# Best Application Security Posture Management (ASPM) Software

*By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)*


Application security posture management (ASPM) is a comprehensive cybersecurity solution that focuses on safeguarding software applications from potential threats. The process involves continuously assessing, monitoring, and enhancing an organization&#39;s application security posture. ASPM encompasses various technologies to identify and mitigate security risks in software applications. It helps companies with visibility, risk identification, and remediation recommendations. This software aids security teams, DevOps, and IT administration to manage compliance, prioritize risks, and handle vulnerabilities.

Application security posture management (ASPM) solutions offer unique capabilities that distinguish them from other cybersecurity tools like [security information and event management (SIEM) systems](https://www.g2.com/categories/security-information-and-event-management-siem) and vulnerability scanners. Unlike these tools, which identify, assess, and mitigate security risks, ASPM is specifically tailored to the security of software applications. It provides a holistic picture of application security health and integrates with the development lifecycle for proactive security measures.

To qualify for inclusion in the ASPM category, a product must:

- Help prioritize and address the most critical security issues and recommend how to remediate vulnerabilities and weaknesses
- Scan and analyze software applications to identify vulnerabilities, misconfigurations, and weaknesses in the code, libraries, and configurations
- Actively monitor applications for signs of malicious activity and potential security breaches, using techniques such as behavioral analysis and anomaly detection
- Help organizations ensure that their applications adhere to industry standards and compliance requirements by assessing and reporting on security posture against these benchmarks






## G2 Grid® for Application Security Posture Management (ASPM) Software
![G2 Grid® for Application Security Posture Management (ASPM) Software plotting products by satisfaction and market presence](https://www.g2.com/categories/application-security-posture-management-aspm/grids.png?focus%5B%5D=1259627&focus%5B%5D=151443&focus%5B%5D=1312693&focus%5B%5D=1186242&focus%5B%5D=7775&focus%5B%5D=7336&focus%5B%5D=32484&focus%5B%5D=1197620)
Highlighted products: Aikido Security, CrowdStrike Falcon Cloud Security, OX Security, Jit, SonarQube, Carbon Black App Control, Invicti (formerly Netsparker), and Strobes Security.
Underlying data: [Grid® JSON](https://www.g2.com/categories/application-security-posture-management-aspm/grids.json?focus%5B%5D=aikido-security&amp;focus%5B%5D=crowdstrike-falcon-cloud-security&amp;focus%5B%5D=ox-security&amp;focus%5B%5D=jit&amp;focus%5B%5D=sonarqube&amp;focus%5B%5D=carbon-black-app-control&amp;focus%5B%5D=invicti-formerly-netsparker&amp;focus%5B%5D=strobes-security)


## How Many Application Security Posture Management (ASPM) Software Products Does G2 Track?
**Total Products under this Category:** 37

### Category Stats (Jul 2026)
- **Average Rating**: 4.56/5 (↑0.01 vs Jun 2026) The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: ArmorCode Agentic AI Platform (+3.13%) - Among all products in this category, ArmorCode Agentic AI Platform recorded the largest rating increase compared to last month
*Last updated: July 12, 2026*


## How Does G2 Rank Application Security Posture Management (ASPM) Software Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 900+ Authentic Reviews
- 37+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Application Security Posture Management (ASPM) Software Is Best for Your Use Case?

- **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Easiest to Use:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)


---

**Sponsored**

### Aikido Security

Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1008070&amp;secure%5Bchosen_at%5D=2026-07-12T23%3A44%3A42Z&amp;secure%5Bdisplayable_resource_id%5D=1008070&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1008070&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1259627&amp;secure%5Bresource_id%5D=1008070&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fapplication-security-posture-management-aspm%3Fopen_modal_url%3D%252Fproducts%252Fplexicus%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fapplication-security-posture-management-aspm%2526source%253Dcategory&amp;secure%5Btoken%5D=3fa3c77dc779cf15d04011320f38b302392bbf9b5f2dfb01d030112345ced922&amp;secure%5Burl%5D=https%3A%2F%2Fwww.aikido.dev%2Fuse-cases%2Fapplication-security-posture-management-aspm%3Futm_source%3Dg2%26utm_campaign%3Dg2-promoted-listing-aspm%26utm_medium%3Dcpc&amp;secure%5Burl_type%5D=custom_url)

---

## What Are the Top-Rated Application Security Posture Management (ASPM) Software Products in 2026?
### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.


**Average Rating:** 4.6/5.0
**Total Reviews:** 145

**Who Is the Company Behind Aikido Security?**

- **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security)
- **Company Website:** https://aikido.dev
- **Year Founded:** 2022
- **HQ Location:** Ghent, Belgium
- **Twitter:** @AikidoSecurity (11,770 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, Founder
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 70% Small-Business, 18% Mid-Market


#### What Are Aikido Security's Pros and Cons?

**Pros:**

- Ease of Use (78 reviews)
- Security (55 reviews)
- Features (52 reviews)
- Easy Integrations (47 reviews)
- Easy Setup (47 reviews)

**Cons:**

- Missing Features (19 reviews)
- Expensive (17 reviews)
- Limited Features (16 reviews)
- Pricing Issues (15 reviews)
- Lacking Features (14 reviews)


### What Do G2 Reviewers Say About Aikido Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Aikido Security, benefiting from its clear insights and seamless integration.
- Users commend Aikido Security for its **intuitive interface** , streamlining the identification and management of security issues effectively.
- Users value Aikido Security for its **user-friendly dashboard and meaningful free tier features** that enhance security workflows.
- Users value the **easy integrations** with GitLab, enhancing day-to-day workflows and security management effortlessly.
- Users laud the **easy setup** of Aikido Security, facilitating seamless integration into existing workflows and enhancing security practices.

**Cons:**

- Users feel a need for **missing features** like code quality checks and advanced integrations for a better experience.
- Users find the **pricing overly high** , especially for startups, despite acknowledging its value.
- Users find Aikido Security&#39;s **limited features** restrict customization and reporting capabilities for complex enterprise needs.
- Users find **pricing issues** with Aikido Security, especially the high entry fees for startups and limited trial duration.
- Users find Aikido Security **lacking features** like local PR annotations and deeper analysis tools crucial for development.

#### What Are Recent G2 Reviews of Aikido Security?

**"[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)"**

**Rating:** 4.0/5.0 stars
*— Dylan E.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-12747129)

---

**"[AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos](https://www.g2.com/survey_responses/aikido-security-review-13024655)"**

**Rating:** 5.0/5.0 stars
*— Jonathon K.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13024655)

---



### 2. [CrowdStrike Falcon Cloud Security](https://www.g2.com/products/crowdstrike-falcon-cloud-security/reviews)
Crowdstrike Falcon Cloud Security is the only CNAPP to stop breaches in the cloud Built for today’s hybrid and multi-cloud environments, Falcon Cloud Security protects the entire cloud attack surface - from code to runtime - by combining continuous agentless visibility with real-time detection and response. At runtime, Falcon Cloud Security delivers best-in-class cloud workload protection and real-time cloud detection and response (CDR) to stop active threats across hybrid environments. Integrated with the CrowdStrike Falcon platform, it correlates signals across endpoint, identity, and cloud to detect sophisticated cross-domain attacks that point solutions miss—enabling teams to respond faster and stop breaches in progress. To reduce risk before attacks occur, Falcon Cloud Security also delivers agentless-driven posture management that proactively shrinks the cloud attack surface. Unlike typical solutions, Crowdstrike enriches cloud risk detections with adversary intelligence and graph-based context, enabling security teams to prioritize exploitable exposures and prevent breaches before they happen. Customers using Falcon Cloud Security consistently see measurable results: 89% faster cloud detection and response 100x reduction in false positives by prioritizing exploitable, business-critical risk 83% reduction in cloud security licenses due to elimination of redundant tools


**Average Rating:** 4.6/5.0
**Total Reviews:** 100

**Who Is the Company Behind CrowdStrike Falcon Cloud Security?**

- **Seller:** [CrowdStrike](https://www.g2.com/sellers/crowdstrike)
- **Company Website:** https://www.crowdstrike.com
- **Year Founded:** 2011
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @CrowdStrike (110,809 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2497653/ (11,343 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 46% Enterprise, 40% Mid-Market


#### What Are CrowdStrike Falcon Cloud Security's Pros and Cons?

**Pros:**

- Security (49 reviews)
- Cloud Security (37 reviews)
- Detection Efficiency (34 reviews)
- Vulnerability Detection (31 reviews)
- Ease of Use (29 reviews)

**Cons:**

- Expensive (17 reviews)
- Improvements Needed (14 reviews)
- Improvement Needed (13 reviews)
- Feature Complexity (8 reviews)
- Learning Curve (8 reviews)


### What Do G2 Reviewers Say About CrowdStrike Falcon Cloud Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **complete protection** of CrowdStrike Falcon Cloud Security, noting its efficiency and user-friendly interface.
- Users value the **strong security and compliance features** of CrowdStrike Falcon Cloud Security, enhancing their cloud protection significantly.
- Users praise the **detection efficiency** of CrowdStrike Falcon, valuing its minimal false positives and robust security capabilities.
- Users commend CrowdStrike Falcon Cloud Security for its **complete protection and efficient vulnerability detection** across various environments.
- Users praise the **user-friendly interface** of CrowdStrike Falcon, making incident investigations and integrations seamless.

**Cons:**

- Users find the **pricing of CrowdStrike Falcon Cloud Security to be high** , which may limit accessibility for smaller organizations.
- Users suggest CrowdStrike should focus on improving **dashboard reliability and enrollment experience** for better usability.
- Users note that **improvements are needed** in the dashboard&#39;s uptime and enrollment user experience for better functionality.
- Users find the **feature complexity** of CrowdStrike Falcon Cloud Security can be overwhelming and requires a learning curve.
- Users note a high **learning curve** with CrowdStrike Falcon Cloud Security, making it challenging for less experienced users.

