7.3/10 (Category avg: 8.9/10)

**Who Is the Company Behind Aqua Security?**

- **Seller:** [Aqua Security Software Ltd](https://www.g2.com/sellers/aqua-security-software-ltd)
- **Year Founded:** 2015
- **HQ Location:** Burlington, US
- **Twitter:** @AquaSecTeam (7,673 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aquasecteam/ (466 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 56% Enterprise, 39% Mid-Market


#### What Are Aqua Security's Pros and Cons?

**Pros:**

- Security (18 reviews)
- Ease of Use (15 reviews)
- Detection (10 reviews)
- Features (10 reviews)
- Comprehensive Security (8 reviews)

**Cons:**

- Missing Features (7 reviews)
- Lack of Features (5 reviews)
- Improvement Needed (4 reviews)
- Limited Features (4 reviews)
- Complexity (3 reviews)


### What Do G2 Reviewers Say About Aqua Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate Aqua Security for its **proactive threat detection** , ensuring security issues are addressed before they escalate.
- Users value the **ease of use** of Aqua Security, appreciating its intuitive UI and smooth implementation process.
- Users value the **effective detection of security issues** by Aqua Security, ensuring proactive resolution before problems escalate.
- Users appreciate the **ease of deployment and comprehensive security insights** offered by Aqua Security for proactive code protection.
- Users value Aqua Security&#39;s **comprehensive security frameworks** , enhancing their ability to manage and protect cloud environments effectively.

**Cons:**

- Users feel the **missing features** in Aqua Security hinder effective data analysis and integration capabilities.
- Users report a **lack of features** in Aqua Security, limiting functionality and hindering effective analysis and integration.
- Users note that **improvement is needed** for deeper insights, better integration, and enhanced reporting features in Aqua Security.
- Users note the **limited features** of Aqua Security, highlighting the need for enhanced functionality and integration options.
- Users find Aqua Security&#39;s **complex interface** challenging, especially during initial setup and task execution.

#### What Are Recent G2 Reviews of Aqua Security?

**"[AquaSec have been very efficient and user friendly.](https://www.g2.com/survey_responses/aqua-security-review-7802942)"**

**Rating:** 5.0/5.0 stars
*— Adefolarin B.*

[Read full review](https://www.g2.com/survey_responses/aqua-security-review-7802942)

---

**"[Allows us to monitor security of or platforms and scan images easily.](https://www.g2.com/survey_responses/aqua-security-review-10502217)"**

**Rating:** 5.0/5.0 stars
*— Mitchell M.*

[Read full review](https://www.g2.com/survey_responses/aqua-security-review-10502217)

---



### 20. [FOSSA](https://www.g2.com/products/fossa/reviews)
Open source is a critical part of your software. In the average modern software product, over 80% of the source code shipped is derived from open source. Each component can have cascading legal, security, and quality implications for your customers, making it one of the most important things to manage correctly. FOSSA helps you manage your open source components. We plug into your development workflow to help your team automatically track, manage, and remediate issues with the open source you use to: - Stay compliant with software licenses and generate required attribution documents - Enforce usage and licensing policies throughout your CI/CD workflow - Monitor and remediate security vulnerabilities - Flag code quality issues and outdated components proactively By enabling open source, we help development teams increase development velocity and decrease risk.


**Average Rating:** 4.2/5.0
**Total Reviews:** 15
**How Do G2 Users Rate FOSSA?**

- **Quality of Support:** 8.3/10 (Category avg: 9.0/10)
- **Language Support:** 8.8/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.5/10 (Category avg: 8.8/10)
- **Integration:** 9.2/10 (Category avg: 8.9/10)

**Who Is the Company Behind FOSSA?**

- **Seller:** [FOSSA](https://www.g2.com/sellers/fossa)
- **Year Founded:** 2015
- **HQ Location:** San Francisco, California
- **Twitter:** @getfossa (774 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/fossa/ (59 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 47% Small-Business, 33% Mid-Market


