# Best Software Supply Chain Security Solutions

*By [Adam Crivello](https://research.g2.com/insights/author/adam-crivello)*


Software supply chain security tools provide automated and continuous monitoring of the various components and stages of the software development process. This includes analyzing the source code, identifying potential security risks, scanning for malicious code, and verifying the authenticity of third-party components and dependencies.

Software supply chain security refers to the process of securing the software development lifecycle from start to finish. It involves safeguarding against any potential vulnerabilities or threats to the software supply chain that could compromise the integrity of the software.

These tools can also detect any attempts to tamper with the software during the development or deployment stages. They help ensure that only trusted and validated software components are included in the final product, thereby minimizing the risk of introducing any vulnerabilities or malware into the software supply chain. Software supply chain security solutions are often used alongside tools such as [static code analysis tools](https://www.g2.com/categories/static-code-analysis) to seek out and protect against potential vulnerabilities.

To qualify for inclusion in the Software Supply Chain Security category, a product must:

- Provide automated and continuous monitoring of various components of the development process
- Detect attempts to tamper with the software during the development or deployment stages
- Scan for malicious code and security risks
- Verify authenticity of third-party components






## G2 Grid® for Software Supply Chain Security Solutions
![G2 Grid® for Software Supply Chain Security Solutions plotting products by satisfaction and market presence](https://www.g2.com/categories/software-supply-chain-security-tools/grids.png?focus%5B%5D=1259627&focus%5B%5D=143017&focus%5B%5D=36094&focus%5B%5D=7362&focus%5B%5D=14032&focus%5B%5D=100655&focus%5B%5D=1312693&focus%5B%5D=108052)
Highlighted products: Aikido Security, JFrog, Snyk, Veracode Application Security Platform, Mend.io, Harness Platform, OX Security, and Sonatype Nexus Repository.
Underlying data: [Grid® JSON](https://www.g2.com/categories/software-supply-chain-security-tools/grids.json?focus%5B%5D=aikido-security&amp;focus%5B%5D=jfrog-2024-03-28&amp;focus%5B%5D=snyk&amp;focus%5B%5D=veracode-application-security-platform&amp;focus%5B%5D=mend-io&amp;focus%5B%5D=harness-platform&amp;focus%5B%5D=ox-security&amp;focus%5B%5D=sonatype-nexus-repository)


## How Many Software Supply Chain Security Solutions Products Does G2 Track?
**Total Products under this Category:** 42

### Category Stats (Jul 2026)
- **Average Rating**: 4.48/5 (↓0.01 vs Jun 2026) The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Arnica (+0.37%) - Among all products in this category, Arnica recorded the largest rating increase compared to last month
*Last updated: July 18, 2026*


## How Does G2 Rank Software Supply Chain Security Solutions Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 1,300+ Authentic Reviews
- 42+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Software Supply Chain Security Solutions Is Best for Your Use Case?

- **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Highest Performer:** [OX Security](https://www.g2.com/products/ox-security/reviews)
- **Easiest to Use:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)


---

**Sponsored**

### Jscrambler

Jscrambler is the leader in Client-Side Security for the modern, composable web. As organizations increasingly build digital experiences through third-party software supply chains and AI-powered agents, sensitive data is now created directly in the browser — the point of creation for digital interactions — making it one of the enterprise’s most privileged yet least governed attack surfaces. Jscrambler’s Client-Side Security Platform is powered by a Behavioral Enforcement Core that governs how application code, third-party scripts, and sensitive data behave at runtime. By enforcing software integrity and data governance directly in the browser, the platform ensures sensitive data and AI inputs are controlled according to enterprise policy at the point of creation — before they leave the client environment. Trusted by leading global retailers, airlines, financial services providers, and healthcare organizations, Jscrambler provides the visibility and enforcement organizations need to stop client-side attacks, prevent data leakage, and maintain compliance with regulations including PCI DSS, GDPR, HIPAA, CCPA, and the EU AI Act.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=paid_promo&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1006186&amp;secure%5Bchosen_at%5D=2026-07-18T18%3A24%3A11Z&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=5391&amp;secure%5Bresource_id%5D=1006186&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fsoftware-supply-chain-security-tools%3Fopen_modal_url%3D%252Fproducts%252Ftraceable-ai%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fsoftware-supply-chain-security-tools%2526source%253Dcategory&amp;secure%5Btoken%5D=024897ad5993cad0e81abdd62b8f6df94bdbab8dca16a27773bd71744f493a9e&amp;secure%5Burl%5D=https%3A%2F%2Fjscrambler.com%2Frequest-demo%3Futm_source%3DG2%26utm_medium%3Dpromotional-ads%26utm_campaign%3DG2&amp;secure%5Burl_type%5D=paid_promos)

---

## What Are the Top-Rated Software Supply Chain Security Solutions Products in 2026?
### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.


**Average Rating:** 4.6/5.0
**Total Reviews:** 224

**Who Is the Company Behind Aikido Security?**

- **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security)
- **Company Website:** https://aikido.dev
- **Year Founded:** 2022
- **HQ Location:** Ghent, Belgium
- **Twitter:** @AikidoSecurity (11,770 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Founder, CTO
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 78% Small-Business, 14% Mid-Market


#### What Are Aikido Security's Pros and Cons?

**Pros:**

- Ease of Use (78 reviews)
- Security (55 reviews)
- Features (52 reviews)
- Easy Integrations (47 reviews)
- Easy Setup (47 reviews)

**Cons:**

- Missing Features (19 reviews)
- Expensive (17 reviews)
- Limited Features (16 reviews)
- Pricing Issues (15 reviews)
- Lacking Features (14 reviews)


### What Do G2 Reviewers Say About Aikido Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Aikido Security, benefiting from its clear, actionable insights and seamless integration.
- Users praise Aikido Security for its **fast and user-friendly identification of security issues** in codebases, enhancing development practices.
- Users appreciate the **robust features of Aikido Security** , valuing its usability and effectiveness in enhancing security workflows.
- Users value the **easy integrations** with GitLab, allowing for quick start and effective tracking of security issues.
- Users commend the **easy setup** of Aikido Security, simplifying integration and enhancing their security workflow significantly.

**Cons:**

- Users note the **missing features** in Aikido Security, wishing for more integration and advanced configuration options.
- Users find the **pricing excessive** , particularly for startups, despite acknowledging the product&#39;s value.
- Users find Aikido Security has **limited features** , particularly in advanced customization and reporting for complex environments.
- Users find the **entry-level pricing** of Aikido Security too high for startups, limiting adoption and experimentation.
- Users are frustrated by the **lack of features** , especially with local scanning and branch handling limitations.

#### What Are Recent G2 Reviews of Aikido Security?

**"[Seamless GitHub Integration with Solid Security Findings and Smart False-Positive Analysis](https://www.g2.com/survey_responses/aikido-security-review-13109689)"**

**Rating:** 4.5/5.0 stars
*— Jordan B.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13109689)

---

**"[Enterprise Security Without an Enterprise Security Team](https://www.g2.com/survey_responses/aikido-security-review-13108704)"**

**Rating:** 4.0/5.0 stars
*— Ian M.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13108704)

---



### 2. [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews)
JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps, DevGovOps and MLOps platform, is on a mission to create a world of software delivered without friction from development to production. Driven by a “Liquid Software” vision to keep software continuously flowing, secure, and always up to date, the JFrog Platform serves as the definitive software supply chain system of record. It is uniquely engineered to power organizations as they build, manage, and distribute trusted software with unprecedented speed, security, and scale across hybrid and multi-cloud environments. As software engineering evolves in the AI era, JFrog’s newest offerings address the industry&#39;s most pressing trend: the rise of agentic software development and the hidden security risks of &quot;Shadow AI.&quot; In response to threat actors increasingly targeting developer workflows including a massive surge in malicious open-source AI models and infected packages; JFrog has expanded its platform capabilities to deliver absolute end-to-end visibility and automated compliance. Key new innovations include the JFrog AI Catalog, which enables organizations to centralize, govern, and control the lifecycle of AI models approved for enterprise use. To secure autonomous coding environments, JFrog introduced the Universal MCP Registry and the Agent Skills Registry (developed alongside NVIDIA). These new solutions establish the industry’s first enterprise-grade trust layer to safely manage and store AI agent skills, monitor connections, and instantly block unsafe developer tools or malicious coding extensions right where developers work. Furthermore, the integration of advanced DevGovOps and Runtime Security tools allows teams to replace slow, manual compliance audits with continuous, background policy enforcement. By shifting security left directly into the binary pipeline, JFrog ensures that the volume of AI-assisted code does not outpace an organization&#39;s ability to verify its safety. Today, millions of users and approximately 6,600 organizations worldwide, including a majority of the Fortune 100, depend on the universal JFrog Platform to eliminate point-solution fatigue, bridge the governance gap, and securely embrace digital transformation. Learn more at www.jfrog.com or follow us on X @JFrog.


**Average Rating:** 4.2/5.0
**Total Reviews:** 146

**Who Is the Company Behind JFrog?**

- **Seller:** [JFrog Ltd](https://www.g2.com/sellers/jfrog-ltd)
- **Company Website:** https://jfrog.com
- **Year Founded:** 2008
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @jfrog (23,186 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jfrog-ltd/ (2,364 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 50% Enterprise, 31% Mid-Market


#### What Are JFrog's Pros and Cons?

**Pros:**

- Features (18 reviews)
- Repository Management (14 reviews)
- Deployment (13 reviews)
- Integrations (12 reviews)
- Easy Integrations (11 reviews)

**Cons:**

- Complexity (9 reviews)
- Expensive (8 reviews)
- Learning Curve (8 reviews)
- Difficult Learning (7 reviews)
- Learning Difficulty (7 reviews)


### What Do G2 Reviewers Say About JFrog?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **comprehensive integration and multi-format support** of JFrog, streamlining their DevOps processes effectively.
- Users appreciate JFrog&#39;s **centralized artifact management** , enhancing efficiency in storing and tracking components across environments.
- Users value the **seamless deployment integration** of JFrog, enhancing CI/CD pipelines and security management effectively.
- Users value the **seamless integrations** of JFrog, enhancing their CI/CD processes across various package formats.
- Users value the **easy integrations** of JFrog with various tools, enhancing their CI/CD workflows seamlessly.