#### What Are Recent G2 Reviews of CrowdStrike Falcon Cloud Security?

**"[Quiet, Unobtrusive Endpoint Security That Just Works](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12973136)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-12973136)

---

**"[Comprehensive Cloud Security with Excellent Visibility and Threat Detection](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-13041935)"**

**Rating:** 5.0/5.0 stars
*— Ankit C.*

[Read full review](https://www.g2.com/survey_responses/crowdstrike-falcon-cloud-security-review-13041935)

---



### 3. [OX Security](https://www.g2.com/products/ox-security/reviews)
OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform. Unlike traditional “Shift Left” approaches that collapsed under AI’s speed, VibeSec makes software secure by default by preventing risks before they exist. Powered by the OX AI Data Lake and dynamic code-to-runtime context, OX Security delivers: Autonomous, embedded security that runs as fast as developers. Dynamic risk context that shrinks security backlogs before they spiral. Continuous alignment across code, cloud, APIs, and runtime. With OX, developers focus on building while security runs itself, giving enterprises complete confidence that every release ships secure. OX Security -Vendor desc (request to update): OX Security is the company behind VibeSec, an AI-native autonomous security platform built for the AI development era. Unlike traditional tools that chase vulnerabilities after code is written, VibeSec embeds dynamic security context directly into AI coding environments like Cursor and Copilot. The result: every line of code is secure by default. For the first time, security moves at the speed of AI-driven development, preventing vulnerabilities before they exist, shrinking backlogs with every commit, and making security a seamless part of the development flow.


**Average Rating:** 4.8/5.0
**Total Reviews:** 51

**Who Is the Company Behind OX Security?**

- **Seller:** [OX Security](https://www.g2.com/sellers/ox-security)
- **Year Founded:** 2021
- **HQ Location:** New York, USA
- **LinkedIn® Page:** https://www.linkedin.com/company/ox-security/ (199 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Engineer
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 63% Mid-Market, 25% Enterprise


#### What Are OX Security's Pros and Cons?

**Pros:**

- Features (8 reviews)
- Collaboration (6 reviews)
- Customer Support (6 reviews)
- Easy Integrations (6 reviews)
- Speed (6 reviews)

**Cons:**

- Complexity (5 reviews)
- Overwhelming Interface (4 reviews)
- Complex Setup (3 reviews)
- Dashboard Issues (3 reviews)
- Difficult Learning (3 reviews)


### What Do G2 Reviewers Say About OX Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **comprehensive security testing** OX Security offers, streamlining issue management and enhancing team focus.
- Users value the **seamless collaboration** offered by OX Security, enhancing integration and communication within development workflows.
- Users commend the **responsive customer support** of OX Security, facilitating seamless integration and effective issue resolution.
- Users value the **seamless integrations** with tools, enhancing workflows and boosting overall security without delays.
- Users commend OX Security for its **speed in vulnerability remediation** , enabling faster triage and efficient management of security issues.

**Cons:**

- Users find OX Security&#39;s **complexity overwhelming** , especially due to inadequate documentation and a steep learning curve.
- Users find the **overwhelming interface** of OX Security challenging, especially with inadequate documentation and tiny text sizes.
- Users find the **complex setup** challenging, especially due to lacking documentation and overwhelming UI for new users.
- Users find the **dashboard issues** hinder effective reporting and can be overwhelming during the initial implementation phase.
- Users find the **difficult learning** curve challenging due to OX Security&#39;s overwhelming interface and lack of documentation.

#### What Are Recent G2 Reviews of OX Security?

**"[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Gambling &amp; Casinos*

[Read full review](https://www.g2.com/survey_responses/ox-security-review-10961361)

---

**"[A Transformative Game-Changer in Application Security Posture Management](https://www.g2.com/survey_responses/ox-security-review-10618682)"**

**Rating:** 5.0/5.0 stars
*— Dudi E.*

[Read full review](https://www.g2.com/survey_responses/ox-security-review-10618682)

---



### 4. [Jit](https://www.g2.com/products/jit/reviews)
Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit&#39;s AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit&#39;s platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​


**Average Rating:** 4.5/5.0
**Total Reviews:** 43

**Who Is the Company Behind Jit?**

- **Seller:** [jit](https://www.g2.com/sellers/jit)
- **Year Founded:** 2021
- **HQ Location:** Boston, MA
- **Twitter:** @jit_io (522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 44% Mid-Market, 42% Small-Business


#### What Are Jit's Pros and Cons?

**Pros:**

- Security (10 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (7 reviews)
- Efficiency (7 reviews)
- Automation (6 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Limited Features (4 reviews)
- Limited Integration (4 reviews)
- Poor Documentation (4 reviews)
- Complexity (3 reviews)


### What Do G2 Reviewers Say About Jit?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **seamless integration of security** in Jit, enhancing efficiency and consistency in their workflows.
- Users praise the **ease of use** of Jit, noting its lightweight setup and seamless integration into development workflows.
- Users value the **easy integrations** of Jit, streamlining security within existing workflows effortlessly.
- Users value the **efficiency** of Jit, which reduces waste and streamlines processes for better productivity.
- Users value the **automation of security controls** , streamlining workflows and enhancing consistency without overwhelming teams.

**Cons:**

- Users face **integration issues** with Jit, as coverage for all enterprise environments and tools is limited.
- Users note the **limited features** in Jit, wishing for more customization and in-depth analytics options.
- Users note **limited integration** options with Jit, wishing for broader support across various enterprise environments.
- Users find the **documentation lacking** , especially for advanced configurations, complicating the setup process and understanding.
- Users find the **configuration complexity** daunting, particularly for newcomers and when integrating with other services.

#### What Are Recent G2 Reviews of Jit?

**"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"**

**Rating:** 4.0/5.0 stars
*— Mohamed A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11751139)

---

**"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"**

**Rating:** 4.0/5.0 stars
*— Ali A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11750234)

---



### 5. [SonarQube](https://www.g2.com/products/sonarqube/reviews)
Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.


**Average Rating:** 4.4/5.0
**Total Reviews:** 151

**Who Is the Company Behind SonarQube?**

- **Seller:** [SonarSource Sàrl](https://www.g2.com/sellers/sonarsource-sarl)
- **Company Website:** https://www.sonarsource.com
- **Year Founded:** 2008
- **HQ Location:** Geneva, Switzerland
- **Twitter:** @SonarSource (10,913 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/sonarsource/ (973 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** DevOps Engineer, Software Engineer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 43% Enterprise, 39% Mid-Market


#### What Are SonarQube's Pros and Cons?

**Pros:**

- Code Quality (24 reviews)
- Features (20 reviews)
- Issue Identification (19 reviews)
- Ease of Use (18 reviews)
- Easy Integrations (18 reviews)

**Cons:**

- Software Bugs (12 reviews)
- Complex Configuration (10 reviews)
- False Positives (10 reviews)
- Complexity (8 reviews)
- Complex Setup (8 reviews)


### What Do G2 Reviewers Say About SonarQube?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **rapid identification of code quality and security issues** with SonarQube, simplifying code maintenance and reliability.
- Users value the **quick code quality and security issue detection** of SonarQube, enhancing maintainability and reliability over time.
- Users value SonarQube for its **efficient issue identification** , improving code quality and maintainability effortlessly.
- Users appreciate the **ease of use** of SonarQube, allowing seamless integration and daily applications without hassle.
- Users appreciate the **easy integrations** of SonarCloud, enhancing their development workflows seamlessly.

**Cons:**

- Users face challenges with **software bugs** in SonarQube, leading to issues slipping into production unexpectedly.
- Users find the **complex configuration** of SonarQube challenging, often requiring extensive tuning and setup time.
- Users often face **false positives** , complicating the effectiveness of SonarQube in real-world and legacy code projects.
- Users find SonarQube&#39;s **complexity** challenging, particularly during configuration and excessive warning management.
- Users find the **complex setup** of SonarQube time-consuming and challenging, especially for legacy projects and specific environments.

#### What Are Recent G2 Reviews of SonarQube?

**"[SonarQube: Easy Integration, Simple UI, and Solid Free Code Quality Scanning](https://www.g2.com/survey_responses/sonarqube-review-12975264)"**

**Rating:** 4.5/5.0 stars
*— Divyarajsinh  C.*

[Read full review](https://www.g2.com/survey_responses/sonarqube-review-12975264)

---

**"[Catches bugs early, saves us time](https://www.g2.com/survey_responses/sonarqube-review-13087609)"**

**Rating:** 5.0/5.0 stars
*— Srinidhi H.*

[Read full review](https://www.g2.com/survey_responses/sonarqube-review-13087609)

---


#### What Are G2 Users Discussing About SonarQube?

- [What is SonarLint used for?](https://www.g2.com/discussions/what-is-sonarlint-used-for)
- [What is SonarQube and how does it work?](https://www.g2.com/discussions/what-is-sonarqube-and-how-does-it-work) - 1 upvote
- [What is the benefit of SonarQube?](https://www.g2.com/discussions/what-is-the-benefit-of-sonarqube)
- [What are the main components of SonarQube platform?](https://www.g2.com/discussions/what-are-the-main-components-of-sonarqube-platform)
- [What is SonarQube and its features?](https://www.g2.com/discussions/what-is-sonarqube-and-its-features)

### 6. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews)
Invicti (formerly known as Netsparker) is an enterprise application and API security testing platform that helps organizations secure thousands of web applications and APIs at scale while dramatically reducing the risk of attack. Combining advanced DAST and IAST capabilities in a single platform, Invicti enables security teams to continuously identify, prioritize, and remediate vulnerabilities across complex modern environments with confidence and automation. With Invicti, security teams can: - Automate application security testing workflows and save hundreds of hours every month - Discover and secure all web applications and APIs, including forgotten, unmanaged, and shadow assets - Deliver actionable, developer-friendly feedback that helps teams remediate vulnerabilities faster and build more secure code over time - Reduce false positives with proof-based scanning technology that validates exploitable vulnerabilities - Scale application security programs across large enterprises without slowing development teams - Integrate security seamlessly into existing DevSecOps and CI/CD workflows Built for organizations with the most demanding security requirements, Invicti empowers teams to confidently secure their entire attack surface with accuracy, scalability, and automation.