#### What Are FOSSA's Pros and Cons?

**Pros:**

- Easy Integrations (1 reviews)
- Issue Resolution (1 reviews)
- Remediation Solutions (1 reviews)
- Risk Management (1 reviews)
- Security (1 reviews)



### What Do G2 Reviewers Say About FOSSA?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **easy integrations** of FOSSA with their tech stack, streamlining dependency management and enhancing security.
- Users find FOSSA&#39;s **issue resolution capabilities** excellent for identifying vulnerabilities and recommending fixes effectively.
- Users value FOSSA&#39;s **robust remediation solutions** , effectively identifying library issues and recommending fixes for vulnerabilities.
- Users value FOSSA for its **effective risk management** , identifying vulnerabilities and providing recommendations in their applications.
- Users value FOSSA for its **robust security insights** that enhance the safety of their applications throughout the pipeline.


#### What Are Recent G2 Reviews of FOSSA?

**"[Fossa for enterprise applications](https://www.g2.com/survey_responses/fossa-review-10931000)"**

**Rating:** 4.0/5.0 stars
*— Pavan Kumar G.*

[Read full review](https://www.g2.com/survey_responses/fossa-review-10931000)

---

**"[&quot;The FOSSA Experience&quot;](https://www.g2.com/survey_responses/fossa-review-8576931)"**

**Rating:** 5.0/5.0 stars
*— Elvis M.*

[Read full review](https://www.g2.com/survey_responses/fossa-review-8576931)

---



### 21. [MergeBase](https://www.g2.com/products/mergebase/reviews)
MergeBase is revolutionizing software supply chain protection with a full-featured, developer-oriented SCA solution that brings the lowest false positives in the industry and complete DevOps coverage from coding/building to deployment and run-time. MergeBase’s SCA tool analyzes the open-source/third-party libraries for vulnerabilities. Our mission is to protect the software supply chain. We provide a full-featured, developer-oriented solution that has the industry’s lowest false positive rates and complete coverage of the DevOps process.


**Average Rating:** 4.5/5.0
**Total Reviews:** 20
**How Do G2 Users Rate MergeBase?**

- **Quality of Support:** 9.3/10 (Category avg: 9.0/10)
- **Language Support:** 7.9/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 8.5/10 (Category avg: 8.8/10)
- **Integration:** 8.5/10 (Category avg: 8.9/10)

**Who Is the Company Behind MergeBase?**

- **Seller:** [MergeBase Software](https://www.g2.com/sellers/mergebase-software)
- **Year Founded:** 2018
- **HQ Location:** Coquitlam, British Columbia
- **Twitter:** @mergebasesecure (86 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/mergebase/

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 40% Small-Business, 35% Mid-Market



#### What Are Recent G2 Reviews of MergeBase?

**"[MergeBase Detector of risk and vulnerabilities](https://www.g2.com/survey_responses/mergebase-review-7833957)"**

**Rating:** 4.5/5.0 stars
*— Prashant S.*

[Read full review](https://www.g2.com/survey_responses/mergebase-review-7833957)

---

**"[Revolutionizing Software Supply Chain Protection with MergeBase&#39;s SCA Platform](https://www.g2.com/survey_responses/mergebase-review-7670163)"**

**Rating:** 5.0/5.0 stars
*— Disha K.*

[Read full review](https://www.g2.com/survey_responses/mergebase-review-7670163)

---



### 22. [Sandworm](https://www.g2.com/products/sandworm/reviews)
Sandworm is a comprehensive software supply chain security solution that detects vulnerabilities in dependencies, provides actionable insights, and ensures a secure and reliable development process for organizations across multiple programming languages. It empowers developers to identify and remediate potential risks, strengthens cybersecurity resilience, and fosters a safer software ecosystem.