**Cons:**

- Users find JFrog&#39;s platform to be **overly complex** , requiring significant training to navigate its extensive features effectively.
- Users find JFrog to be **expensive** , with costs posing challenges for smaller teams and individual developers.
- Users often face a **steep learning curve** with JFrog, requiring significant time to master its complexity.
- Users find the **difficult learning curve** of JFrog requires extensive training to navigate its complex features effectively.
- Users find JFrog to have a **steep learning curve** , requiring significant time and effort to reach proficiency.

#### What Are Recent G2 Reviews of JFrog?

**"[JFrog Simplifies Artifact Management for Organized, Reliable Deployments](https://www.g2.com/survey_responses/jfrog-review-12870354)"**

**Rating:** 4.5/5.0 stars
*— Subhashree S.*

[Read full review](https://www.g2.com/survey_responses/jfrog-review-12870354)

---

**"[Efficient, Scalable Artifact Management That Streamlines the Software Delivery Lifecycle](https://www.g2.com/survey_responses/jfrog-review-12788318)"**

**Rating:** 4.0/5.0 stars
*— Arkajit D.*

[Read full review](https://www.g2.com/survey_responses/jfrog-review-12788318)

---


#### What Are G2 Users Discussing About JFrog?

- [What are the benefits and challenges of using JFrog for managing your software supply chain?](https://www.g2.com/discussions/what-are-the-benefits-and-challenges-of-using-jfrog-for-managing-your-software-supply-chain)
- [What does Jfrog Platform do?](https://www.g2.com/discussions/what-does-jfrog-platform-do)
- [What is difference between JFrog and Nexus?](https://www.g2.com/discussions/what-is-difference-between-jfrog-and-nexus)
- [What is Artifactory software used for?](https://www.g2.com/discussions/what-is-artifactory-software-used-for)

### 3. [Snyk](https://www.g2.com/products/snyk/reviews)
Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer security solutions enable modern applications to be built securely, empowering developers to own and build security for the whole application, from code &amp; open source to containers &amp; cloud infrastructure. Secure while you code in your IDE: find issues quickly using the scanner, fix issues easily with remediation advice, verify the updated code. Integrate your source code repositories to secure applications: integrate a repository to find issues, prioritize with context, fix &amp; merge. Secure your containers as you build, throughout the SDLC: start fixing containers as soon as your write a Dockerfile, continuously monitor container images throughout their lifecycle, and prioritize with context. Secure build and deployment pipelines: Integrate natively with your CI/CD tool, configure your rules, find &amp; fix issues in your application, and monitor your applications. Secure your apps quickly with Snyk’s vulnerability scanning and automated fixes - Try for Free!


**Average Rating:** 4.5/5.0
**Total Reviews:** 135

**Who Is the Company Behind Snyk?**

- **Seller:** [Snyk](https://www.g2.com/sellers/snyk)
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @snyksec (21,057 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/10043614/ (1,370 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 44% Mid-Market, 35% Small-Business


#### What Are Snyk's Pros and Cons?

**Pros:**

- Vulnerability Detection (3 reviews)
- Vulnerability Identification (3 reviews)
- Easy Integrations (2 reviews)
- Easy Setup (2 reviews)
- Features (2 reviews)

**Cons:**

- False Positives (2 reviews)
- Poor Interface Design (2 reviews)
- Pricing Issues (2 reviews)
- Scanning Issues (2 reviews)
- Software Bugs (2 reviews)


### What Do G2 Reviewers Say About Snyk?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value Snyk&#39;s **rapid vulnerability detection** , enabling efficient identification and remediation in development environments.
- Users appreciate Snyk&#39;s **rapid vulnerability identification** , enhancing security through quick updates and effective integration.
- Users value the **easy integrations** of Snyk, enhancing workflow efficiency in CI/CD pipelines and GitHub.
- Users appreciate the **easy setup** of Snyk, enabling seamless integration with GitHub and efficient codebase scanning.
- Users commend Snyk for its **intuitive GUI and customizable organization structure** , enhancing vulnerability management and reporting efficiency.

**Cons:**

- Users experience **false positives** from Snyk, leading to confusion and slowing down the scanning process.
- Users feel the **poor interface design** of Snyk hinders usability, especially with the separate DAST interface.
- Users face **pricing issues** with Snyk, as the cost can be high for accessing all features.
- Users often face **scanning issues** such as false positives and slow scans, affecting overall efficiency and workflow.
- Users report **false positives** and slow scans in Snyk, affecting efficiency and integration with other tools.

#### What Are Recent G2 Reviews of Snyk?

**"[Seamless Dev-First Security with Fast Scans and Actionable Fixes](https://www.g2.com/survey_responses/snyk-review-12676270)"**

**Rating:** 4.5/5.0 stars
*— Prateek J.*

[Read full review](https://www.g2.com/survey_responses/snyk-review-12676270)

---

**"[Developer-Friendly Security with Clear, Automated Fixes](https://www.g2.com/survey_responses/snyk-review-12974957)"**

**Rating:** 4.5/5.0 stars
*— Hemanth K.*

[Read full review](https://www.g2.com/survey_responses/snyk-review-12974957)

---


#### What Are G2 Users Discussing About Snyk?

- [What is Snyk scanning?](https://www.g2.com/discussions/what-is-snyk-scanning) - 2 comments, 2 upvotes
- [Is Snyk a SaaS?](https://www.g2.com/discussions/is-snyk-a-saas) - 2 comments
- [How good is Snyk?](https://www.g2.com/discussions/how-good-is-snyk) - 2 comments
- [What is Snyk used for?](https://www.g2.com/discussions/what-is-snyk-used-for)

### 4. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews)
Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps.


**Average Rating:** 3.8/5.0
**Total Reviews:** 25

**Who Is the Company Behind Veracode Application Security Platform?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (502 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 69% Enterprise, 31% Mid-Market


#### What Are Veracode Application Security Platform's Pros and Cons?

**Pros:**

- Security (5 reviews)
- Vulnerability Detection (5 reviews)
- Automated Scanning (3 reviews)
- Detection (3 reviews)
- Ease of Use (3 reviews)

**Cons:**

- Expensive (2 reviews)
- Lack of Information (2 reviews)
- Licensing Issues (2 reviews)
- Poor Customer Support (2 reviews)
- Pricing Issues (2 reviews)


### What Do G2 Reviewers Say About Veracode Application Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **comprehensive security analysis** offered by Veracode, effectively addressing vulnerabilities and streamlining development.
- Users value Veracode for its **effective vulnerability detection** , ensuring high-security standards and seamless integration into development processes.
- Users appreciate the **automated scanning** feature of Veracode, which effectively identifies vulnerabilities and enhances security standards.
- Users value the **effective detection capabilities** of Veracode, enabling thorough security checks and vulnerability identification.
- Users value the **ease of use** of Veracode, benefiting from seamless integration and comprehensive security analysis.

**Cons:**

- Users find the platform to be **expensive** , with rising costs and unjustifiable investment in customer success packages.
- Users face a **lack of information** regarding features and services, leading to confusion and unmet expectations.
- Users express concerns about **licensing issues** , citing high costs, complex models, and unmet feature expectations.
- Users report **poor customer support** , experiencing pressure from sales and challenges with feature delivery and documentation.
- Users express concerns over **pricing issues** , citing increased costs, complex licensing, and pressure from sales executives.

#### What Are Recent G2 Reviews of Veracode Application Security Platform?

**"[Streamlined Security, Effortless Integration](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)"**

**Rating:** 5.0/5.0 stars
*— Bhanu Prakash M.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)

---

**"[Clear, Unified View of Application Capabilities](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)"**

**Rating:** 4.5/5.0 stars
*— Christopher S.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)

---


#### What Are G2 Users Discussing About Veracode Application Security Platform?

- [What is difference between veracode and SonarQube?](https://www.g2.com/discussions/what-is-difference-between-veracode-and-sonarqube)
- [What is veracode software composition analysis?](https://www.g2.com/discussions/what-is-veracode-software-composition-analysis)
- [What is veracode used for?](https://www.g2.com/discussions/what-is-veracode-used-for)
- [What is the veracode application security platform?](https://www.g2.com/discussions/what-is-the-veracode-application-security-platform)

### 5. [Mend.io](https://www.g2.com/products/mend-io/reviews)
Modern risk doesn&#39;t live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster.


**Average Rating:** 4.3/5.0
**Total Reviews:** 109

**Who Is the Company Behind Mend.io?**

- **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b)
- **Company Website:** https://mend.io
- **Year Founded:** 2011
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @Mend_io (11,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (257 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 37% Small-Business, 34% Mid-Market


#### What Are Mend.io's Pros and Cons?

**Pros:**

- Scanning Efficiency (8 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (6 reviews)
- Scanning Technology (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Integration Issues (6 reviews)
- Limited Features (3 reviews)
- Missing Features (3 reviews)
- Complex Implementation (2 reviews)
- Confusing Interface (2 reviews)


### What Do G2 Reviewers Say About Mend.io?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **scanning efficiency** of Mend.io, appreciating its quick and accurate results across multiple repositories.
- Users appreciate the **ease of use** of Mend.io, highlighting simple integration and efficient navigation to find vulnerabilities.
- Users appreciate the **easy integrations** of Mend.io, enabling efficient scanning and streamlined workflows across multiple repositories.
- Users appreciate the **quick and accurate scanning** capabilities of Mend.io, enhancing their development workflow and security.
- Users commend the **excellent automated vulnerability detection** in Mend.io, enhancing efficiency in their CI/CD processes.

**Cons:**

- Users struggle with **integration issues** , finding the setup process for tools like Jira and on-premise systems challenging.
- Users find **limited features** in Mend.io, struggling with functionality and integration challenges for various tools and cases.
- Users note that Mend.io lacks **essential features** , requiring additional tools and workarounds for effective integration.
- Users experience **complex implementation** with Mend.io, citing difficulties in integration and frequent false positives.
- Users find the **confusing interface** of Mend.io awkward, especially when switching between different product portals.