**Average Rating:** 4.5/5.0
**Total Reviews:** 68

**Who Is the Company Behind Invicti (formerly Netsparker)?**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,557 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 46% Enterprise, 28% Mid-Market


#### What Are Invicti (formerly Netsparker)'s Pros and Cons?

**Pros:**

- Ease of Use (9 reviews)
- Scanning Technology (7 reviews)
- Features (6 reviews)
- Reporting Quality (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Poor Customer Support (3 reviews)
- Slow Performance (3 reviews)
- Slow Scanning (3 reviews)
- API Issues (2 reviews)
- Complex Setup (2 reviews)


### What Do G2 Reviewers Say About Invicti (formerly Netsparker)?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of Invicti, enabling quick setup and efficient security testing for all team members.
- Users value the **scanning technology** of Invicti for its user-friendliness and efficient vulnerability detection.
- Users praise Invicti&#39;s **accuracy and integration capabilities** , enhancing security testing and streamlining workflows in development.
- Users value the **well-formatted and comprehensive reports** from Invicti, facilitating smooth ISO certification processes.
- Users value the **effective vulnerability detection** by Invicti, appreciating its user-friendly interface and detailed reporting.

**Cons:**

- Users find **customer support lacking** , often experiencing slow response times and ineffective solutions to their issues.
- Users experience **slow performance** during scans and setup, affecting efficiency while using Invicti.
- Users experience **slow scanning** speeds and find API scanning capabilities lacking, impacting their overall effectiveness.
- Users experience **API issues** that hinder functionality, preventing effective use of Invicti for API scanning tasks.
- Users find the **complex setup** of Invicti challenging, especially with nested menus that hinder easy configuration.

#### What Are Recent G2 Reviews of Invicti (formerly Netsparker)?

**"[Accurate, Actionable Scans with Minimal Noise](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Retail*

[Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)

---

**"[Scalable Enterprise Security: Deep Endpoint Coverage via Invicti](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)

---


#### What Are G2 Users Discussing About Invicti (formerly Netsparker)?

- [What is Invicti (formerly Netsparker) used for?](https://www.g2.com/discussions/what-is-invicti-formerly-netsparker-used-for) - 1 comment
- [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/invicti-formerly-netsparker-what-type-of-vulnerabilities-netsparker-can-automatically-confirm)
- [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/what-type-of-vulnerabilities-netsparker-can-automatically-confirm)
- [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost-a1ecffa4-a216-4bcc-affd-40dc140f3e27)
- [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost)

### 7. [Carbon Black App Control](https://www.g2.com/products/carbon-black-app-control/reviews)
With the rise of security threats and malware, organizations need technologies to combat these risks. Unplanned downtime and performance degradation from security breaches impact productivity and reputation. As IT and security shift to the cloud, it&#39;s crucial to stay vigilant about security gaps. Many companies still rely on air-gapped servers or outdated operating systems (EOL OS) for critical systems and data storage. Carbon Black App Control offers proactive security for data centers, AWS, Azure, GCP, or hosted private clouds. App Control ensures trusted software runs, monitors file integrity, controls devices, protects memory and registry keys on Windows.


**Average Rating:** 4.6/5.0
**Total Reviews:** 44

**Who Is the Company Behind Carbon Black App Control?**

- **Seller:** [Broadcom](https://www.g2.com/sellers/broadcom-ab3091cd-4724-46a8-ac89-219d6bc8e166)
- **Year Founded:** 1991
- **HQ Location:** San Jose, CA
- **Twitter:** @broadcom (63,909 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/broadcom/ (55,094 employees on LinkedIn®)
- **Ownership:** NASDAQ: CA

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 64% Enterprise, 33% Mid-Market


#### What Are Carbon Black App Control's Pros and Cons?

**Pros:**

- Customer Support (1 reviews)
- Ease of Use (1 reviews)
- Easy Implementation (1 reviews)
- Easy Integrations (1 reviews)
- Features (1 reviews)

**Cons:**

- Expensive (1 reviews)
- False Positives (1 reviews)
- High CPU Usage (1 reviews)
- Memory Issues (1 reviews)
- Slow Performance (1 reviews)


### What Do G2 Reviewers Say About Carbon Black App Control?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend the **awesome customer support** of Carbon Black App Control, enhancing their security experience significantly.
- Users value the **ease of use** and quick implementation of Carbon Black App Control, enhancing security effectively.
- Users value the **easy implementation** of Carbon Black App Control, enhancing security and confidence in critical systems.
- Users value the **easy integrations** of Carbon Black App Control, enhancing security and compliance effortlessly.
- Users value the **easy implementation and strong security** of Carbon Black App Control, enhancing compliance and trust in critical systems.

**Cons:**

- Users feel that the pricing of Carbon Black App Control is **on the higher side** for smaller organizations.
- Users occasionally experience **false positives** , which require manual whitelisting to resolve effectively.
- Users often experience **high CPU usage** with Carbon Black App Control, leading to performance concerns and false alerts.
- Users cite **memory issues** with Carbon Black, noting increased CPU usage and false alerts that hinder performance.
- Users dislike the **slow performance** of Carbon Black App Control due to high CPU and memory usage.

#### What Are Recent G2 Reviews of Carbon Black App Control?

**"[Powerful Application Control enabling Enhanced Security](https://www.g2.com/survey_responses/carbon-black-app-control-review-10387482)"**

**Rating:** 4.5/5.0 stars
*— Prajwal V.*

[Read full review](https://www.g2.com/survey_responses/carbon-black-app-control-review-10387482)

---

**"[Carbon Black Review](https://www.g2.com/survey_responses/carbon-black-app-control-review-9186031)"**

**Rating:** 4.0/5.0 stars
*— Abhiuday M.*

[Read full review](https://www.g2.com/survey_responses/carbon-black-app-control-review-9186031)

---


#### What Are G2 Users Discussing About Carbon Black App Control?

- [Does Carbon Black do file integrity monitoring?](https://www.g2.com/discussions/does-carbon-black-do-file-integrity-monitoring)
- [How does Carbon Black EDR work?](https://www.g2.com/discussions/how-does-carbon-black-edr-work)
- [What are the benefits of VMware carbon black to organizations?](https://www.g2.com/discussions/what-are-the-benefits-of-vmware-carbon-black-to-organizations)
- [What does Carbon Black App Control do?](https://www.g2.com/discussions/what-does-carbon-black-app-control-do)

### 8. [Strobes Security](https://www.g2.com/products/strobes-security/reviews)
Strobes is an AI-driven exposure management platform designed to help organizations streamline their security operations by unifying various security methodologies, including Attack Surface Management (ASM), Application Security Posture Management (ASPM), Risk-Based Vulnerability Management (RBVM), and Penetration Testing as a Service (PTaaS). This comprehensive solution provides users with a holistic view of their security posture, enabling them to identify, assess, and respond to potential risks and vulnerabilities effectively. Targeted primarily at security teams and IT professionals, Strobes caters to organizations of all sizes that require a robust approach to managing their security exposure. The platform is particularly beneficial for those who need to navigate the complexities of modern security environments, where multiple tools and processes can lead to fragmented insights. By consolidating various security functions into a single workflow, Strobes empowers users to make informed decisions based on a complete understanding of their risk landscape. One of the key features of Strobes is its extensive integration capabilities, boasting over 120 integrations with existing security tools and systems. This allows organizations to pull findings from disparate sources into a single view, enriching data with contextual information that enhances the relevance of insights. The platform&#39;s advanced correlation capabilities help identify relationships between different vulnerabilities and risks, enabling security teams to prioritize their remediation efforts effectively. The user-friendly dashboards in Strobes serve as a central hub for monitoring security activities, encompassing everything from asset discovery and vulnerability insights to Service Level Agreement (SLA) tracking and ticketing. This comprehensive visibility supports continuous prioritization and fix validation, allowing teams to address the most critical issues first. By automating triage processes, Strobes ensures that real risks and exposures are highlighted, facilitating a more efficient response to potential threats. Overall, Strobes stands out in the exposure management landscape by providing a cohesive and intelligent approach to security management. Its ability to unify various methodologies, coupled with powerful automation and integration features, positions it as a valuable tool for organizations seeking to enhance their security posture and effectively manage their exposure to risks.


**Average Rating:** 4.6/5.0
**Total Reviews:** 34

**Who Is the Company Behind Strobes Security?**

- **Seller:** [Strobes Security Inc](https://www.g2.com/sellers/strobes-security-inc)
- **Company Website:** https://www.strobes.co/
- **Year Founded:** 2019
- **HQ Location:** Plano, US
- **Twitter:** @StrobesHQ (218 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/strobeshq (97 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software
- **Company Size:** 37% Enterprise, 37% Mid-Market


#### What Are Strobes Security's Pros and Cons?

**Pros:**

- Vulnerability Identification (14 reviews)
- Vulnerability Detection (13 reviews)
- Security (11 reviews)
- Customer Support (10 reviews)
- Ease of Use (10 reviews)

**Cons:**

- Inadequate Reporting (4 reviews)
- Limited Customization (4 reviews)
- Poor Usability (4 reviews)
- Reporting Issues (4 reviews)
- Complexity (2 reviews)


### What Do G2 Reviewers Say About Strobes Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend Strobes for its **thorough vulnerability identification** , enhancing security through clear insights and actionable fixes.
- Users commend Strobes Security for its **exceptional vulnerability detection** , pinpointing flaws and offering clear remediation suggestions.
- Users commend Strobes for its **robust security solutions** , effectively identifying vulnerabilities and streamlining vulnerability management processes.
- Users commend the **proactive and engaging customer support** of Strobes Security, ensuring timely resolutions and effective communication.
- Users commend the **ease of use** of Strobes Security, appreciating its intuitive interface and efficient vulnerability management lifecycle.