**Average Rating:** 5.0/5.0
**Total Reviews:** 11
**How Do G2 Users Rate Sandworm?**

- **Quality of Support:** 9.6/10 (Category avg: 9.0/10)
- **Language Support:** 9.1/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.6/10 (Category avg: 8.8/10)
- **Integration:** 9.1/10 (Category avg: 8.9/10)

**Who Is the Company Behind Sandworm?**

- **Seller:** [Sandworm](https://www.g2.com/sellers/sandworm)
- **Year Founded:** 2023
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/sandworm-dev/ (2 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Marketing and Advertising
- **Company Size:** 73% Small-Business, 18% Mid-Market



#### What Are Recent G2 Reviews of Sandworm?

**"[Uncovering Hidden Risks](https://www.g2.com/survey_responses/sandworm-review-8920177)"**

**Rating:** 5.0/5.0 stars
*— Jeffrey L.*

[Read full review](https://www.g2.com/survey_responses/sandworm-review-8920177)

---

**"[Powerful tool for dependencies audits!](https://www.g2.com/survey_responses/sandworm-review-8884593)"**

**Rating:** 5.0/5.0 stars
*— Josh B.*

[Read full review](https://www.g2.com/survey_responses/sandworm-review-8884593)

---



### 23. [Endor Labs](https://www.g2.com/products/endor-labs/reviews)
Endor Labs turns application security into a competitive advantage. At the core is AURI, the security harness for agentic development. It helps coding agents write secure code by default, automates PR security reviews, and gives agents deterministic context to fix what matters fast. At the core is our patented code context graph: a continuously updated model of application behavior across code, dependencies, secrets, and containers. The result: 83% fewer blocked PRs, 10x fewer security tickets, and 6x faster remediation at Atlassian, Cursor, Rubrik, and Snowflake.


**Average Rating:** 4.8/5.0
**Total Reviews:** 9
**How Do G2 Users Rate Endor Labs?**

- **Quality of Support:** 9.8/10 (Category avg: 9.0/10)
- **Language Support:** 9.4/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.7/10 (Category avg: 8.8/10)
- **Integration:** 9.2/10 (Category avg: 8.9/10)

**Who Is the Company Behind Endor Labs?**

- **Seller:** [Endor Labs](https://www.g2.com/sellers/endor-labs)
- **Company Website:** https://www.endorlabs.com/
- **Year Founded:** 2021
- **HQ Location:** Palo Alto, California, United States
- **Twitter:** @EndorLabs (592 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/endorlabs (200 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 78% Mid-Market, 22% Enterprise


#### What Are Endor Labs's Pros and Cons?

**Pros:**

- Features (5 reviews)
- Ease of Use (4 reviews)
- Accuracy of Findings (3 reviews)
- Customer Support (3 reviews)
- Integration Support (3 reviews)

**Cons:**

- UX Improvement (3 reviews)
- API Limitations (1 reviews)
- Difficult Setup (1 reviews)
- Integration Issues (1 reviews)
- Missing Features (1 reviews)


### What Do G2 Reviewers Say About Endor Labs?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **innovative reachability analysis** feature of Endor Labs, enhancing security and streamlining their workflows.
- Users find Endor Labs **user-friendly** , with quick access to essential data and intuitive UI for effective analysis.
- Users commend the **accuracy of findings** from Endor Labs, enabling better decision-making and risk management.
- Users commend the **responsive customer support** of Endor Labs, which significantly enhances their operational efficiency.
- Users commend **seamless integration support** from Endor Labs, enhancing their team&#39;s effectiveness and confidence in managing security concerns.

**Cons:**

- Users note that the **UI/UX needs improvement** for better functionality and accessibility of API features.
- Users feel the need for more **API capabilities in the UI** of Endor Labs to enhance usability.
- Users find the **difficult setup** of Endor Labs can be challenging, with unclear error messages during the process.
- Users note **integration issues** with Jira and a need for improved UI/UX, but improvements are in progress.
- Users note the **missing features** in Endor Labs, such as inadequate UI/UX and lack of default monitored branch settings.