#### What Are Recent G2 Reviews of Mend.io?

**"[Great Tool for Managing 3rd party libraries](https://www.g2.com/survey_responses/mend-io-review-6728890)"**

**Rating:** 4.5/5.0 stars
*— Johannes B.*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-6728890)

---

**"[Effortless Integration with Budget-Friendly Scanning](https://www.g2.com/survey_responses/mend-io-review-4261734)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/mend-io-review-4261734)

---


#### What Are G2 Users Discussing About Mend.io?

- [What is your experience regarding pricing and costs for Mend.io, and how does it compare to other open-source security solutions?](https://www.g2.com/discussions/what-is-your-experience-regarding-pricing-and-costs-for-mend-io-and-how-does-it-compare-to-other-open-source-security-solutions)
- [What is Mend (formerly WhiteSource) used for?](https://www.g2.com/discussions/what-is-mend-formerly-whitesource-used-for)
- [What is white Source bolt?](https://www.g2.com/discussions/what-is-white-source-bolt)
- [What are SCA tools?](https://www.g2.com/discussions/what-are-sca-tools)
- [What is software composition analysis SCA?](https://www.g2.com/discussions/what-is-software-composition-analysis-sca)

### 6. [Harness Platform](https://www.g2.com/products/harness-platform/reviews)
Simplify your developer experience with the world&#39;s first AI-augmented software delivery platform. Upgrade your software delivery with Harness&#39; innovative CI/CD, Feature Flags, Infrastructure as Code Management, and Chaos Engineering tools. We are a software delivery platform that helps developers and infrastructure engineers build and ship code for cloud and on-premise projects. We automate the continuous integration and continuous delivery (CI/CD) process to help teams build faster, ship more frequently, and improve quality, efficiency, and governance. We help companies in four key areas: Number one, we accelerate innovation through DevOps modernization. We provide an approach for software delivery that automates processes, reduces manual interventions, consolidates tools, and accelerates time-to-market for new products, features, and fixes. Number two, we improve developer experience. We give you the ability to attract, retain, and onboard high-caliber engineering talent while fostering a culture of continuous innovation and improvement. Number three, we secure software delivery. We give you the ability to integrate security into every phase of the SDLC. And last but not least is, we optimize cloud costs. We give you the ability to eliminate waste and to ensure that appropriate cloud resources are allocated at the right place at the right time.


**Average Rating:** 4.6/5.0
**Total Reviews:** 300

**Who Is the Company Behind Harness Platform?**

- **Seller:** [Harness](https://www.g2.com/sellers/harness-25016f40-e80f-4417-bea8-39412055d17a)
- **Company Website:** https://harness.io/
- **Year Founded:** 2018
- **HQ Location:** San Francisco
- **Twitter:** @HarnessWealth (1,389 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/harnessinc/ (1,701 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 43% Enterprise, 38% Mid-Market


#### What Are Harness Platform's Pros and Cons?

**Pros:**

- Ease of Use (114 reviews)
- Features (73 reviews)
- Feature Flags (49 reviews)
- Easy Setup (40 reviews)
- Easy Integrations (31 reviews)

**Cons:**

- Missing Features (23 reviews)
- Limitations (20 reviews)
- Limited Features (20 reviews)
- Learning Curve (17 reviews)
- Poor UI (16 reviews)


### What Do G2 Reviewers Say About Harness Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Harness Platform, making implementation and configuration seamless and efficient.
- Users value the **ease of use and flexibility** in targeting features within the Harness Platform.
- Users appreciate the **user-friendly interface** of Harness Platform for easily managing and deploying feature flags.
- Users find the **easy setup** of Harness Platform quick and efficient, leading to immediate cost savings and satisfaction.
- Users value the **easy integrations** with SSO and tools that streamline software delivery on the Harness Platform.

**Cons:**

- Users note a **lack of multiple filters** in Harness Platform, limiting flexibility for advanced customization and usability.
- Users face **limitations in configuration management** , including issues with renaming and deleting toggles that complicate usability.
- Users note a **lack of multiple filters** and missing features in the Harness Platform, limiting its overall usability.
- Users find the **steep learning curve** challenging, particularly due to complicated settings and insufficient documentation.
- Users find the **UI complex and clunky** , which can complicate the overall user experience with the platform.

#### What Are Recent G2 Reviews of Harness Platform?

**"[Harness - World of automation](https://www.g2.com/survey_responses/harness-platform-review-11792426)"**

**Rating:** 4.5/5.0 stars
*— Sunil A.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11792426)

---

**"[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)"**

**Rating:** 5.0/5.0 stars
*— Satendra V.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11543262)

---


#### What Are G2 Users Discussing About Harness Platform?

- [What is Harness Continuous Delivery used for?](https://www.g2.com/discussions/what-is-harness-continuous-delivery-used-for) - 1 comment
- [What is Propelo used for?](https://www.g2.com/discussions/what-is-propelo-used-for)
- [What is Harness Cloud Cost Management used for?](https://www.g2.com/discussions/what-is-harness-cloud-cost-management-used-for)
- [What is the difference between harness and Jenkins?](https://www.g2.com/discussions/what-is-the-difference-between-harness-and-jenkins) - 1 comment
- [What is streaming Split IO?](https://www.g2.com/discussions/what-is-streaming-split-io) - 1 comment

### 7. [OX Security](https://www.g2.com/products/ox-security/reviews)
OX rewires your security program for the Mythos Age: the era where AI writes the code, chains the exploits, and moves faster than human-built defenses can track. OX is the unified Prompt to Runtime security platform. It moves your control surface upstream to the prompt, preventing and governing risk at the source instead of chasing it downstream in runtime. OX Mind and OX AI Context Lake connect AI-user governance, code security, cloud and runtime enforcement, and agentic pentesting into one system that shares context across the entire Agentic Development Lifecycle (ADLC), replacing fragmented point tools with a single platform. The platform runs on four connected pillars: OX VibeSec: Prevents unsafe AI decisions at the point of creation and governs every AI user in the organization, not just developers using coding assistants. Full visibility into which agents, MCPs, skills, and packages run, with what permissions, against what data. OX Code: Separates exploitable risk from theoretical noise using evidence from your actual deployment, threat model, and threat intelligence. OX Cloud: Prevents misconfigurations and enforces runtime boundaries that code and agents cannot cross, watching what actually runs in production. OX Agentic Pentester: Continuously simulates adversarial agent behavior to prove exploit paths back to their exact source, feeding what it finds back into OX VibeSec to sharpen governance. OX connects to your existing stack and traces every finding back to its origin (the prompt, the AI user, or the endpoint that created it), then fixes issues at the source rather than flagging them after the fact. For new deployments, OX consolidates governance, code security, cloud enforcement, and pentesting into one platform. For existing stacks, OX layers governance on top and makes current tools smarter through continuous learning, so the same issue never gets created twice. Visit https://ox.security for more information.


**Average Rating:** 4.8/5.0
**Total Reviews:** 51

**Who Is the Company Behind OX Security?**

- **Seller:** [OX Security](https://www.g2.com/sellers/ox-security)
- **Year Founded:** 2021
- **HQ Location:** New York, USA
- **LinkedIn® Page:** https://www.linkedin.com/company/ox-security/ (199 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Engineer
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 63% Mid-Market, 25% Enterprise


#### What Are OX Security's Pros and Cons?

**Pros:**

- Features (8 reviews)
- Collaboration (6 reviews)
- Customer Support (6 reviews)
- Easy Integrations (6 reviews)
- Speed (6 reviews)

**Cons:**

- Complexity (5 reviews)
- Overwhelming Interface (4 reviews)
- Complex Setup (3 reviews)
- Dashboard Issues (3 reviews)
- Difficult Learning (3 reviews)


### What Do G2 Reviewers Say About OX Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **intuitive dashboard and seamless integration** of OX Security, enhancing their security management and workflow efficiency.
- Users value the **seamless collaboration** enabled by OX Security, enhancing their focus on critical development tasks.
- Users commend the **responsive customer support** of OX Security, enhancing their overall operational efficiency and satisfaction.
- Users value the **seamless integrations** with existing tools, enhancing workflows and boosting overall development efficiency.
- Users appreciate the **speed** of OX Security, enabling faster remediation of vulnerabilities and cloud misconfigurations.

**Cons:**

- Users find the **complexity** of OX Security daunting, facing a steep learning curve and inadequate documentation.
- Users find the **interface overwhelming** , with a steep learning curve and insufficient documentation to guide new users.
- Users find the **complex setup** challenging, especially due to inadequate documentation and overwhelming UI for new users.
- Users find the **executive dashboard limiting** , impacting effective reporting on product security enhancements to management.
- Users find OX Security&#39;s **difficult learning curve** challenging, particularly due to its complex interface and lacking documentation.

#### What Are Recent G2 Reviews of OX Security?

**"[A powerful and comprehensive tool that meets most best practices for web app security testing](https://www.g2.com/survey_responses/ox-security-review-10961361)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Gambling &amp; Casinos*

[Read full review](https://www.g2.com/survey_responses/ox-security-review-10961361)

---

**"[A Transformative Game-Changer in Application Security Posture Management](https://www.g2.com/survey_responses/ox-security-review-10618682)"**

**Rating:** 5.0/5.0 stars
*— Dudi E.*

[Read full review](https://www.g2.com/survey_responses/ox-security-review-10618682)

---



### 8. [Sonatype Nexus Repository](https://www.g2.com/products/sonatype-nexus-repository/reviews)
World’s #1 Repository Manager with Free and Pro versions - Single source of truth for all of your components, binaries, and build artifacts. - Efficiently distribute parts and containers to developers. - Used by more than 5 million developers globally. Centralize Give your teams a single source of truth for every component they use. Store Optimize build performance and reliability by caching proxies of remote repositories. Adapt Deliver universal coverage for all major package types and formats Scale Install on an unlimited amount of servers for an unlimited amount of users. Universal Support for all Popular Build Tools Store and distribute Maven/Java, npm, NuGet, Helm, Docker, P2, OBR, APT, GO, R, Conan components and more. Manage components from dev through delivery: binaries, containers, assemblies, and finished goods. Awesome support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy. Compatible with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more. Enterprise Control of Binaries and Build Artifacts Deliver innovation 24x7x365 with high availability. A single source of truth for components used across your entire software development lifecycle including QA, staging, and operations. Easily integrate with existing user and access provisioning systems including LDAP, Atlassian Crowd, and more. SAML/SSO authentication for enhanced security and single sign-on experience. See the Health of Your Software Supply Chain Repository Health Check (RHC) provides up-to-date component intelligence, so your teams make informed decisions early on. View components in need of remediation, prioritized by the severity of vulnerability. Easily avoid known security and license issues for Maven/Java, npm, NuGet, and PyPI components. Modern Features for Continuous Innovation Deploy directly to a desired repository with your choice of build or deployment tool or directly via HTTP. Stage and manage releases with dedicated security and automated rule validation. Enhanced staging provides streamlined oversight and approval of workflows for release candidates. Share binaries, snapshots and releases between groups of developers or post a collection of related, staged artifacts which can be easily tested, promoted, or discarded.