**Cons:**

- Users criticize the **inadequate reporting** features of Strobes Security, lacking depth and flexibility for effective analysis and presentations.
- Users find **limited customization** options frustrating, particularly in workflow integration and dashboard clarity.
- Users note a **poor usability** experience with Strobes Security due to its steep learning curve and daunting interface.
- Users express frustration with the **lack of transparency and flexibility in reporting** , hindering effective analysis and customization.
- Users find the **UI complex** and the initial setup of Strobes Security can be unintuitive and challenging.

#### What Are Recent G2 Reviews of Strobes Security?

**"[Valuable Security Assessments with Practical Findings](https://www.g2.com/survey_responses/strobes-security-review-12795666)"**

**Rating:** 4.5/5.0 stars
*— Apoorva J.*

[Read full review](https://www.g2.com/survey_responses/strobes-security-review-12795666)

---

**"[Comprehensive and Reliable Attack Surface Management Solution](https://www.g2.com/survey_responses/strobes-security-review-12638010)"**

**Rating:** 5.0/5.0 stars
*— Divya D.*

[Read full review](https://www.g2.com/survey_responses/strobes-security-review-12638010)

---



### 9. [APPCHECK](https://www.g2.com/products/appcheck/reviews)
AppCheck is a Dynamic Application Security Testing (DAST) and network vulnerability testing solution, developed and supported by experienced penetration testers. We approach security testing as a hacker would, leveraging multiple proprietary crawling engines to analyse target behaviour across both modern and traditional technologies, including Single Page Applications (SPAs), APIs, and complex authentication flows such as SSO, 2FA, and TOTP. Organisations can conduct unlimited security assessments across Web Applications, SPAs, APIs, cloud services, networks, across internal or external assets. Supporting production and UAT testing, AppCheck also helps organisations ‘shift left’ by integrating with CI/CD pipelines and build servers, including ADO, GitHub, Jenkins, TeamCity, CircleCI, TravisCI, Bamboo, and GitLab CI/CD. Allowing automated security testing throughout development, identifying risks as soon as changes are introduced. AppCheck are proud to be part of the CVE Numbering Authority (CNA), contributing to global security research


**Average Rating:** 4.6/5.0
**Total Reviews:** 67

**Who Is the Company Behind APPCHECK?**

- **Seller:** [APPCHECK](https://www.g2.com/sellers/appcheck)
- **Company Website:** https://www.appcheck-ng.com
- **Year Founded:** 2014
- **HQ Location:** Leeds, GB
- **Twitter:** @AppcheckNG (649 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/appcheck-ng-ltd/ (106 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 49% Mid-Market, 30% Small-Business


#### What Are APPCHECK's Pros and Cons?

**Pros:**

- Ease of Use (5 reviews)
- Vulnerability Detection (5 reviews)
- Features (4 reviews)
- Pentesting Efficiency (4 reviews)
- Scanning Efficiency (4 reviews)

**Cons:**

- UX Improvement (2 reviews)
- API Issues (1 reviews)
- Difficult Customization (1 reviews)
- Difficult Learning Curve (1 reviews)
- False Positives (1 reviews)


### What Do G2 Reviewers Say About APPCHECK?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of AppCheck, making complex processes simple and efficient.
- Users value the **practical insights into vulnerabilities** provided by AppCheck, enhancing overall security and efficiency.
- Users value the **excellent functionality and support** of AppCheck, enhancing security with tailored reporting and continuous scans.
- Users laud the **pentesting efficiency** of AppCheck, significantly reducing the need for manual testing and enhancing security.
- Users love the **scanning efficiency** of AppCheck, finding it reliable and easy to integrate within development workflows.

**Cons:**

- Users suggest improving **UX and customization** in AppCheck for better alignment with the latest standards and enhanced experience.
- Users find the **API issues** frustrating, as endpoint changes require service requests despite ongoing improvements based on feedback.
- Users feel that **difficult customization** hampers their ability to tailor reports to their specific needs and context.
- Users note a **difficult learning curve** with Appcheck, but overall find the product satisfactory.
- Users find the **false positives** in scan results problematic, necessitating manual validation and complicating the reporting process.

#### What Are Recent G2 Reviews of APPCHECK?

**"[Effortless Vulnerability Management with APPCHECK](https://www.g2.com/survey_responses/appcheck-review-12463853)"**

**Rating:** 5.0/5.0 stars
*— Aaron H.*

[Read full review](https://www.g2.com/survey_responses/appcheck-review-12463853)

---

**"[Great onboarding experience and trial](https://www.g2.com/survey_responses/appcheck-review-11771398)"**

**Rating:** 4.0/5.0 stars
*— Tyler S.*

[Read full review](https://www.g2.com/survey_responses/appcheck-review-11771398)

---



### 10. [ActiveState](https://www.g2.com/products/activestate/reviews)
ActiveState provides the world&#39;s largest library of secure open source: 79 million (Java, Javascript, Python, R, Go, etc.) vetted components across all major language ecosystems, including transitive dependencies and OS-level libraries—built from source to ensure every component is verified, vulnerability-free, and continuously updated. Software teams improve security posture while accelerating development velocity. We deliver five critical outcomes. Counter Supply Chain Risks at Their Source Significantly reduce the possibility of inheriting malicious code from pre-built binaries. Replace risky, unvetted public components with secure, verifiable packages built directly from source. Gain provenance over your artifacts, ensuring bad actors and malware never reach your environment. - Protection from compromised package ecosystems and build systems - Mitigate high-profile malware attacks such as the npm Shai-Hulud attack and other future threats Continuous Remediation for Your Open Source Inventory Shift from reactive patching to proactive immunity. Maintain a hardened security posture with safe-by-default open source and continuous remediation across your inventory. ActiveState artifacts reduce your attack surface and evolve to help close vulnerabilities before they become incidents. - Up to 99% reduction in CVEs compared to community open source artifacts - Achieve up to 90% reduction in MTTR for future vulnerabilities Apply Frictionless Security Policies Embed governance directly into developer workflows without impeding engineering or adding costly CI/CD bloat. ActiveState solutions slot seamlessly into existing tools and AI coding assistants, transforming security policy from a blocker into an enabler that reduces open source approval workflows from weeks and days to just hours and minutes. - Reduce open source approval workflows from weeks and days to hours and minutes Audit Ready Compliance, Always Achieve continuous compliance with instant, granular visibility into components, licenses, and dependencies across your organization. ActiveState delivers comprehensive SBOMs and metadata by default, ensuring you can meet complex standards and minimizing the scramble of audit preparation. - Full visibility into your open source usage, including transitive and OS level dependencies Reclaim Developer Velocity and Focus Minimize high-value engineering hours on dependency conflicts, environment setup, research and remediation. ActiveState components and artifacts are fully managed to ensure they are always up to date and safe to use so your team can focus entirely on shipping revenue-generating features. - Free up 4-8 developer hours per CVE - 68% reduction in scanner noise from false positives


**Average Rating:** 4.1/5.0
**Total Reviews:** 32

**Who Is the Company Behind ActiveState?**

- **Seller:** [ActiveState](https://www.g2.com/sellers/activestate-fd82e7c7-dea3-4ff5-9e96-cc5cd7d39a87)
- **Company Website:** https://www.activestate.com/
- **Year Founded:** 1997
- **HQ Location:** Vancouver, BC
- **Twitter:** @ActiveState (4,014 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5052/ (74 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Computer &amp; Network Security
- **Company Size:** 51% Small-Business, 29% Mid-Market



#### What Are Recent G2 Reviews of ActiveState?

**"[Very easy to use and very helpful](https://www.g2.com/survey_responses/activestate-review-6964391)"**

**Rating:** 5.0/5.0 stars
*— Saurav S.*

[Read full review](https://www.g2.com/survey_responses/activestate-review-6964391)

---

**"[Super easy to use platform, makes building code way less of a hassle](https://www.g2.com/survey_responses/activestate-review-6961997)"**

**Rating:** 5.0/5.0 stars
*— Alexander H.*

[Read full review](https://www.g2.com/survey_responses/activestate-review-6961997)

---


#### What Are G2 Users Discussing About ActiveState?

- [What is ActivePerl used for?](https://www.g2.com/discussions/what-is-activeperl-used-for)
- [What is the difference between Python and ActivePython?](https://www.g2.com/discussions/what-is-the-difference-between-python-and-activepython) - 1 comment
- [What is ActiveState platform?](https://www.g2.com/discussions/what-is-activestate-platform)