#### What Are Recent G2 Reviews of Endor Labs?

**"[Took the SCA scans to whole another level with their reachability analysis](https://www.g2.com/survey_responses/endor-labs-review-11697384)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/endor-labs-review-11697384)

---

**"[Easy SCA Integration with Clear, Actionable Vulnerability Insights](https://www.g2.com/survey_responses/endor-labs-review-12503518)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Security and Investigations*

[Read full review](https://www.g2.com/survey_responses/endor-labs-review-12503518)

---



### 24. [Rainforest Application](https://www.g2.com/products/rainforest-technologies-rainforest-application/reviews)
Rainforest is the all-in-one cyber security platform with an end-to-end approach to simplify corporate reputation protection by using multiple intelligences and proactive observability, adding Application and Cloud Security (from DevOps to DevSecOps), Vulnerability Intelligence, and Brand reputation (Fraud and Leak monitoring). Rainforest Application, Rainforest Cloud, and Rainforest Asset modules allow development and security teams have visibility of all applications lifecycle, in a simple and quick way, providing vulnerability management always that a new line is coded. Rainforest Fraud, Rainforest Leak, and Rainforest Asset build an integrated vision of Vulnerability and Brand Intelligence, guiding security and compliance teams in an efficient manner on potential exposure points, according to their importance to the business regarding the company&#39;s reputation.


**Average Rating:** 4.9/5.0
**Total Reviews:** 12
**How Do G2 Users Rate Rainforest Application?**

- **Quality of Support:** 9.8/10 (Category avg: 9.0/10)
- **Language Support:** 8.0/10 (Category avg: 8.5/10)
- **Continuous Monitoring:** 9.0/10 (Category avg: 8.8/10)
- **Integration:** 8.7/10 (Category avg: 8.9/10)

**Who Is the Company Behind Rainforest Application?**

- **Seller:** [Rainforest Technologies](https://www.g2.com/sellers/rainforest-technologies)
- **HQ Location:** Wilmington, Delaware
- **LinkedIn® Page:** https://www.linkedin.com/company/80967943 (11 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 42% Mid-Market, 42% Small-Business



#### What Are Recent G2 Reviews of Rainforest Application?

**"[Rainforest is very safe!](https://www.g2.com/survey_responses/rainforest-application-review-9743078)"**

**Rating:** 5.0/5.0 stars
*— Paulo Z.*

[Read full review](https://www.g2.com/survey_responses/rainforest-application-review-9743078)

---

**"[My Experience with Rainforest Platform](https://www.g2.com/survey_responses/rainforest-application-review-9843958)"**

**Rating:** 4.5/5.0 stars
*— Lucas M.*

[Read full review](https://www.g2.com/survey_responses/rainforest-application-review-9843958)

---



### 25. [Codacy](https://www.g2.com/products/codacy/reviews)
Codacy is the code quality and security platform for AI-assisted engineering teams. AI is now embedded through the engineering workflow, which has made teams faster, but also adds risk to everything they ship. Codacy helps AI-assisted teams ship high-quality, secure code across the full software development lifecycle, starting in the agent and editor, through pull requests in Git, and into containers and runtime security. At each stage we check for quality issues, security vulnerabilities and AI coding risk introduced into the codebase, and help devs and agent fix them effortlessly. A team&#39;s standards become automated guardrails that apply across every IDE, AI coding agent, and Pull Request. More than 250,000 developers rely on Codacy to keep quality and security stable as AI changes how software gets built. Add your repo and get your free scan report in minutes: https://codacy.com


**Average Rating:** 4.6/5.0
**Total Reviews:** 29
**How Do G2 Users Rate Codacy?**

- **Quality of Support:** 9.1/10 (Category avg: 9.0/10)

**Who Is the Company Behind Codacy?**

- **Seller:** [Codacy](https://www.g2.com/sellers/codacy)
- **Year Founded:** 2012
- **HQ Location:** Lisbon, Lisboa
- **Twitter:** @codacy (5,002 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/3310124/ (71 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 59% Small-Business, 24% Mid-Market