**Average Rating:** 4.5/5.0
**Total Reviews:** 21

**Who Is the Company Behind Sonatype Nexus Repository?**

- **Seller:** [Sonatype](https://www.g2.com/sellers/sonatype)
- **Year Founded:** 2008
- **HQ Location:** Fulton, US
- **Twitter:** @sonatype (10,589 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/210324/ (551 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 43% Enterprise, 39% Mid-Market



#### What Are Recent G2 Reviews of Sonatype Nexus Repository?

**"[Perfect solution for artifact management](https://www.g2.com/survey_responses/sonatype-nexus-repository-review-9115886)"**

**Rating:** 4.0/5.0 stars
*— Juan Diego P.*

[Read full review](https://www.g2.com/survey_responses/sonatype-nexus-repository-review-9115886)

---

**"[Easy to use repository for sharing artifacts within team](https://www.g2.com/survey_responses/sonatype-nexus-repository-review-9407466)"**

**Rating:** 4.0/5.0 stars
*— Ardhiya C.*

[Read full review](https://www.g2.com/survey_responses/sonatype-nexus-repository-review-9407466)

---


#### What Are G2 Users Discussing About Sonatype Nexus Repository?

- [What does a repository manager do?](https://www.g2.com/discussions/nexus-repository-manager-what-does-a-repository-manager-do)
- [What does a repository manager do?](https://www.g2.com/discussions/what-does-a-repository-manager-do)
- [What is Nexus repository tool?](https://www.g2.com/discussions/what-is-nexus-repository-tool)
- [What is Nexus software used for?](https://www.g2.com/discussions/what-is-nexus-software-used-for) - 1 comment
- [What is Nexus repository manager used for?](https://www.g2.com/discussions/what-is-nexus-repository-manager-used-for)

### 9. [Jit](https://www.g2.com/products/jit/reviews)
Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit&#39;s AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit&#39;s platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​


**Average Rating:** 4.5/5.0
**Total Reviews:** 43

**Who Is the Company Behind Jit?**

- **Seller:** [jit](https://www.g2.com/sellers/jit)
- **Year Founded:** 2021
- **HQ Location:** Boston, MA
- **Twitter:** @jit_io (522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 44% Mid-Market, 42% Small-Business


#### What Are Jit's Pros and Cons?

**Pros:**

- Security (10 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (7 reviews)
- Efficiency (7 reviews)
- Automation (6 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Limited Features (4 reviews)
- Limited Integration (4 reviews)
- Poor Documentation (4 reviews)
- Complexity (3 reviews)


### What Do G2 Reviewers Say About Jit?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **seamless integration of security into development workflows** , highlighting efficiency and centralized management.
- Users find Jit to be **very easy to use** , streamlining integration of security into development workflows effectively.
- Users love the **easy integrations** of Jit, streamlining security within their development workflows effortlessly.
- Users appreciate the **efficiency** of Jit, which reduces waste and streamlines processes, enhancing overall productivity.
- Users value the **automation of security controls** in Jit, streamlining workflows and enhancing efficiency in development processes.

**Cons:**

- Users face **integration issues** with Jit, particularly in enterprise environments and with certain CI tools requiring extra setup.
- Users find the **limited features** of Jit restrict complex setups and hinder comprehensive analytics and reporting.
- Users feel the **limited integration** with enterprise environments restricts Jit&#39;s full potential and usability.
- Users find the **documentation lacking** , particularly for advanced configurations, impacting their overall experience with Jit.
- Users find the **complexity** of Jit challenging, particularly with advanced integrations and configuration for newcomers.

#### What Are Recent G2 Reviews of Jit?

**"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"**

**Rating:** 4.0/5.0 stars
*— Mohamed A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11751139)

---

**"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"**

**Rating:** 4.0/5.0 stars
*— Ali A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11750234)

---



### 10. [Finite State](https://www.g2.com/products/finite-state/reviews)
Finite State empowers device OEMs to ship securely while enabling engineering teams to move at the speed of AI, immediately transforming product artifacts into audit-ready assurance through a single automated workflow. Leveraging deep binary analysis and AI-native execution, the platform unifies code, compiled components, and firmware in minutes—connecting security design with deployed software. By continuously generating SBOMs, VEX, and signed compliance packages, Finite State enables connected device companies across industries such as medical devices and automotive to meet evolving regulations, including the EU Cyber Resilience Act (CRA), and deliver continuous compliance at speed. Learn more at https://finitestate.io/


**Average Rating:** 4.3/5.0
**Total Reviews:** 12

**Who Is the Company Behind Finite State?**

- **Seller:** [Finite State](https://www.g2.com/sellers/finite-state)
- **Company Website:** https://finitestate.io
- **Year Founded:** 2017
- **HQ Location:** Columbus, Ohio, United States
- **Twitter:** @FiniteStateInc (670 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/finitestate (78 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 50% Enterprise, 25% Mid-Market



#### What Are Recent G2 Reviews of Finite State?

**"[Deep Visibility Into Supply Chain Risks and CVEs—Boosting Product Security](https://www.g2.com/survey_responses/finite-state-review-12966722)"**

**Rating:** 5.0/5.0 stars
*— Suru S.*

[Read full review](https://www.g2.com/survey_responses/finite-state-review-12966722)

---

**"[Finite State Review: Firmware Security Simplified](https://www.g2.com/survey_responses/finite-state-review-12997919)"**

**Rating:** 5.0/5.0 stars
*— Prasanth B.*

[Read full review](https://www.g2.com/survey_responses/finite-state-review-12997919)

---



### 11. [SOOS](https://www.g2.com/products/soos/reviews)
SOOS is the complete application security posture management platform. Scan your software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate and manage Software Bill of Materials (SBOM), and fill out your compliance worksheets across all your teams. SOOS’s ASPM is a dynamic, comprehensive approach to safeguarding your application infrastructure from vulnerabilities across the Software Development Life Cycle (SDLC) and live deployments. Easy to integrate, all in one dashboard. SCA - Deep tree vulnerability scanning, license compliance, governance DAST - Automated Web &amp; API vulnerability scanning Containers - Scan contents for vulnerabilities SAST - Analyze code for security vulnerabilities IaC - Cloud security coverage SBOMs - Create – monitor – manage


**Average Rating:** 4.6/5.0
**Total Reviews:** 42

**Who Is the Company Behind SOOS?**

- **Seller:** [SOOS](https://www.g2.com/sellers/soos)
- **Year Founded:** 2019
- **HQ Location:** Winooski, US
- **Twitter:** @soostech (44 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/53122310 (24 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 50% Mid-Market, 43% Small-Business


#### What Are SOOS's Pros and Cons?

**Pros:**

- Ease of Use (9 reviews)
- Customer Support (5 reviews)
- Easy Integrations (5 reviews)
- Integrations (5 reviews)
- Easy Setup (4 reviews)

**Cons:**

- Lack of Guidance (3 reviews)
- Poor Reporting (3 reviews)
- Dashboard Issues (2 reviews)
- Inadequate Reporting (2 reviews)
- Lacking Features (2 reviews)


### What Do G2 Reviewers Say About SOOS?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find SOOS to be **easy to use** , benefiting from user-friendly configurations and excellent support.
- Users praise the **awesome customer support** from SooS, ensuring a smooth onboarding and configuration process.
- Users commend SOOS for its **easy integrations** , enabling seamless workflows and efficient vulnerability management in development.
- Users value the **seamless integrations** of SOOS, enhancing workflow efficiency and simplifying vulnerability management.
- Users find the **easy setup** of SOOS to be intuitive and efficient, enhancing their overall experience.

**Cons:**

- Users note a **lack of guidance** in documentation and processes, hindering onboarding and remediation efforts.
- Users find the **poor reporting** of SOOS limits their ability to analyze vulnerabilities effectively across projects.
- Users find the **dashboard issues** frustrating, particularly with limited reporting and filtering options that hinder analysis.
- Users find SOOS lacks **adequate reporting** , needing better customization and filtering options for effective analysis.
- Users find the **lack of features** in SOOS limits usability, especially with reporting and intuitive navigation.

#### What Are Recent G2 Reviews of SOOS?

**"[Awesome tool for detecting vulnerabilities within project dependecies](https://www.g2.com/survey_responses/soos-review-7753830)"**

**Rating:** 4.5/5.0 stars
*— Nayan C.*

[Read full review](https://www.g2.com/survey_responses/soos-review-7753830)

---

**"[Reliable continuous security assessment for our pipelines](https://www.g2.com/survey_responses/soos-review-7744758)"**

**Rating:** 4.0/5.0 stars
*— Brallan G.*

[Read full review](https://www.g2.com/survey_responses/soos-review-7744758)

---



### 12. [Cybeats](https://www.g2.com/products/cybeats/reviews)
Cybeats is at the forefront of cybersecurity innovation and is focused explicitly on automating Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) management. Our platform has built-in support for HBOM and AIBOM. Our mission is to empower organizations to rapidly identify and address vulnerabilities, significantly reducing costs while enhancing the security posture of their products. With our focus on the vision of &quot;Building trust in every layer of your technology,&quot; Cybeats provides a robust platform that ensures transparency and security throughout the technological stack. Core Offerings - SBOM Management &amp; Continuous Monitoring Cybeats offers a scalable solution for managing and monitoring SBOMs. Our platform stores enriches and distributes SBOMs efficiently across the organization and the organization&#39;s customers. This continuous monitoring helps proactively identify and mitigate software component risks. - SBOM Inventory &amp; Management We provide a centralized system for SBOM inventory management that ensures all software components are accounted for, up-to-date, and secure. This systematic approach helps maintain a clear overview of all software elements, facilitating easier management and compliance. - Vulnerability Lifecycle Management (VLM) Our VLM capabilities integrate Vulnerability Exploitability Exchange (VEX) and Vulnerability Disclosure Program (VDP) processes. This integration helps identify, assess, manage, and mitigate vulnerabilities throughout their lifecycle, ensuring continuous protection against potential software supply chain threats. - Regulatory Compliance Cybeats aligns with global regulatory requirements, assisting organizations in staying compliant with evolving cybersecurity standards. Our solution simplifies compliance management, reducing the complexity and resources required to meet legal and industry standards. With the introduction of regulatory requirements of the FDA pre-market and post-market, the EU CRA, PCI-SSF, and others, companies that develop software-based products must align with the SBOM and Vulnerability management requirements. - OSS and Comercial Licensing Risk Assessment Understanding and managing licensing risks associated with software components is crucial. Cybeats provides tools to assess these risks, helping organizations avoid legal and financial repercussions related to software licensing. - SBOM Sharing and Exchange We facilitate secure sharing and exchange of SBOMs within and across organizations. This capability ensures that all parties in the software supply chain have access to accurate and timely information, enhancing collaborative efforts toward secure software development.