### 11. [Edgescan](https://www.g2.com/products/edgescan/reviews)
What Is Edgescan? Edgescan is a cybersecurity company that helps organizations proactively identify, validate, and prioritize vulnerabilities across their applications, API’s and digital landscape. The company specializes in continuous vulnerability assessment, automated penetration testing, Attack Surface Management and Penetration Testing as a Service (PTaaS). Edgescan combines advanced automation with certified security experts, including professionals holding credentials such as CREST and OSCP, to deliver highly accurate and actionable security testing. This hybrid approach allows organizations to move beyond traditional point-in-time penetration tests and operate a continuous proactive cybersecurity program. The Edgescan platform is designed primarily for web application and API security, enabling organizations to continuously assess their attack surface and identify vulnerabilities throughout the development lifecycle but also delivers “full stack” coverage to detect host layer CVE’s. With a client retention rate of over 90%, Edgescan has built long-term partnerships by delivering measurable improvements in security efficiency, risk visibility, and vulnerability management. Key Features and Capabilities of Edgescan Automated Penetration Testing Edgescan uses intelligent automation to continuously assess applications, APIs, hosts, and cloud environments for vulnerabilities. This enables frequent, scalable security testing across modern and distributed architectures. Human‑Validated Testing Findings are reviewed and manually validated by certified security experts to eliminate false positives and provide deeper insight into real‑world exploitability. Each result is accurate, contextual, and actionable. Penetration Testing as a Service (PTaaS) Edgescan’s PTaaS model extends beyond automated testing by allowing expert testers to focus on vulnerabilities that require human analysis, including: • Business logic flaws • Authentication and authorization weaknesses • Context-dependent exposures • Complex attack chains and privilege escalation paths Cyber Analytics and AI‑Assisted Validation AI-driven analysis enhances detection, verifies exploitability, and increases accuracy. This reduces noise and gives security teams a clearer picture of genuine threats. Integrated Threat Intelligence Edgescan correlates vulnerabilities with real-world threat intelligence, including known exploits and ransomware activity to help organizations prioritize the most dangerous exposures first. Risk‑Based Prioritization Findings are prioritized based on exploitability, severity, threat context, and business impact, ensuring teams focus on the issues that matter most. Primary Value: What Edgescan Solves for Clients Edgescan enables organizations to shift from reactive vulnerability management to a continuous, proactive security model. Traditional scanners and periodic penetration tests frequently produce large volumes of unvalidated findings. This creates noise and forces security teams to spend hours determining which issues are real and critical. Edgescan solves this by combining: Automation for continuous testing Human expertise for validation and complex analysis Cyber analytics and AI for accuracy and prioritization Key Benefits Significant efficiency gains: reducing thousands of hours spent on manual validation. Higher accuracy, thanks to expert‑validated findings and reduced false positives. Clear prioritization, using threat intelligence and ransomware insights to highlight the highest‑risk exposures. Continuous security improvement, enabling rapid detection, faster remediation, and scalable vulnerability management. By unifying automation, human expertise, AI, and threat intelligence, Edgescan empowers organizations to maintain a continuous cybersecurity program that strengthens overall security posture while dramatically reducing operational burden.


**Average Rating:** 4.7/5.0
**Total Reviews:** 51

**Who Is the Company Behind Edgescan?**

- **Seller:** [Edgescan](https://www.g2.com/sellers/edgescan)
- **Company Website:** https://www.edgescan.com
- **Year Founded:** 2017
- **HQ Location:** Dublin, Dublin
- **Twitter:** @edgescan (2,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2928425/ (89 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 32% Mid-Market, 32% Enterprise


#### What Are Edgescan's Pros and Cons?

**Pros:**

- Ease of Use (25 reviews)
- Vulnerability Detection (24 reviews)
- Customer Support (19 reviews)
- Vulnerability Identification (19 reviews)
- Features (18 reviews)

**Cons:**

- Complex UI (5 reviews)
- Limited Customization (5 reviews)
- Poor Interface Design (5 reviews)
- Slow Performance (5 reviews)
- UX Improvement (5 reviews)


### What Do G2 Reviewers Say About Edgescan?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** with Edgescan, benefiting from seamless setup, integration, and effective reporting dashboards.
- Users praise Edgescan for its **validated, near false positive free vulnerability scanning** , enhancing security with effective scanning solutions.
- Users appreciate Edgescan&#39;s **responsive customer support** , ensuring smooth transitions and quick answers throughout the experience.
- Users value the **validated vulnerability scanning** by Edgescan for its accuracy and ease of integration.
- Users appreciate the **continuous improvement and user-friendly features** of Edgescan, enhancing their overall experience.

**Cons:**

- Users find the **UI complex and non-intuitive** , making navigation and access to settings challenging at times.
- Users find the **limited customization** of Edgescan frustrating, especially with infrequent host configuration updates.
- Users find the **poor interface design** of Edgescan frustrating, impacting usability and ease of access to information.
- Users often experience **slow performance** with scan results taking longer than expected, impacting overall efficiency.
- Users find the **UI to be outdated and user-unfriendly** , complicating data access and support requests within Edgescan.

#### What Are Recent G2 Reviews of Edgescan?

**"[Edgescan: Easy Setup, Clear Insights, and Expert Security Support](https://www.g2.com/survey_responses/edgescan-review-12224347)"**

**Rating:** 5.0/5.0 stars
*— Matt W.*

[Read full review](https://www.g2.com/survey_responses/edgescan-review-12224347)

---

**"[Edgescan Is Amazing!](https://www.g2.com/survey_responses/edgescan-review-11014532)"**

**Rating:** 5.0/5.0 stars
*— Greg S.*

[Read full review](https://www.g2.com/survey_responses/edgescan-review-11014532)

---


#### What Are G2 Users Discussing About Edgescan?

- [What is edgescan used for?](https://www.g2.com/discussions/what-is-edgescan-used-for) - 1 comment

### 12. [Mend.io](https://www.g2.com/products/mend-io/reviews)
Modern risk doesn&#39;t live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster.


**Average Rating:** 4.3/5.0
**Total Reviews:** 108

**Who Is the Company Behind Mend.io?**

- **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b)
- **Company Website:** https://mend.io
- **Year Founded:** 2011
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @Mend_io (11,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (257 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 37% Small-Business, 34% Mid-Market


#### What Are Mend.io's Pros and Cons?

**Pros:**

- Scanning Efficiency (8 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (6 reviews)
- Scanning Technology (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Integration Issues (6 reviews)
- Limited Features (3 reviews)
- Missing Features (3 reviews)
- Complex Implementation (2 reviews)
- Confusing Interface (2 reviews)


### What Do G2 Reviewers Say About Mend.io?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **scanning efficiency** of Mend.io, highlighting quick scans and detailed reporting for better management.
- Users find Mend.io to be an **easy-to-use** tool that enhances security and provides responsive support.
- Users value the **easy integrations** with source code repositories, enhancing security and simplifying their workflows.
- Users find Mend.io&#39;s **scanning technology highly effective** for comprehensive binary, source code, and container scans.
- Users value the **Vulnerability Detection** in Mend.io for its efficiency in identifying and prioritizing critical vulnerabilities quickly.

**Cons:**

- Users face **integration issues** with on-premise tools and experience difficulty getting features to work effectively.
- Users feel the **limited features** of Mend.io hinder integration and functionality, leading to additional workarounds.
- Users find the **missing features** in Mend.io limit functionality, requiring workarounds for integration and scanning processes.
- Users face **complex implementation** challenges with Mend.io, requiring extensive support and causing delays in integration.
- Users find the **confusing interface** of Mend.io awkward, especially when switching between different product portals.

#### What Are Recent G2 Reviews of Mend.io?

**"[Great Tool for Managing 3rd party libraries](https://www.g2.com/survey_responses/mend-io-review-6728890)"**

**Rating:** 4.5/5.0 stars
*— Johannes B.*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-6728890)

---

**"[Effortless Integration with Budget-Friendly Scanning](https://www.g2.com/survey_responses/mend-io-review-4261734)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-4261734)

---


#### What Are G2 Users Discussing About Mend.io?

- [What is your experience regarding pricing and costs for Mend.io, and how does it compare to other open-source security solutions?](https://www.g2.com/discussions/what-is-your-experience-regarding-pricing-and-costs-for-mend-io-and-how-does-it-compare-to-other-open-source-security-solutions)
- [What is Mend (formerly WhiteSource) used for?](https://www.g2.com/discussions/what-is-mend-formerly-whitesource-used-for)
- [What is white Source bolt?](https://www.g2.com/discussions/what-is-white-source-bolt)
- [What are SCA tools?](https://www.g2.com/discussions/what-are-sca-tools)
- [What is software composition analysis SCA?](https://www.g2.com/discussions/what-is-software-composition-analysis-sca)

### 13. [Whitespots Security Portal](https://www.g2.com/products/whitespots-security-portal/reviews)
Vulnerability management tool on steroids 📈 Measure and control your application security state; 🔎 Scan your code, containers, web and mobile applications using ANY tool; 🔥 Remove duplicates, validate results, comment merge requests and create Jira tasks in seconds; 🕜 Save your engineers time and automate your processes; ✅ Self-hosted


**Average Rating:** 5.0/5.0
**Total Reviews:** 10

**Who Is the Company Behind Whitespots Security Portal?**

- **Seller:** [Whitespots](https://www.g2.com/sellers/whitespots)
- **Year Founded:** 2020
- **HQ Location:** Tallinn, EE
- **LinkedIn® Page:** https://www.linkedin.com/company/whitespots/ (16 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 60% Mid-Market, 20% Enterprise


#### What Are Whitespots Security Portal's Pros and Cons?

**Pros:**

- Easy Setup (4 reviews)
- Features (4 reviews)
- Speed (4 reviews)
- User Interface (4 reviews)
- Vulnerability Detection (4 reviews)

**Cons:**

- Poor Analytics (1 reviews)
- Poor Documentation (1 reviews)
- UX Improvement (1 reviews)


### What Do G2 Reviewers Say About Whitespots Security Portal?
*AI-generated summary from verified user reviews*

**Pros:**

- Users love the **effortless setup** of Whitespots Security Portal, making it seamlessly integrate into daily workflows.
- Users value the **effortless integration** of Whitespots Security Portal into workflows, enhancing productivity and monitoring efficiency.
- Users love the **effortless speed** of Whitespots Security Portal, streamlining security processes with quick setup and automation.
- Users love the **intuitive UI** of Whitespots Security Portal, facilitating quick monitoring and efficient threat response.
- Users value the **effective vulnerability detection** of Whitespots, enhancing security and simplifying the monitoring process.