#### What Are Codacy's Pros and Cons?

**Pros:**

- Security (2 reviews)
- Automation (1 reviews)
- Automation Testing (1 reviews)
- Code Quality (1 reviews)
- Customer Support (1 reviews)

**Cons:**

- Expensive (1 reviews)


### What Do G2 Reviewers Say About Codacy?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **security dashboard and vulnerability management** features, providing valuable insights and enhancing code safety.
- Users value the **out-of-the-box automation** of Codacy, finding it easy to use for maintaining code quality.
- Users value the **integrated automation** features of Codacy, appreciating its ease of use and quality assurance capabilities.
- Users appreciate the **effective code quality tools** in Codacy, ensuring clean and safe code with ease of use.
- Users appreciate the **helpful customer support** of Codacy, noting their immediate assistance is invaluable to developers.

**Cons:**

- Users find Codacy to be **expensive** at $19/month, making it less accessible for smaller organizations.

#### What Are Recent G2 Reviews of Codacy?

**"[Codacy is a security must-have tool in our company](https://www.g2.com/survey_responses/codacy-review-10264506)"**

**Rating:** 5.0/5.0 stars
*— David M.*

[Read full review](https://www.g2.com/survey_responses/codacy-review-10264506)

---

**"[Easy GitHub &amp; CI/CD Integration That Catches Bugs Before Production](https://www.g2.com/survey_responses/codacy-review-12739228)"**

**Rating:** 4.5/5.0 stars
*— Arjun M.*

[Read full review](https://www.g2.com/survey_responses/codacy-review-12739228)

---




## What Is Software Composition Analysis Tools?

[DevSecOps Software](https://www.g2.com/categories/devsecops)

## What Software Categories Are Similar to Software Composition Analysis Tools?

- [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner)
- [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast)
- [Secure Code Review Software](https://www.g2.com/categories/secure-code-review)


---

## How Do You Choose the Right Software Composition Analysis Tools?

### What You Should Know About Software Composition Analysis Software

### What is Software Composition Analysis Software?

Software composition analysis (SCA) refers to the management and evaluation of open source and third-party components within the development environment. Software developers and development teams use SCA to keep tabs on the hundreds of open source components incorporated in their builds. These components fall out of compliance and require version updates; if left unchecked they can pose major security risks. With so many components to track, developers lean on SCA to automatically manage issues. SCA tools scan for actionable items and alerts developers, allowing teams to focus on development rather than manually combing through a mess of software components.

In conjunction with tools such as [vulnerability scanner](https://www.g2.com/categories/vulnerability-scanner) and [dynamic application security testing (DAST) software](https://www.g2.com/categories/dynamic-application-security-testing-dast), software composition analysis integrates with the development environment to curate a secure DevOps workflow. The synergy between cybersecurity and DevOps, sometimes referred to as DevSecOps, answers an urgent call for developers to approach software development with a security-first mindset. For a long time, software developers have relied on open source and third-party components, leaving siloed cybersecurity professionals to clean up builds. This outdated standard often leaves large unresolved gaps in security for stretches of time. Software composition analysis presents a solution for ensuring secure compliance before the worst happens.

Key Benefits of Software Composition Analysis Software

- Help keep development secure
- Ease the workloads of developers
- Build a productive workflow across teams

### Why Use Software Composition Analysis Software?

Security best practices are a necessary staple in any DevOps environment. Beyond industry standards, secure development is increasingly important as issues such as API vulnerabilities come to the forefront of cybersecurity. There are often many open source and third-party components in a software build—ensuring components are constantly updated and secure is a task better left to software. Software composition analysis does the job and saves development teams significant time and energy.

**Peace of mind —** Software composition analysis software constantly evaluates open source components. This means developers and teams can focus on advancing their projects without worrying about a mess of unchecked components. In the event of any issues, SCA software alerts users and provides suggestions for remediation.

**Seamless security —** Most SCA software integrates with preexisting development environments, meaning users don’t have to navigate between windows to address vulnerabilities. Developers can receive important and relevant information about the open source and third-party components in their builds without detaching themselves from their workspace.