**Average Rating:** 4.4/5.0
**Total Reviews:** 15

**Who Is the Company Behind Cybeats?**

- **Seller:** [CYBEATS](https://www.g2.com/sellers/cybeats)
- **Year Founded:** 2017
- **HQ Location:** Toronto, Ontario
- **Twitter:** @cybeatstech (616 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cybeats/ (32 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 47% Small-Business, 33% Mid-Market



#### What Are Recent G2 Reviews of Cybeats?

**"[Great Computer Security Service Solutin](https://www.g2.com/survey_responses/cybeats-review-7160083)"**

**Rating:** 4.5/5.0 stars
*— Patrícia P.*

[Read full review](https://www.g2.com/survey_responses/cybeats-review-7160083)

---

**"[A safe and secure enterprise supply chain management system is created and enabled by Cybeats](https://www.g2.com/survey_responses/cybeats-review-7468992)"**

**Rating:** 4.5/5.0 stars
*— Karan C.*

[Read full review](https://www.g2.com/survey_responses/cybeats-review-7468992)

---



### 13. [Socket](https://www.g2.com/products/socket-socket/reviews)
Socket is the leading developer-first security platform that protects modern applications from malicious and vulnerable open source dependencies. By combining real-time package monitoring with AI-powered code analysis, Socket detects and blocks supply chain attacks within minutes of publication. With advanced reachability analysis, automated remediation, and license compliance features, Socket enables teams to focus on building software, while we keep their open source code secure.


**Average Rating:** 4.7/5.0
**Total Reviews:** 10

**Who Is the Company Behind Socket?**

- **Seller:** [Socket](https://www.g2.com/sellers/socket)
- **Year Founded:** 2020
- **HQ Location:** San Francisco, US
- **Twitter:** @SocketSecurity (21,558 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/socketinc/ (115 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 40% Mid-Market, 30% Enterprise


#### What Are Socket's Pros and Cons?

**Pros:**

- Security (3 reviews)
- Open Source (2 reviews)
- Accuracy of Findings (1 reviews)
- Alerts (1 reviews)
- Comprehensive Security (1 reviews)

**Cons:**

- Missing Features (1 reviews)
- System Slowness (1 reviews)


### What Do G2 Reviewers Say About Socket?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value Socket&#39;s **exceptional security features** , particularly in monitoring and mitigating supply chain attacks effectively.
- Users praise Socket for its **effective open source security analysis** , streamlining package reviews and enhancing reliability.
- Users value the **accuracy of findings** from Socket, appreciating the thorough analysis it offers for open source security.
- Users value the **proactive alerts** from Socket, ensuring quick responses to potential supply chain threats.
- Users value the **comprehensive security** features of Socket, enhancing decision-making and risk management in software supply chains.

**Cons:**

- Users find the **missing features** in Socket limit its ability to consolidate multiple use cases effectively.
- Users report experiencing **system slowness** , particularly noting the UI&#39;s slow loading times impacting their overall experience.

#### What Are Recent G2 Reviews of Socket?

**"[Unique Approach to Supply Chain Security Problem and Does It Really Well](https://www.g2.com/survey_responses/socket-review-12052484)"**

**Rating:** 5.0/5.0 stars
*— Sindhoor H.*

[Read full review](https://www.g2.com/survey_responses/socket-review-12052484)

---

**"[Essential Tool for Application Security with Stellar MCP Feature](https://www.g2.com/survey_responses/socket-review-12686360)"**

**Rating:** 5.0/5.0 stars
*— Shreejal M.*

[Read full review](https://www.g2.com/survey_responses/socket-review-12686360)

---



### 14. [Arnica](https://www.g2.com/products/arnica/reviews)
Arnica is a comprehensive application security posture management (ASPM) platform that protects developers, source code, and products throughout the software development lifecycle. The platform provides real-time application security scanning with 100% coverage across the software supply chain, addressing risks in Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC), hardcoded secrets detection, and more. At its core, Arnica offers AI-native security governance that takes control of AI-generated code through advanced AI SAST scanning and agentic rules enforcement. The platform automatically injects centrally-controlled security requirements into AI coding agents like Copilot, Cursor, and Claude at the point of code generation, ensuring every line of AI-written code is secure by default before vulnerabilities reach production. This approach addresses 92% of risks before they ever reach production environments. Arnica&#39;s pipelineless architecture provides automatic coverage for every repository without requiring CI/CD pipeline integrations or IDE deployments. The platform scans every code change at the feature branch level, delivering developer-native workflows that keep teams focused on building features rather than chasing security issues. Risk prioritization is enhanced through OWASP Top 10, CVSS, EPSS, and KEV scoring, combined with organizational context to surface the most critical vulnerabilities. The platform excels in developer experience by delivering security findings directly within existing workflows through Slack, Microsoft Teams, pull request comments, and automated ticket management in Jira and Azure DevOps Boards. AI-powered mitigation suggestions provide context-aware, automated fixes that align with organizational coding standards, significantly reducing mean-time-to-remediation. Key security capabilities include real-time secrets detection with automatic validation and mitigation, comprehensive container scanning that maps vulnerabilities directly to source code, and intelligent dependency management with automated SCA upgrades. The platform maintains SOC 2 Type 2 compliance and ISO 27001 certification, ensuring enterprise-grade security standards. Arnica&#39;s unique value proposition lies in its ability to scale security across entire organizations while maintaining development velocity, providing complete visibility into code risks, and enabling proactive security measures that prevent vulnerabilities from reaching production environments.


**Average Rating:** 4.9/5.0
**Total Reviews:** 8

**Who Is the Company Behind Arnica?**

- **Seller:** [Arnica](https://www.g2.com/sellers/arnica)
- **Company Website:** https://www.arnica.io
- **Year Founded:** 2021
- **HQ Location:** Alpharetta, Georgia
- **Twitter:** @arnicaio (124 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/arnica-io/about (60 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 63% Enterprise, 25% Small-Business


#### What Are Arnica's Pros and Cons?

**Pros:**

- Accuracy of Findings (1 reviews)
- Actionable Recommendations (1 reviews)
- Ease of Use (1 reviews)
- Easy Setup (1 reviews)
- Remediation Solutions (1 reviews)

**Cons:**

- Paid Features (1 reviews)


### What Do G2 Reviewers Say About Arnica?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of findings** from Arnica, which helps identify and minimize unnecessary elevated privileges.
- Users value the **actionable recommendations** provided by Arnica, facilitating effective management of elevated privileges in code repositories.
- Users love the **easy setup and administration** of Arnica, saving time while meeting their needs effectively.
- Users love the **easy setup** of Arnica, finding it quick and efficient for their needs.
- Users value Arnica for its ability to **simplify remediation of overprovisioning** and enhance security through effective privilege management.

**Cons:**

- Users note that **paid features** in Arnica restrict access for smaller teams, limiting comprehensive protections.

#### What Are Recent G2 Reviews of Arnica?

**"[Developer-friendly AppSec with a flexible policy engine](https://www.g2.com/survey_responses/arnica-review-12962349)"**

**Rating:** 5.0/5.0 stars
*— Thomas G.*

[Read full review](https://www.g2.com/survey_responses/arnica-review-12962349)

---

**"[Intuitive Dashboards and AI That Finds Real Issues](https://www.g2.com/survey_responses/arnica-review-12972680)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/arnica-review-12972680)

---


#### What Are G2 Users Discussing About Arnica?

- [What is Arnica used for?](https://www.g2.com/discussions/what-is-arnica-used-for)

### 15. [Endor Labs](https://www.g2.com/products/endor-labs/reviews)
Endor Labs turns application security into a competitive advantage. At the core is AURI, the security harness for agentic development. It helps coding agents write secure code by default, automates PR security reviews, and gives agents deterministic context to fix what matters fast. At the core is our patented code context graph: a continuously updated model of application behavior across code, dependencies, secrets, and containers. The result: 83% fewer blocked PRs, 10x fewer security tickets, and 6x faster remediation at Atlassian, Cursor, Rubrik, and Snowflake.


**Average Rating:** 4.8/5.0
**Total Reviews:** 9

**Who Is the Company Behind Endor Labs?**

- **Seller:** [Endor Labs](https://www.g2.com/sellers/endor-labs)
- **Company Website:** https://www.endorlabs.com/
- **Year Founded:** 2021
- **HQ Location:** Palo Alto, California, United States
- **Twitter:** @EndorLabs (592 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/endorlabs (207 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 78% Mid-Market, 22% Enterprise


#### What Are Endor Labs's Pros and Cons?

**Pros:**

- Features (5 reviews)
- Ease of Use (4 reviews)
- Accuracy of Findings (3 reviews)
- Customer Support (3 reviews)
- Integration Support (3 reviews)

**Cons:**

- UX Improvement (3 reviews)
- API Limitations (1 reviews)
- Difficult Setup (1 reviews)
- Integration Issues (1 reviews)
- Missing Features (1 reviews)


### What Do G2 Reviewers Say About Endor Labs?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highly value the **Reachability Analysis feature** of Endor Labs, enhancing security and efficiency in project management.
- Users value the **user-friendly UI** of Endor Labs, enabling quick access to critical data and insights.
- Users value the **high accuracy of findings** from Endor Labs, enhancing their security analysis and decision-making.
- Users commend the **responsive customer support** of Endor Labs, enhancing their experience and addressing needs effectively.
- Users appreciate the **flexible integration support** of Endor Labs, making setup and usage straightforward and seamless.

**Cons:**

- Users note that the **UI/UX experience requires improvement** , particularly in API access and integration features.
- Users find the **API limitations** restrictive, wishing for more capabilities to be accessible in the UI.
- Users find the **difficult setup** of Endor Labs can be challenging, especially with unclear error messages during integration.
- Users note **integration issues** , particularly with Jira, though improvements are being made over time.
- Users feel that the **UI/UX lacks refinement** , particularly in authentication clarity and branch monitoring settings.