**Cons:**

- Users find the **analytics reports insufficient** , particularly when specific data for management is required.
- Users find the **poor documentation** challenging, causing delays in initial configuration and onboarding for advanced features.
- Users find the **interface not always user-friendly** , though issues are resolved upon request.

#### What Are Recent G2 Reviews of Whitespots Security Portal?

**"[Simple, Reliable for Everyday Security Needs](https://www.g2.com/survey_responses/whitespots-security-portal-review-11191394)"**

**Rating:** 5.0/5.0 stars
*— Daniil M.*

[Read full review](https://www.g2.com/survey_responses/whitespots-security-portal-review-11191394)

---

**"[A reliable and intuitive security management platform](https://www.g2.com/survey_responses/whitespots-security-portal-review-11178920)"**

**Rating:** 5.0/5.0 stars
*— Shohrukh A.*

[Read full review](https://www.g2.com/survey_responses/whitespots-security-portal-review-11178920)

---



### 14. [Flyingduck](https://www.g2.com/products/flyingduck/reviews)
Flyingduck is a Comprehensive Code security Intelligence platform that identifies and remediates security vulnerabilities in the code base. Key modules are SBOM Compliance, SCA, SAST, Secrets Analysis. We also identify Business Logic Issues in the code such as OTP Bypass, Transaction Manipulation type issues with our Deep Logic Analysis AI engine.


**Average Rating:** 5.0/5.0
**Total Reviews:** 4

**Who Is the Company Behind Flyingduck?**

- **Seller:** [Flyingduck](https://www.g2.com/sellers/flyingduck)
- **Year Founded:** 2024
- **HQ Location:** Hyderabad, IN
- **LinkedIn® Page:** https://www.linkedin.com/company/flyingduck-cyber-security-genai-shiftleftsecurity/ (11 employees on LinkedIn®)
- **Ownership:** Sarat Lingamallu
- **Phone:** +919550681242

**Who Uses This Product?**
- **Company Size:** 75% Mid-Market, 25% Small-Business



#### What Are Recent G2 Reviews of Flyingduck?

**"[Continuous Security Insights with Seamless CI/CD Integration](https://www.g2.com/survey_responses/flyingduck-review-12174073)"**

**Rating:** 5.0/5.0 stars
*— Naveen P.*

[Read full review](https://www.g2.com/survey_responses/flyingduck-review-12174073)

---

**"[Centralized Security Scans Made Effortless and Effective](https://www.g2.com/survey_responses/flyingduck-review-12081490)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/flyingduck-review-12081490)

---



### 15. [AccuKnox](https://www.g2.com/products/accuknox/reviews)
AccuKnox Zero Trust CNAPP cloud security protects public and private clouds, Kubernetes and VMs. AccuKnox is a AI-powered Zero Trust Cloud Native Security Platform that helps organizations comply with various frameworks and over 33+ compliance controls, including MITRE, NIST, STIG, CIS, PCI-DSS, GDPR, and SOC2. AccuKnox enhances InfraSec and DevSecOps teams by enabling them to detect, prioritize, prevent and protect against advanced and sophisticated cloud attacks. Key Benefits 1. Code to Cloud Security 2. Easy Deployment 3. Extensive Coverage. 4. Preemptive Attack Mitigation 5. Open Source and Innovative Key Differentiators - Inline Preemptive Security (as opposed to Post-attack mitigation) - Secures modern workloads (Kubernetes) and traditional workloads (VMs) - Multi-Cloud, Private, Air-gapped, and Hybrid Cloud Security - IaC – Infrastructure As Code scanning - Secures AI/ML workloads like Jupyter Notebooks Features - Automated Zero Trust Cloud Security (Public, Private, Hybrid, Air-gapped) - Vulnerability Management &amp; Prioritization - Run-time security, Micro-segmentation - Application Firewalling, Kernel Hardening - Drift Detection &amp; Audit Trail - Continuous Diagnostics &amp; Mitigation - GRC – CIS, HIPAA, GDPR, SOC2, STIG, MITRE, NIST - Securing Mission-Critical Workloads like Vault - Securing AI workbenches like Jupyter Notebooks - Cryptojacking and TNTBotinger Attacks With over 15+ patents, we&#39;re proud to offer an OpenSource, DevSecOps-led delivery model. To top it off, we have an ongoing R&amp;D partnership with the esteemed SRI International. We deliver both Static and Runtime Security, anchored on innovations in Cloud Security and AI/ML-based Anomaly Detection. Static Code Analysis - Deeply analyze your code for vulnerabilities and weaknesses. CI/CD Pipelines Scanning - Continuously scan your pipelines for security flaws and risks. Container Security - Fortify your containers with robust security measures. Kubernetes Orchestration - Seamlessly manage and secure your Kubernetes environments. Secret Scanning - Detect and protect sensitive information from unauthorized access.


**Average Rating:** 4.4/5.0
**Total Reviews:** 12

**Who Is the Company Behind AccuKnox?**

- **Seller:** [Accuknox](https://www.g2.com/sellers/accuknox)
- **Year Founded:** 2020
- **HQ Location:** California, USA
- **Twitter:** @AccuKnox (341 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/accuknox (180 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 46% Enterprise, 31% Mid-Market


#### What Are AccuKnox's Pros and Cons?

**Pros:**

- Comprehensive Security (5 reviews)
- Security (4 reviews)
- Cloud Integration (3 reviews)
- Compliance Management (3 reviews)
- Customer Support (3 reviews)

**Cons:**

- Difficult Learning (3 reviews)
- Complex Setup (2 reviews)
- Expensive (2 reviews)
- Poor Customer Support (2 reviews)
- Complexity (1 reviews)


### What Do G2 Reviewers Say About AccuKnox?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highly value the **comprehensive security** offered by AccuKnox, ensuring robust protection for their cloud environments.
- Users appreciate the **high security level** of AccuKnox, ensuring robust protection for their cloud workloads and tools.
- Users appreciate the **ease of integration with public cloud providers** for enhanced security and compliance.
- Users value the **holistic compliance management** offered by AccuKnox, enhancing security in cloud workloads effortlessly.
- Users highlight the **exceptional customer support** from AccuKnox, noting quick responses and in-depth technical knowledge.

**Cons:**

- Users find the **difficult learning curve** of AccuKnox challenging, especially with its complex on-premise implementation.
- Users find the **complex setup** challenging, particularly for those with limited security expertise and resources.
- Users find the solution to be **cost prohibitive** , making it a less accessible option for many.
- Users express frustration over **poor customer support** , citing slow responses and the need for repeated follow-ups.
- Users find the **setup and management complex** , particularly for those lacking security expertise, impacting overall usability.

#### What Are Recent G2 Reviews of AccuKnox?

**"[Having performed PoC with the product and involved with discussions with the team - excellent!](https://www.g2.com/survey_responses/accuknox-review-10934962)"**

**Rating:** 5.0/5.0 stars
*— Ashleigh W.*

[Read full review](https://www.g2.com/survey_responses/accuknox-review-10934962)

---

**"[Right set of Solution building blocks to address complex CloudSec challenges](https://www.g2.com/survey_responses/accuknox-review-10731493)"**

**Rating:** 5.0/5.0 stars
*— Dinakar R.*

[Read full review](https://www.g2.com/survey_responses/accuknox-review-10731493)

---



### 16. [ArmorCode Agentic AI Platform](https://www.g2.com/products/armorcode-agentic-ai-platform/reviews)
ArmorCode helps enterprises manage security risk and governance across today&#39;s heterogeneous technology environments. The ArmorCode Agentic AI Platform gives security teams a system of action – moving from fragmented signals to owned, policy-driven, auditable decisions. Its unified exposure management capabilities deliver visibility, insight, and control across four solutions: Application Security Posture Management, Vulnerability Management, Software Supply Chain Security, and AI Exposure Management. Processing over 200 billion findings a year across hundreds of native integrations, ArmorCode unifies, prioritizes, and drives remediation across applications, cloud, code, infrastructure, and AI. Powered by Anya, the industry&#39;s first agentic AI framework for enterprise security, ArmorCode is trusted by global enterprises to reduce exposure and adopt AI and modern software practices with confidence – without replacing existing tools or forcing vendor consolidation.


**Average Rating:** 4.1/5.0
**Total Reviews:** 4

**Who Is the Company Behind ArmorCode Agentic AI Platform?**

- **Seller:** [ArmorCode](https://www.g2.com/sellers/armorcode)
- **Year Founded:** 2020
- **HQ Location:** Palo Alto, California, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/armorcode (209 employees on LinkedIn®)
- **Ownership:** Dana Torgersen

**Who Uses This Product?**
- **Company Size:** 50% Mid-Market, 25% Enterprise


#### What Are ArmorCode Agentic AI Platform's Pros and Cons?

**Pros:**

- Easy Integrations (3 reviews)
- Cybersecurity (2 reviews)
- Integrations (2 reviews)
- Security (2 reviews)
- Vulnerability Identification (2 reviews)

**Cons:**

- Inadequate Reporting (2 reviews)
- Limited Customization (2 reviews)
- Needs Improvement (2 reviews)
- Reporting Issues (2 reviews)
- Information Management (1 reviews)


### What Do G2 Reviewers Say About ArmorCode Agentic AI Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highlight the **easy integrations** with various tools, facilitating streamlined vulnerability management across teams.
- Users highlight the **enhanced security and vulnerability management** offered by ArmorCode, streamlining processes effectively.
- Users value the **seamless integrations** with tools like JIRA and GitLab, enhancing security and vulnerability management.
- Users value the **security enhancements** of ArmorCode, simplifying vulnerability management from development to deployment.
- Users value the **effective vulnerability identification** in ArmorCode, simplifying management and enhancing security across their projects.