### Who Uses Software Composition Analysis Software?

DevOps teams that want to implement security best practices use SCA software as an integral part of the DevSecOps tool kit. SCA software empowers developers to proactively keep their open source and third-party components secure, rather than leave a mess of vulnerabilities for siloed cybersecurity team members to clean up. Tools like SCA software help break down the barriers between DevOps and cybersecurity practices, curating an integrated and agile workflow.

**Solo developers —** While SCA software does wonders for larger teams looking to marry their cybersecurity and DevOps processes, solo developers benefit from their own automated security watchdog. Developers working alone on personal projects can’t expect cybersecurity to be taken care of by someone else, so tools like SCA software help them manage their open source vulnerabilities without eating into their time and energy.

**Small development teams —** Similar to solo developers, small development teams often lack the assets to employ a full-time cybersecurity professional. SCA software also aids these teams, allowing them to focus their limited resources on building their project.

**Large DevOps teams —** Midsize and enterprise DevOps teams rely on SCA software to shape a secure and common sense DevSecOps workflow. Rather than isolate cybersecurity professionals from the DevOps process, companies use tools like SCA to integrate cybersecurity as a default standard for development. This practice mitigates stressors on both developers and IT teams by enabling a more agile environment.

### Software Composition Analysis Software Features

**Comprehensive insights —** SCA software gives users meaningful visibility into the open source and third-party components they use. These tools organize relevant and timely information and present developers with useful updates. This interface often requires some level of development knowledge, meaning the onus is on developers to act on any information presented by SCA tools. Version updates, compliance issues, and vulnerabilities are constantly evaluated so users can be alerted as soon as issues arise.

**Remediation information —** Beyond identifying issues with developers’ open source components, SCA software provides users with relevant documentation for remediation. These suggestions give knowledgeable developers a jumping off point so they can address vulnerabilities in a timely manner. These remediation suggestions typically require development knowledge to understand, but developers can often pass these remediation tasks to cybersecurity professionals on their team.

### Trends Related to Software Composition Analysis Software

**DevOps —** DevOps refers to the marriage of development and IT operations management to make unified software development pipelines. Teams have implemented DevOps best practices to build, test, and release software. SCA software’s seamless blending with integrated development environments (IDEs) means it fits right in with any DevOps cycle.

**Cybersecurity —** Calls for standardized cybersecurity best practices as part of DevOps philosophy, often referred to as DevSecOps, have shifted the responsibility for secure applications to developers. SCA software’s vulnerability detection and remediation features play a necessary role in establishing secure DevOps practices.

### Software and Services Related to Software Composition Analysis Software

[**Vulnerability scanner software**](https://www.g2.com/categories/vulnerability-scanner) **—** Vulnerability scanners constantly monitor applications and networks to identify vulnerabilities. These tools scan full applications and networks then test them against known vulnerabilities. All of these functions work in conjunction with SCA software to form a comprehensive security stack.

[**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST software inspects and analyzes an application’s code to discover security vulnerabilities without actually executing code. Similar to SCA software, these tools identify vulnerabilities and provide remediation suggestions. There is functional overlap with static code analysis software, but SAST software specifically focuses on security, while static code analysis software has a broader scope.

[**Dynamic application security testing (DAST) software**](https://www.g2.com/categories/dynamic-application-security-testing-dast) **—** DAST tools automate security tests for a variety of real-world threats. These tools run applications against simulated attacks and other cybersecurity scenarios using black box testing, or testing performed outside an application.

[**Static code analysis software**](https://www.g2.com/categories/static-code-analysis) **—** Static code analysis is a debugging and quality assurance method that inspects a computer program’s code without executing the program. Static code analysis software scans code to identify security vulnerabilities, catch bugs, and ensure the code adheres to industry standards. These tools help software developers automate the core aspects of program comprehension. While static code analysis is similar to static application security testing, this software covers a broader scope as opposed to focusing solely on security.