#### What Are Recent G2 Reviews of Endor Labs?

**"[Took the SCA scans to whole another level with their reachability analysis](https://www.g2.com/survey_responses/endor-labs-review-11697384)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/endor-labs-review-11697384)

---

**"[Easy SCA Integration with Clear, Actionable Vulnerability Insights](https://www.g2.com/survey_responses/endor-labs-review-12503518)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Security and Investigations*

[Read full review](https://www.g2.com/survey_responses/endor-labs-review-12503518)

---



### 16. [Jscrambler](https://www.g2.com/products/jscrambler/reviews)
Jscrambler is the leader in Client-Side Security for the modern, composable web. As organizations increasingly build digital experiences through third-party software supply chains and AI-powered agents, sensitive data is now created directly in the browser — the point of creation for digital interactions — making it one of the enterprise’s most privileged yet least governed attack surfaces. Jscrambler’s Client-Side Security Platform is powered by a Behavioral Enforcement Core that governs how application code, third-party scripts, and sensitive data behave at runtime. By enforcing software integrity and data governance directly in the browser, the platform ensures sensitive data and AI inputs are controlled according to enterprise policy at the point of creation — before they leave the client environment. Trusted by leading global retailers, airlines, financial services providers, and healthcare organizations, Jscrambler provides the visibility and enforcement organizations need to stop client-side attacks, prevent data leakage, and maintain compliance with regulations including PCI DSS, GDPR, HIPAA, CCPA, and the EU AI Act.


**Average Rating:** 4.4/5.0
**Total Reviews:** 31

**Who Is the Company Behind Jscrambler?**

- **Seller:** [Jscrambler](https://www.g2.com/sellers/jscrambler)
- **Company Website:** https://jscrambler.com
- **Year Founded:** 2014
- **HQ Location:** San Francisco, California
- **Twitter:** @Jscrambler (1,161 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1005462/ (89 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 35% Mid-Market, 29% Small-Business


#### What Are Jscrambler's Pros and Cons?

**Pros:**

- Security (3 reviews)
- Ease of Use (2 reviews)
- User Interface (2 reviews)
- Automation (1 reviews)
- Comprehensive Overview (1 reviews)

**Cons:**

- Difficult Initiation (2 reviews)
- Slow Performance (2 reviews)
- Dashboard Issues (1 reviews)
- Error Handling (1 reviews)
- Lack of Guidance (1 reviews)


### What Do G2 Reviewers Say About Jscrambler?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **robust security features** of Jscrambler, ensuring their intellectual property is well-protected during deployment.
- Users appreciate the **ease of use** of Jscrambler, finding the interface user-friendly and easy to navigate.
- Users praise the **user-friendly interface** of Jscrambler, making management and implementation straightforward and efficient.
- Users find Jscrambler&#39;s **automation capabilities** seamlessly integrate into CI/CD pipelines, enhancing security without disrupting development.
- Users value the **comprehensive overview** of Jscrambler, enhancing security and performance with gradual feature activation.

**Cons:**

- Users experience a **difficult initiation** with Jscrambler due to its complex installation and setup processes.
- Users experience **slow performance** that negatively affects user experience, requiring additional tuning and lacking adequate documentation.
- Users note that the **dashboard could provide more detailed information** about each installation for better insights.
- Users often face **obfuscation issues** with large applications, leading to functionality problems and project file limit challenges.
- Users often face **limited guidance** with Jscrambler, leading to challenges in exporting reports effectively.

#### What Are Recent G2 Reviews of Jscrambler?

**"[Unmatched Code Protection with Jscrambler](https://www.g2.com/survey_responses/jscrambler-review-12607132)"**

**Rating:** 5.0/5.0 stars
*— Bruno V.*

[Read full review](https://www.g2.com/survey_responses/jscrambler-review-12607132)

---

**"[Jscrambler Integrates Seamlessly Into CI/CD for Enhanced Web App Security](https://www.g2.com/survey_responses/jscrambler-review-11802189)"**

**Rating:** 5.0/5.0 stars
*— Daniel G.*

[Read full review](https://www.g2.com/survey_responses/jscrambler-review-11802189)

---


#### What Are G2 Users Discussing About Jscrambler?

- [What is Jscrambler used for?](https://www.g2.com/discussions/what-is-jscrambler-used-for)

### 17. [Cloudsmith](https://www.g2.com/products/cloudsmith/reviews)
Cloudsmith is the modern artifact management and software supply chain security platform. It gives engineering teams a unified control layer for every package, container, binary, and ML model moving through their software supply chain – across 30+ formats, with built-in policy enforcement and continuous security monitoring. Modern engineering teams assemble software more than they author it and AI agents pull in open source dependencies at a pace that exceeds ad hoc governance. Cloudsmith functions as a private registry that sits between public sources and your builds; It is the first place every artifact lands and where policy enforcement occurs before anything enters your environment. Splitting artifact management and security across disconnected tools causes teams to lose the consistent visibility and control they need to move fast – and with confidence. Cloudsmith replaces that complexity with a unified platform that scales with your organization. Built for platform engineering teams, security leads, and the engineering leaders who support them, Cloudsmith reduces the operational burden of managing artifact infrastructure, enforces governance consistently across every team and format, and gives organizations full traceability across their supply chain.


**Average Rating:** 4.5/5.0
**Total Reviews:** 42

**Who Is the Company Behind Cloudsmith?**

- **Seller:** [Cloudsmith](https://www.g2.com/sellers/cloudsmith)
- **Company Website:** https://cloudsmith.com
- **Year Founded:** 2016
- **HQ Location:** Belfast, Northern Ireland
- **Twitter:** @cloudsmith (1,094 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cloudsmith/ (152 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 38% Small-Business, 36% Mid-Market


#### What Are Cloudsmith's Pros and Cons?

**Pros:**

- Ease of Use (2 reviews)
- Integrations (2 reviews)
- Reliability (2 reviews)
- Cloud Integration (1 reviews)
- Development Efficiency (1 reviews)

**Cons:**

- Difficult Setup (1 reviews)
- Expensive (1 reviews)
- Integration Issues (1 reviews)


### What Do G2 Reviewers Say About Cloudsmith?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Cloudsmith, enabling efficient artifact management without the complexity of multiple registries.
- Users appreciate the **seamless integrations** of Cloudsmith, enhancing efficiency and simplifying artifact management across various formats.
- Users value the **reliability** of Cloudsmith, with consistent performance and seamless integration into their workflows.
- Users praise Cloudsmith for its **comprehensive cloud integration** , streamlining artifact management and improving efficiency across multiple formats.
- Users value the **development efficiency** of Cloudsmith, streamlining artifact management and simplifying the software delivery process.

**Cons:**

- Users find the **difficult setup** of Cloudsmith frustrating, experiencing issues with onboarding and native integrations.
- Users find Cloudsmith&#39;s pricing model **expensive** , especially for teams with high storage and bandwidth needs.
- Users face **integration issues** with Cloudsmith, leading to potential confusion during onboarding and high costs for large teams.

#### What Are Recent G2 Reviews of Cloudsmith?

**"[An Excellent Platform for a Secure Software Supply Chain ](https://www.g2.com/survey_responses/cloudsmith-review-12507384)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Semiconductors*

[Read full review](https://www.g2.com/survey_responses/cloudsmith-review-12507384)

---

**"[Streamlined Artifact Management with Stellar Support](https://www.g2.com/survey_responses/cloudsmith-review-12919092)"**

**Rating:** 4.5/5.0 stars
*— Benjamin J.*

[Read full review](https://www.g2.com/survey_responses/cloudsmith-review-12919092)

---


#### What Are G2 Users Discussing About Cloudsmith?

- [What is Cloudsmith used for?](https://www.g2.com/discussions/what-is-cloudsmith-used-for) - 1 comment

### 18. [DryRun Security](https://www.g2.com/products/dryrun-security/reviews)
Security leaders face a paradox: ship faster and enable agentic development while staying secure and keeping developers productive. DryRun Security resolves this by securing every pull request and repo with a high-precision, automated security engineer review right where developers and their agents build. DryRun Security is the industry’s most accurate agentic code security intelligence platform. Powered by its proprietary Contextual Security Analysis (CSA) engine, DryRun Security delivers the AI moment for security teams in an AI-native developer world. Traditional static application security testing (SAST) floods teams with alerts, misses higher-order risk, and burns time in triage. DryRun Security goes beyond SAST with contextual analysis that prioritizes what is exploitable and impactful in your codebase, then helps engineers remediate fast. Instead of “find everything and hope someone sorts it out,” DryRun Security delivers code security intelligence that is ready to act on. DryRun Security puts a security engineer directly into developer workflows. In pull requests, the Code Review Agent reviews changes in context, explains risk in plain language, and guides fixes where developers already work. In repos, the DeepScan Agent produces focused, human-grade findings for the issues that actually matter, without weeks of manual review before major milestones. The Custom Policy Agent enforces guardrails with Natural Language Code Policies, so you can standardize security and compliance requirements across teams without brittle rule sets. Codebase Insights allows leaders to ask questions of their entire codebase like &quot;Are we exposed to this new vulnerability&quot; and have confidence in minutes. DryRun Security also integrates with AI coding workflows, so remediation happens with the precision of a security engineer working at machine speed. Teams connect DryRun Security insights and guidance into Claude, Cursor, OpenAI Codex, and Windsurf, helping developers and their agents fix issues with contextual, security-engineered direction tied to the PR and codebase. What DryRun Security delivers (beyond SAST) • Automated secure code review in every pull request with high-signal findings and low noise • Contextual Security Analysis that catches common vulnerabilities and deeper multi-dependency and logic risks • Automated remediation guidance that helps engineers fix faster, with explanations and next steps • Secrets analysis identifies genuine hardcoded secrets and suppresses the usual false alarms • Policy enforcement in PRs using Natural Language Code Policies for consistent guardrails across repos • Codebase intelligence and reporting for AppSec visibility, prioritization, and audit-ready evidence DryRun Security supports most code environments, languages, and frameworks, including: • GitHub, GitLab • C#, Golang, Elixir, JavaScript, TypeScript, Python, Ruby, Java, Kotlin, PHP, Swift, HTML • Infrastructure as Code (Terraform, YAML) • And more


**Average Rating:** 4.9/5.0
**Total Reviews:** 20

**Who Is the Company Behind DryRun Security?**

- **Seller:** [DryRun Security](https://www.g2.com/sellers/dryrun-security)
- **Year Founded:** 2023
- **HQ Location:** Austin, US
- **LinkedIn® Page:** https://www.linkedin.com/company/dryrun-security/ (16 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer &amp; Network Security
- **Company Size:** 40% Small-Business, 30% Mid-Market


#### What Are DryRun Security's Pros and Cons?

**Pros:**

- Security (13 reviews)
- Vulnerability Detection (9 reviews)
- Features (8 reviews)
- Accuracy (7 reviews)
- Easy Setup (7 reviews)

**Cons:**

- Slow Performance (2 reviews)
- Slow Speed (2 reviews)
- UX Improvement (2 reviews)
- Limited Customization (1 reviews)
- Workflow Issues (1 reviews)


### What Do G2 Reviewers Say About DryRun Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **context-aware security feedback** from DryRun Security, enhancing vulnerability mitigation during development in GitHub.
- Users appreciate the **quick and context-aware vulnerability detection** of DryRun Security, enhancing security during the development process.
- Users value the **seamless integration and advanced detections** of DryRun Security, enhancing code security and development efficiency.
- Users value the **accuracy of feedback** from DryRun Security, effectively minimizing false positives and identifying complex vulnerabilities.
- Users appreciate the **easy setup** of DryRun Security, enabling seamless integration and quick vulnerability detection.