**Cons:**

- Users find the **inadequate reporting** limits customization and scalability, impacting their overall analytics experience.
- Users express concerns about the **limited customization** options in ArmorCode Agentic AI Platform, affecting functionality and reporting accuracy.
- Users find the **limited scalability and customization options** hinder their ability to fully utilize ArmorCode&#39;s features.
- Users find the **reporting issues** frustrating due to inaccuracies, limited customization, and poor analytics options.
- Users find that **data presentation requires significant time and effort** to effectively communicate organizational risks.

#### What Are Recent G2 Reviews of ArmorCode Agentic AI Platform?

**"[Strong Risk and Vulnerability Alignment with AI-Powered Prioritization](https://www.g2.com/survey_responses/armorcode-agentic-ai-platform-review-13022421)"**

**Rating:** 4.5/5.0 stars
*— Bobby B.*

[Read full review](https://www.g2.com/survey_responses/armorcode-agentic-ai-platform-review-13022421)

---

**"[Amazing platform for managing appsec and infrastructure vulnerablities](https://www.g2.com/survey_responses/armorcode-agentic-ai-platform-review-7708818)"**

**Rating:** 5.0/5.0 stars
*— Lucas L.*

[Read full review](https://www.g2.com/survey_responses/armorcode-agentic-ai-platform-review-7708818)

---



### 17. [Arnica](https://www.g2.com/products/arnica/reviews)
Arnica is a comprehensive application security posture management (ASPM) platform that protects developers, source code, and products throughout the software development lifecycle. The platform provides real-time application security scanning with 100% coverage across the software supply chain, addressing risks in Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC), hardcoded secrets detection, and more. At its core, Arnica offers AI-native security governance that takes control of AI-generated code through advanced AI SAST scanning and agentic rules enforcement. The platform automatically injects centrally-controlled security requirements into AI coding agents like Copilot, Cursor, and Claude at the point of code generation, ensuring every line of AI-written code is secure by default before vulnerabilities reach production. This approach addresses 92% of risks before they ever reach production environments. Arnica&#39;s pipelineless architecture provides automatic coverage for every repository without requiring CI/CD pipeline integrations or IDE deployments. The platform scans every code change at the feature branch level, delivering developer-native workflows that keep teams focused on building features rather than chasing security issues. Risk prioritization is enhanced through OWASP Top 10, CVSS, EPSS, and KEV scoring, combined with organizational context to surface the most critical vulnerabilities. The platform excels in developer experience by delivering security findings directly within existing workflows through Slack, Microsoft Teams, pull request comments, and automated ticket management in Jira and Azure DevOps Boards. AI-powered mitigation suggestions provide context-aware, automated fixes that align with organizational coding standards, significantly reducing mean-time-to-remediation. Key security capabilities include real-time secrets detection with automatic validation and mitigation, comprehensive container scanning that maps vulnerabilities directly to source code, and intelligent dependency management with automated SCA upgrades. The platform maintains SOC 2 Type 2 compliance and ISO 27001 certification, ensuring enterprise-grade security standards. Arnica&#39;s unique value proposition lies in its ability to scale security across entire organizations while maintaining development velocity, providing complete visibility into code risks, and enabling proactive security measures that prevent vulnerabilities from reaching production environments.


**Average Rating:** 4.9/5.0
**Total Reviews:** 8

**Who Is the Company Behind Arnica?**

- **Seller:** [Arnica](https://www.g2.com/sellers/arnica)
- **Company Website:** https://www.arnica.io
- **Year Founded:** 2021
- **HQ Location:** Alpharetta, Georgia
- **Twitter:** @arnicaio (124 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/arnica-io/about (60 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 63% Enterprise, 25% Small-Business


#### What Are Arnica's Pros and Cons?

**Pros:**

- Accuracy of Findings (1 reviews)
- Actionable Recommendations (1 reviews)
- Ease of Use (1 reviews)
- Easy Setup (1 reviews)
- Remediation Solutions (1 reviews)

**Cons:**

- Paid Features (1 reviews)


### What Do G2 Reviewers Say About Arnica?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of findings** from Arnica, effectively identifying unused elevated privileges to enhance security.
- Users value Arnica for its **actionable recommendations** that effectively reduce security risks and over-provisioning in code repositories.
- Users appreciate the **easy setup and administration** of Arnica, enjoying a quick and hassle-free experience.
- Users love the **easy setup** of Arnica, appreciating the time saved during administration and configuration.
- Users value Arnica for its ability to **simplify remediation of over-provisioning** , enhancing security and reducing risks effectively.

**Cons:**

- Users note that the **full feature set is limited** to GitHub Enterprise, leaving smaller teams without essential protections.

#### What Are Recent G2 Reviews of Arnica?

**"[Intuitive Dashboards and AI That Finds Real Issues](https://www.g2.com/survey_responses/arnica-review-12972680)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/arnica-review-12972680)

---

**"[Developer-friendly AppSec with a flexible policy engine](https://www.g2.com/survey_responses/arnica-review-12962349)"**

**Rating:** 5.0/5.0 stars
*— Thomas G.*

[Read full review](https://www.g2.com/survey_responses/arnica-review-12962349)

---


#### What Are G2 Users Discussing About Arnica?

- [What is Arnica used for?](https://www.g2.com/discussions/what-is-arnica-used-for)

### 18. [Apiiro](https://www.g2.com/products/apiiro/reviews)
Apiiro is the leader in application security posture management (ASPM), unifying risk visibility, prioritization, and remediation with deep code analysis and runtime context. Get complete application and risk visibility: Apiiro takes a deep, code-based approach to ASPM. Its Cloud Application Security Platform analyzes source code and pulls in runtime context to build a continuous, graph-based inventory of application and software supply chain components. Prioritize with code-to-runtime context: With its proprietary Risk Graph™️, Apiiro contextualizes security alerts from third-party tools and native security solutions based on the likelihood and impact of risk to uniquely minimize alert backlogs and triage time by 95%. Fix faster and prevent risks that matter: By tying risks to code owners, providing LLM-enriched remediation guidance, and embedding risk-based guardrails directly into developer tools and workflows, Apiiro improves remediation times (MTTR) by up to 85%. Apiiro&#39;s native security solutions include API security testing in code, secrets detection and validation, software bill of materials (SBOM) generation, sensitive data exposure prevention, software composition analysis (SCA), and CI/CD and SCM security.


**Average Rating:** 4.8/5.0
**Total Reviews:** 2

**Who Is the Company Behind Apiiro?**

- **Seller:** [Apiiro](https://www.g2.com/sellers/apiiro)
- **Year Founded:** 2019
- **HQ Location:** New York, New York, United States
- **Twitter:** @apiiroSecurity (7,397 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/apiiro (120 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market



#### What Are Recent G2 Reviews of Apiiro?

**"[Great repo centric risk management and interrogation layer](https://www.g2.com/survey_responses/apiiro-review-5475193)"**

**Rating:** 4.5/5.0 stars
*— Adam S.*

[Read full review](https://www.g2.com/survey_responses/apiiro-review-5475193)

---

**"[Awesome overall application security solution that just keeps getting better!](https://www.g2.com/survey_responses/apiiro-review-4945784)"**

**Rating:** 5.0/5.0 stars
*— Roy A.*

[Read full review](https://www.g2.com/survey_responses/apiiro-review-4945784)

---


#### What Are G2 Users Discussing About Apiiro?

- [What is Apiiro used for?](https://www.g2.com/discussions/what-is-apiiro-used-for)

### 19. [Snyk Apprisk](https://www.g2.com/products/snyk-apprisk/reviews)
Snyk AppRisk is a product offered by Snyk that enables Application Security teams to implement, manage, and scale a modern, high-performing, developer security program.


**Average Rating:** 4.3/5.0
**Total Reviews:** 2

**Who Is the Company Behind Snyk Apprisk?**

- **Seller:** [Snyk](https://www.g2.com/sellers/snyk)
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @snyksec (21,057 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/10043614/ (1,370 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market



#### What Are Recent G2 Reviews of Snyk Apprisk?

**"[It was a great experience using Snyk Apprisk, I was able to pritotize what, when](https://www.g2.com/survey_responses/snyk-apprisk-review-10364161)"**

**Rating:** 4.5/5.0 stars
*— Danwand N.*

[Read full review](https://www.g2.com/survey_responses/snyk-apprisk-review-10364161)

---

**"[Prioritize vulnerabilities based on their actual impact](https://www.g2.com/survey_responses/snyk-apprisk-review-10355383)"**

**Rating:** 4.0/5.0 stars
*— Dinh Q.*

[Read full review](https://www.g2.com/survey_responses/snyk-apprisk-review-10355383)

---



### 20. [Cycode](https://www.g2.com/products/cycode/reviews)
Cycode’s AI-Native Application Security Platform unites security and development teams with actionable context from code to runtime to identify, prioritize, and fix the software risks that matter. Powered by proprietary scanners, third-party integrations, and the Context Intelligence Graph (CIG), Cycode delivers unified, correlated insight across the Software Factory. Its unique ability to sense, reason, and act with context in the AI-Era comes from its foundational convergence of AST, ASPM, and Software Supply Chain Security—purpose-built to secure both AI- and human-generated code.


**Average Rating:** 4.0/5.0
**Total Reviews:** 2

**Who Is the Company Behind Cycode?**

- **Seller:** [Cycode](https://www.g2.com/sellers/cycode)
- **Year Founded:** 2019
- **HQ Location:** New York, New York, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/cycode (159 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 67% Mid-Market, 33% Enterprise



#### What Are Recent G2 Reviews of Cycode?

**"[Totally impressed with cycode](https://www.g2.com/survey_responses/cycode-review-9567648)"**

**Rating:** 4.0/5.0 stars
*— J P.*

[Read full review](https://www.g2.com/survey_responses/cycode-review-9567648)

---

**"[Cycode abilities](https://www.g2.com/survey_responses/cycode-review-7475976)"**

**Rating:** 4.0/5.0 stars
*— Sachin P.*

[Read full review](https://www.g2.com/survey_responses/cycode-review-7475976)

---



### 21. [Fluid Attacks](https://www.g2.com/products/fluid-attacks/reviews)
Implement Fluid Attacks&#39; comprehensive, AI-powered solution into your SDLC and develop secure software without delays. As an all-in-one solution, Fluid Attacks accurately finds and helps you remediate vulnerabilities throughout the SDLC and ensures secure software development. The solution integrates its AI, automated tool, and team of pentesters to perform SAST, SCA, DAST, CSPM, SCR, PtaaS and RE to help you improve your security posture. This way, Fluid Attacks delivers accurate knowledge of the security status of your application. This means security goes alongside innovation without hindering your speed. Fluid Attacks provides you with expert knowledge about vulnerabilities and support options that enable you to remediate the security issues in your application.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1

**Who Is the Company Behind Fluid Attacks?**

- **Seller:** [Fluid Attacks](https://www.g2.com/sellers/fluid-attacks)
- **Year Founded:** 2001
- **HQ Location:** San Francisco, US
- **LinkedIn® Page:** https://www.linkedin.com/company/fluidattacks/ (136 employees on LinkedIn®)
- **Phone:** +14154042154

**Who Uses This Product?**
- **Company Size:** 100% Enterprise



#### What Are Recent G2 Reviews of Fluid Attacks?

**"[Easy integration with the ecosystem and very good support](https://www.g2.com/survey_responses/fluid-attacks-review-13078718)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Banking*

[Read full review](https://www.g2.com/survey_responses/fluid-attacks-review-13078718)

---



### 22. [Phoenix Security](https://www.g2.com/products/phoenix-security/reviews)
Phoenix Security is a Contextual ASPM focused on product security. It combines risk-based Vulnerability Management, Application Security Posture Management, and Cloud into a risk and remediation-first platform. Phoenix was founded by the team running Application security and Cloud security posture for HSBC. What sets Phoenix apart is the risk-based quantitative view, the level of customization, and the scanning code to cloud vulnerabilities. Phoenix security utilizes threat intelligence, dependency analysis, and cloud analysis to detect which category of vulnerabilities needs to be addressed and minimize the false positives.


**Average Rating:** 5.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind Phoenix Security?**

- **Seller:** [Phoenix Security](https://www.g2.com/sellers/phoenix-security)
- **Year Founded:** 2021
- **HQ Location:** London, GB
- **Twitter:** @sec_phoenix (268 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/phoenixsecuritycloud (19 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of Phoenix Security?

**"[Phoenix security help organization prioritize and contextualize vulnerabilities software](https://www.g2.com/survey_responses/phoenix-security-review-9533543)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/phoenix-security-review-9533543)

---



### 23. [Plexicus](https://www.g2.com/products/plexicus/reviews)
Plexicus is the AI-native Application Security Posture Management (ASPM) platform with built-in Vibe Coding Security — purpose-built for the era of AI-assisted development. As developers ship more code, faster, with AI assistants like Cursor, Claude Code, Copilot, Windsurf, Devin, Replit, Zed, and VS Code, the volume of vulnerable code is outpacing every traditional AppSec tool. Plexicus closes that gap by replacing alert-only scanners with an autonomous remediation loop that detects, prioritizes, and fixes risks directly in the developer&#39;s Git workflow. Unlike fragmented point solutions that drown DevSecOps teams in findings, Plexicus unifies the full application risk surface — SAST, SCA, secrets, IaC, container, and AI-specific threats — and resolves them with proprietary GenAI agents that open the pull request to fix the code. The Plexicus Platform includes: 1. AI-Native ASPM — Correlates findings across SAST, SCA, secrets, IaC, and container scanners into a single prioritized risk view, then generates the PR that fixes the underlying issue. No more triage backlogs, no more swivel-chair between tools. 2. Vibe Coding Security — The industry&#39;s first security layer designed specifically for AI-generated code, with five capabilities: - IDE Guardrail — real-time security feedback inside Cursor, Claude Code, Copilot, Windsurf, and other AI coding tools. - MCP Security Scanner — protects Model Context Protocol integrations from prompt injection and tool abuse. - Hallucination &amp; Slopsquatting Detector — catches non-existent or malicious packages invented by AI assistants. - Authz &amp; Business-Logic Analyzer — surfaces the access-control and logic flaws that pattern-based scanners miss. - AI Provenance &amp; AIBOM — tracks which code came from which AI tool, with full attestation for audits. 3. Compliance-grade evidence — SOC 2 Type II, NIS2, DORA Art. 28, CRA, and EU AI Act evidence packs out of the box. On the CPSTIC pathway. EU data residency by default. Key differentiator: automated remediation, not just visibility. While other AppSec tools focus on finding vulnerabilities, Plexicus focuses on resolving them. Proprietary GenAI remediation agents reduce Mean Time to Remediation (MTTR) by up to 90%, freeing DevSecOps teams from alert fatigue and letting AI-accelerated dev teams ship securely at the speed they actually code. Secure the vibe, patch the legacy. Visit https://www.plexicus.ai/ for more information.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1

**Who Is the Company Behind Plexicus?**

- **Seller:** [PLEXICUS](https://www.g2.com/sellers/plexicus)
- **Year Founded:** 2025
- **HQ Location:** Bilbao, ES
- **LinkedIn® Page:** https://www.linkedin.com/company/plexicus/ (10 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market



#### What Are Recent G2 Reviews of Plexicus?

**"[Feels Like a Sleepless Sixth Engineer](https://www.g2.com/survey_responses/plexicus-review-11082798)"**

**Rating:** 4.5/5.0 stars
*— John S.*

[Read full review](https://www.g2.com/survey_responses/plexicus-review-11082798)

---



### 24. [Xygeni](https://www.g2.com/products/xygeni/reviews)
Secure your Software Development and Delivery! Xygeni Security specializes in Application Security Posture Management (ASPM), using deep contextual insights to effectively prioritize and manage security risks while minimizing noise and overwhelming alerts. Our innovative technologies automatically detect malicious code in real-time upon new and updated components publication, immediately notifying customers and quarantining affected components to prevent potential breaches. With extensive coverage spanning the entire Software Supply Chain—including Open Source components, CI/CD processes and infrastructure, Anomaly detection, Secret leakage, Infrastructure as Code (IaC), and Container security—Xygeni ensures robust protection for your software applications. Trust Xygeni to protect your operations and empower your team to build and deliver with integrity and security.


**Average Rating:** 4.6/5.0
**Total Reviews:** 4

**Who Is the Company Behind Xygeni?**

- **Seller:** [Xygeni Security](https://www.g2.com/sellers/xygeni-security)
- **Year Founded:** 2021
- **HQ Location:** Madrid, ES
- **Twitter:** @xygeni (178 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/xygeni/ (30 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 60% Small-Business, 40% Mid-Market


#### What Are Xygeni's Pros and Cons?

**Pros:**

- Comprehensive Security (2 reviews)
- Prioritization (2 reviews)
- Risk Management (2 reviews)
- Security (2 reviews)
- Cloud Integration (1 reviews)

**Cons:**

- Difficult Setup (1 reviews)
- Learning Curve (1 reviews)


### What Do G2 Reviewers Say About Xygeni?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend the **comprehensive security** of Xygeni, enhancing their development process with effective risk management and compliance.
- Users value Xygeni&#39;s **contextual risk prioritization** , empowering teams to focus on critical security issues effectively.
- Users highlight the **advanced risk management capabilities** of Xygeni, effectively identifying and prioritizing security vulnerabilities.
- Users value the **robust security features** of Xygeni, enabling proactive threat management and compliance automation in development.
- Users value the **seamless CI/CD integration** of Xygeni, enhancing security while maintaining efficient development processes.

**Cons:**

- Users experience **difficult setup** with Xygeni, as certain edge cases complicate the integration with CI/CD pipelines.
- Users note a **steep learning curve** for first-time users, requiring familiarity with AppSec best practices.

#### What Are Recent G2 Reviews of Xygeni?

**"[The essential tool for proactive security and confident development](https://www.g2.com/survey_responses/xygeni-review-11393516)"**

**Rating:** 4.5/5.0 stars
*— Marcos C.*

[Read full review](https://www.g2.com/survey_responses/xygeni-review-11393516)

---

**"[Revolutionized Our Security Workflow with Unified, AI-Driven Efficiency](https://www.g2.com/survey_responses/xygeni-review-11998435)"**

**Rating:** 5.0/5.0 stars
*— Yerassyl K.*

[Read full review](https://www.g2.com/survey_responses/xygeni-review-11998435)

---



### 25. [Bionic](https://www.g2.com/products/bionic-bionic/reviews)
Bionic is an agentless Application Security Posture Management (ASPM) platform that provides unique visibility into the security, data privacy, and operational risk of applications running in production at scale. Bionic operates continuously and in real-time at the speed of CI/CD so that no application change, drift, or risk goes unnoticed by security, DevOps, and engineering teams. Bionic is the only solution that provides customers with a complete security posture of their applications, services, dependencies, APIs, and data flows within hybrid cloud production environments.



**Who Is the Company Behind Bionic?**

- **Seller:** [Bionic](https://www.g2.com/sellers/bionic)
- **Year Founded:** 2011
- **HQ Location:** Remote, Oregon, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/crowdstrike (10,347 employees on LinkedIn®)







## What Is Application Security Posture Management (ASPM) Software?

[Cloud Security Software](https://www.g2.com/categories/cloud-security)

## What Software Categories Are Similar to Application Security Posture Management (ASPM) Software?

- [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner)
- [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast)
- [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)