**Cons:**

- Users find the **slow performance** of DryRun Security&#39;s management portal frustrating, impacting their overall experience.
- Users experience **slow speed** issues with the management portal, impacting overall usability and efficiency.
- Users note the **sluggish UI** of DryRun Security, which hampers the overall developer experience during use.
- Users feel there are **limited customization options** for analyzers, though improvements may be forthcoming.
- Users feel that there are **workflow issues** that hinder the developer experience and adoption of DryRun Security.

#### What Are Recent G2 Reviews of DryRun Security?

**"[Catches Logic and Authorization Flaws Traditional SAST Often Misses](https://www.g2.com/survey_responses/dryrun-security-review-12357188)"**

**Rating:** 5.0/5.0 stars
*— Jabez A.*

[Read full review](https://www.g2.com/survey_responses/dryrun-security-review-12357188)

---

**"[Next Gen of SAST Tool That Has Cutting Edge Tech](https://www.g2.com/survey_responses/dryrun-security-review-12462338)"**

**Rating:** 5.0/5.0 stars
*— Francis D.*

[Read full review](https://www.g2.com/survey_responses/dryrun-security-review-12462338)

---



### 19. [Xygeni](https://www.g2.com/products/xygeni/reviews)
Secure your Software Development and Delivery! Xygeni Security specializes in Application Security Posture Management (ASPM), using deep contextual insights to effectively prioritize and manage security risks while minimizing noise and overwhelming alerts. Our innovative technologies automatically detect malicious code in real-time upon new and updated components publication, immediately notifying customers and quarantining affected components to prevent potential breaches. With extensive coverage spanning the entire Software Supply Chain—including Open Source components, CI/CD processes and infrastructure, Anomaly detection, Secret leakage, Infrastructure as Code (IaC), and Container security—Xygeni ensures robust protection for your software applications. Trust Xygeni to protect your operations and empower your team to build and deliver with integrity and security.


**Average Rating:** 4.6/5.0
**Total Reviews:** 4

**Who Is the Company Behind Xygeni?**

- **Seller:** [Xygeni Security](https://www.g2.com/sellers/xygeni-security)
- **Year Founded:** 2021
- **HQ Location:** Madrid, ES
- **Twitter:** @xygeni (178 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/xygeni/ (30 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 60% Small-Business, 40% Mid-Market


#### What Are Xygeni's Pros and Cons?

**Pros:**

- Comprehensive Security (2 reviews)
- Prioritization (2 reviews)
- Risk Management (2 reviews)
- Security (2 reviews)
- Cloud Integration (1 reviews)

**Cons:**

- Difficult Setup (1 reviews)
- Learning Curve (1 reviews)


### What Do G2 Reviewers Say About Xygeni?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend Xygeni for its **comprehensive security features** , enhancing protection while maintaining efficient software development processes.
- Users value the **contextual risk prioritization** of Xygeni, enabling focus on the most critical security issues efficiently.
- Users value the **effective risk management** of Xygeni, ensuring security without hindering development speed.
- Users praise the **robust security features** of Xygeni, ensuring efficient vulnerability management and compliance throughout development.
- Users value the **seamless CI/CD integration** of Xygeni, enhancing security without hindering development speed.

**Cons:**

- Users experience **difficult setup** with Xygeni due to manual adjustments needed for specific CI/CD configurations.
- Users find the **learning curve for first-time users** challenging, needing familiarity with AppSec best practices for deeper insights.

#### What Are Recent G2 Reviews of Xygeni?

**"[The essential tool for proactive security and confident development](https://www.g2.com/survey_responses/xygeni-review-11393516)"**

**Rating:** 4.5/5.0 stars
*— Marcos C.*

[Read full review](https://www.g2.com/survey_responses/xygeni-review-11393516)

---

**"[Revolutionized Our Security Workflow with Unified, AI-Driven Efficiency](https://www.g2.com/survey_responses/xygeni-review-11998435)"**

**Rating:** 5.0/5.0 stars
*— Yerassyl K.*

[Read full review](https://www.g2.com/survey_responses/xygeni-review-11998435)

---



### 20. [Arnica EmailServer](https://www.g2.com/products/arnica-emailserver/reviews)
Arnica EmailServer is an enterprise-strength tool for automating both mass-emailing and single email processing tasks.


**Average Rating:** 4.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind Arnica EmailServer?**

- **Seller:** [Arnica](https://www.g2.com/sellers/arnica)
- **Year Founded:** 2021
- **HQ Location:** Alpharetta, Georgia
- **Twitter:** @arnicaio (124 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/arnica-io/about (60 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of Arnica EmailServer?

**"[Email control and management](https://www.g2.com/survey_responses/arnica-emailserver-review-5191040)"**

**Rating:** 4.0/5.0 stars
*— Miguel E.*

[Read full review](https://www.g2.com/survey_responses/arnica-emailserver-review-5191040)

---


#### What Are G2 Users Discussing About Arnica EmailServer?

- [What is Arnica EmailServer used for?](https://www.g2.com/discussions/what-is-arnica-emailserver-used-for)

### 21. [Cycode](https://www.g2.com/products/cycode/reviews)
Cycode’s AI-Native Application Security Platform unites security and development teams with actionable context from code to runtime to identify, prioritize, and fix the software risks that matter. Powered by proprietary scanners, third-party integrations, and the Context Intelligence Graph (CIG), Cycode delivers unified, correlated insight across the Software Factory. Its unique ability to sense, reason, and act with context in the AI-Era comes from its foundational convergence of AST, ASPM, and Software Supply Chain Security—purpose-built to secure both AI- and human-generated code.


**Average Rating:** 4.0/5.0
**Total Reviews:** 2

**Who Is the Company Behind Cycode?**

- **Seller:** [Cycode](https://www.g2.com/sellers/cycode)
- **Year Founded:** 2019
- **HQ Location:** New York, New York, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/cycode (159 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 67% Mid-Market, 33% Enterprise



#### What Are Recent G2 Reviews of Cycode?

**"[Totally impressed with cycode](https://www.g2.com/survey_responses/cycode-review-9567648)"**

**Rating:** 4.0/5.0 stars
*— J P.*

[Read full review](https://www.g2.com/survey_responses/cycode-review-9567648)

---

**"[Cycode abilities](https://www.g2.com/survey_responses/cycode-review-7475976)"**

**Rating:** 4.0/5.0 stars
*— Sachin P.*

[Read full review](https://www.g2.com/survey_responses/cycode-review-7475976)

---



### 22. [ReversingLabs](https://www.g2.com/products/reversinglabs/reviews)
ReversingLabs is the trusted name in file and software security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, RL Spectra Core powers the software supply chain and file security insights, tracking over 422 billion searchable files with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.


**Average Rating:** 4.7/5.0
**Total Reviews:** 10

**Who Is the Company Behind ReversingLabs?**

- **Seller:** [ReversingLabs](https://www.g2.com/sellers/reversinglabs)
- **Year Founded:** 2009
- **HQ Location:** Cambridge, US
- **Twitter:** @ReversingLabs (7,022 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/reversinglabs/ (321 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 80% Small-Business, 10% Mid-Market


#### What Are ReversingLabs's Pros and Cons?

**Pros:**

- Accuracy of Information (2 reviews)
- Customer Support (2 reviews)
- Efficiency (2 reviews)
- Prioritization (2 reviews)
- Reliability (2 reviews)

**Cons:**

- Complex Querying (1 reviews)
- Confusing Interface (1 reviews)
- Navigation Issues (1 reviews)
- UX Improvement (1 reviews)


### What Do G2 Reviewers Say About ReversingLabs?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **accuracy of information** provided by ReversingLabs, ensuring effective risk management and resource utilization.
- Users appreciate the **excellent customer support** at ReversingLabs, highlighting their involvement and effectiveness in the onboarding process.
- Users praise ReversingLabs for its **efficiency** in onboarding and risk management, leading to a seamless user experience.
- Users commend the **effective prioritization** of risk management in ReversingLabs, enhancing their overall satisfaction and security.
- Users value the **high reliability** of ReversingLabs, appreciating its seamless onboarding and extensive file repository.

**Cons:**

- Users find the **complex querying** for usage endpoints confusing, which can hinder their overall experience.
- Users find the **interface confusing** , particularly when it comes to checking usage endpoints.
- Users find the **navigation issues** of ReversingLabs challenging, leading to confusion in checking usage endpoints.
- Users feel the **UI could be improved** , although it doesn’t significantly block their overall experience.

#### What Are Recent G2 Reviews of ReversingLabs?

**"[Deep File Reputation Intelligence with Excellent Format Coverage](https://www.g2.com/survey_responses/reversinglabs-review-12547875)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/reversinglabs-review-12547875)

---

**"[Very good, with small drawbacks in the interface](https://www.g2.com/survey_responses/reversinglabs-review-12310983)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Computer Software*

[Read full review](https://www.g2.com/survey_responses/reversinglabs-review-12310983)

---



### 23. [Sonatype Lifecycle](https://www.g2.com/products/sonatype-lifecycle/reviews)
Continuously secure your software supply chain with Sonatype Nexus Lifecycle, a software composition analysis (SCA) solution. Nexus Lifecycle helps development, security, and compliance teams reduce open source risk without slowing delivery. It detects vulnerable or non-compliant components early, provides clear remediation guidance, and enforces the same policies from development through CI/CD and release - powered by Sonatype Nexus Intelligence. Choose safer components up front: A Chrome extension and IDE integrations surface vulnerability, license, and quality insights as developers browse public repositories or add dependencies. Fix issues fast where work happens: In Eclipse, IntelliJ, and Visual Studio, developers can see exactly what&#39;s wrong and upgrade to an approved version with a click - no guesswork. Automate remediation in source control: Integrations with GitHub, GitLab, and Atlassian Bitbucket can comment on pull/merge requests and identify the specific dependency change that introduces risk, along with recommended versions to resolve it. You can also generate automated pull requests to update components that violate policy. Enforce open source policies across the SDLC: Create security, license, and architectural policies tailored by application type, team, or organization, then apply them consistently in developer tools, CI/CD, and repositories to prevent risky components from reaching production. Generate SBOMs in minutes: Produce accurate Software Bills of Materials (SBOMs) per application to understand what components and transitive dependencies are in use and verify compliance. Prove progress with reporting: Track trends like Mean Time to Resolution (MTTR) and violation reduction over time to demonstrate measurable risk reduction to stakeholders. Nexus Lifecycle integrates with common developer, CI/CD, and repository tools including Nexus Repository, Artifactory, Jira, Jenkins, Azure DevOps, and more.


**Average Rating:** 4.2/5.0
**Total Reviews:** 3

**Who Is the Company Behind Sonatype Lifecycle?**

- **Seller:** [Sonatype](https://www.g2.com/sellers/sonatype)
- **Year Founded:** 2008
- **HQ Location:** Fulton, US
- **Twitter:** @sonatype (10,589 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/210324/ (551 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 75% Enterprise, 25% Mid-Market



#### What Are Recent G2 Reviews of Sonatype Lifecycle?

**"[Best SCA tool in the market for Java, and .NET](https://www.g2.com/survey_responses/sonatype-lifecycle-review-6933703)"**

**Rating:** 5.0/5.0 stars
*— Vis C.*

[Read full review](https://www.g2.com/survey_responses/sonatype-lifecycle-review-6933703)

---

**"[So many features, easily configurable and wide support for a lot of languages](https://www.g2.com/survey_responses/sonatype-lifecycle-review-4165826)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Financial Services*

[Read full review](https://www.g2.com/survey_responses/sonatype-lifecycle-review-4165826)

---



### 24. [Sonatype Repository Firewall](https://www.g2.com/products/sonatype-repository-firewall/reviews)
Sonatype Repository Firewall helps protect your software supply chain by blocking open source malware and other high-risk components before they enter your artifact repositories and development workflows. Repository Firewall evaluates components at the point of download using automated analysis plus policy enforcement, so risky packages can be prevented (or quarantined) before they spread across builds, teams, and environments. Key capabilities: - Detect and block known and suspicious open source malware before it reaches developers - Enforce security, license, and quality policies early, at the repository perimeter - Identify risky or malicious components already present in repositories to support cleanup and response - Provide clear, auditable policy decisions and guidance so teams understand why a component was blocked and what to use instead - Integrate with common repository managers (including Nexus Repository and JFrog Artifactory) to add protection without slowing delivery Repository Firewall is ideal for organizations that depend heavily on public registries and want a preventative control to reduce supply chain attacks, lower rework, and keep development moving with trusted components.


**Average Rating:** 5.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind Sonatype Repository Firewall?**

- **Seller:** [Sonatype](https://www.g2.com/sellers/sonatype)
- **Year Founded:** 2008
- **HQ Location:** Fulton, US
- **Twitter:** @sonatype (10,589 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/210324/ (551 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market


#### What Are Sonatype Repository Firewall's Pros and Cons?

**Pros:**

- Control (1 reviews)
- Network Security (1 reviews)
- Protection (1 reviews)

**Cons:**

- Expertise Required (1 reviews)
- Inadequate Learning Resources (1 reviews)
- Poor Customer Support (1 reviews)


### What Do G2 Reviewers Say About Sonatype Repository Firewall?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **control over malicious activities** , ensuring data security and adherence to established policies.
- Users benefit from the **network security measures** of Sonatype Repository Firewall, effectively blocking malicious activities and securing data.
- Users value the **protection against malicious activities** provided by Sonatype Repository Firewall, ensuring data and network security.

**Cons:**

- Users find the **expertise required** for Sonatype Repository Firewall a barrier, needing extensive knowledge for effective use.
- Users note a **lack of adequate learning resources** that hinder effective understanding and utilization of the product.
- Users express frustration with the **lack of technical support** , highlighting the need for knowledgeable assistance with SDLC and DevOps.

#### What Are Recent G2 Reviews of Sonatype Repository Firewall?

**"[Nexus Firewall](https://www.g2.com/survey_responses/sonatype-repository-firewall-review-7860570)"**

**Rating:** 5.0/5.0 stars
*— Preeti R.*

[Read full review](https://www.g2.com/survey_responses/sonatype-repository-firewall-review-7860570)

---



### 25. [ZeroPath](https://www.g2.com/products/zeropath/reviews)
ZeroPath (YC S24) is the first AI-native application security platform that fundamentally reimagines how organizations find and fix vulnerabilities. Unlike deterministic SAST tools that bolt AI onto legacy rule engines, ZeroPath was built from the ground up to combine large language models with advanced program analysis (AST, data flow, taint tracking) by Ex-Tesla Red Team and Google Security engineers. ZeroPath&#39;s core differentiation is detecting critical vulnerabilities that pattern-matching SAST fundamentally cannot find. It catches IDORs, authorization bypasses, race conditions, and authentication bugs by reasoning about application behavior and developer intent. This capability achieved a 92% alert reduction when triaging findings from legacy tools. ZeroPath is best suited for enterprises and startups that want a complete appsec experience with: AI-powered SAST across 16+ languages, SCA with exploitability analysis (90% noise reduction by determining if dependency CVEs are actually reachable in your code), secrets detection with validation, IaC scanning for Terraform/CloudFormation/Kubernetes, and natural language security policies. Context-aware autopatch generation fixes 70% of vulnerabilities automatically with framework-specific patches that match your coding standards. To keep the developer experience seamless, ZeroPath integrates into existing workflows with zero configuration. It provides Sub-60-second PR scans on GitHub, GitLab, Bitbucket, and Azure DevOps to provide instant security feedback without blocking development. Developers receive clear explanations, one-click fixes, and can refine patches using natural language commands directly in PR comments. The platform automatically attributes vulnerabilities to responsible developers and syncs bidirectionally with Jira, Linear, and more. Overall, less noise, along with the breadth of integrations, has already made security teams faster in triaging and finding real vulnerabilities. Having been security engineers ourselves, we also understand how important visibility is for the evaluations. ZeroPath users get executive dashboards with real-time MTTR tracking, automated compliance reporting for SOC2 and ISO27001, and risk-based prioritization using CVSS 4.0 scoring. The platform provides complete visibility across organizational repositories, including security models, authentication patterns, and filtering logic, without manual configuration. Our research team dogfeeds our own technology and has discovered CVE-2025-61928 (critical account takeover in better-auth with 300k+ weekly downloads), identified 170+ verified bugs in curl, found 7 vulnerabilities in django-allauth enabling account impersonation, and discovered 0-days in production systems at Netflix, Hulu, and Salesforce. Currently trusted by 750+ companies running 200k+ scans monthly, ZeroPath delivers what security-conscious engineering teams need: more real vulnerabilities, dramatically less noise, and automated fixes that actually work.


**Average Rating:** 4.5/5.0
**Total Reviews:** 11

**Who Is the Company Behind ZeroPath?**

- **Seller:** [ZeroPath](https://www.g2.com/sellers/zeropath)
- **Company Website:** https://zeropath.com
- **Year Founded:** 2024
- **HQ Location:** San Francisco, US
- **LinkedIn® Page:** https://www.linkedin.com/company/zeropathai/ (12 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 36% Small-Business, 27% Mid-Market


#### What Are ZeroPath's Pros and Cons?

**Pros:**

- Accuracy (6 reviews)
- Accuracy of Findings (6 reviews)
- Security (6 reviews)
- Vulnerability Detection (5 reviews)
- Vulnerability Identification (4 reviews)

**Cons:**

- Bug Issues (2 reviews)
- Bugs (2 reviews)
- Software Bugs (2 reviews)
- Cost Issues (1 reviews)
- Dashboard Issues (1 reviews)


### What Do G2 Reviewers Say About ZeroPath?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **high accuracy** of ZeroPath, effectively surfacing critical issues with minimal false alarms.
- Users value the **accuracy of findings** from ZeroPath, which effectively identifies real issues with minimal false alarms.
- Users value the **effective security identification** of ZeroPath, significantly reducing false alarms compared to other tools.
- Users value the **high accuracy in vulnerability detection** from ZeroPath, appreciating its low false positive rate.
- Users commend ZeroPath for its **accurate vulnerability identification** , significantly reducing false alarms and highlighting critical issues effectively.

**Cons:**

- Users experience **bug issues** with ZeroPath, but appreciate the team&#39;s quick response to resolve them.
- Users report **persistent bugs** in ZeroPath, but commend the team&#39;s quick response to resolve them.
- Users experience **software bugs** in ZeroPath, though the team resolves them quickly, enhancing user satisfaction.
- Users find the **pricing unclear** , making it a challenge for their organizations to justify the expense.
- Users face **dashboard issues** with bugs, although the Zeropath team promptly addresses these problems.

#### What Are Recent G2 Reviews of ZeroPath?

**"[ZeroPath: ease of use and results superior to the competition](https://www.g2.com/survey_responses/zeropath-review-12308821)"**

**Rating:** 4.0/5.0 stars
*— Maxime J.*

[Read full review](https://www.g2.com/survey_responses/zeropath-review-12308821)

---

**"[Accurate Source-to-Sink Analysis with Surprisingly Reliable Auto-Patches](https://www.g2.com/survey_responses/zeropath-review-12564698)"**

**Rating:** 5.0/5.0 stars
*— Rohit J.*

[Read full review](https://www.g2.com/survey_responses/zeropath-review-12564698)

---




## What Is Software Supply Chain Security Solutions?

[Development Software](https://www.g2.com/categories/development)

## What Software Categories Are Similar to Software Supply Chain Security Solutions?

- [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast)
- [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)
- [Software Bill of Materials (SBOM) Software](https://www.g2.com/categories/software-bill-of-materials-sbom)



