Best IT Security Software for GitHub - Page 5
View:
Compare the Top IT Security Software that integrates with GitHub as of June 2025 - Page 5
Sort By:
This a list of IT Security software that integrates with GitHub. Use the filters on the left to add additional filters for products that have integrations with GitHub. View the products that work with GitHub in the table below.
-
1
Cyral
Cyral
Granular visibility and policy enforcement across all your data endpoints. Designed to support your infrastructure-as-code workflows and orchestration. Dynamically scales to your workloads, with sub millisecond latency. Easily clicks with all your tools with no changes to your applications. Enhance cloud security with granular data access policies. Extend Zero Trust to the data cloud. Protect your organization from data breaches. Increase trust with your customers and provide assurance. Cyral is built to handle the unique performance, deployment and availability challenges of the data cloud. With Cyral you see the full picture. Cyral’s data cloud sidecar is a featherweight and stateless interception service that enables real time observability into all data cloud activity, and granular access controls. Highly performant and scalable interception. Prevention of threats and malicious access to your data that would go otherwise undetected.Starting Price: $50 per month -
2
DoubleClue
DoubleClue
DoubleClue is an Identity and Access Management platform from HWS Group in Bavaria to manage identities, rights and access. It secures company networks with modern multi factor authentication from cyberattacks targeted on digital identities / the "human factor". Plus, the platform offers an integrated password management and secure cloud storage for confidential data. Identity security, password management and secure cloud storage protected by adaptive multi-factor-authentication (MFA). On premises or in the cloud. DoubleClue protects the component of your business that is not covered by firewalls and virus scanners – the human factor, the most vulnerable part in any IT security. All digital accesses and applications, passwords and confidential data protected by a strong all-in-one platform. In the digital working world, employees demand maximum flexibility. Enable them to work from anywhere with any device without compromising their IT security. -
3
It'sMe
Acceptto
Employees hate using passwords as much as you hate managing password vulnerabilities. More passwords and tokens lead to greater security risk, fatigue, and cost. It’s time to get rid of them for good. 89% of security professionals claim that a more advanced multi-factor authentication tool that provides continuous, behavioral authentication would improve their company’s security posture. Acceptto provides users with Intelligent MFA that intuitively authorizes access to applications and continues authenticating post-authorization. We prevent account takeovers, even if hackers have already acquired passwords. ItsMe™ Intelligent Multi Factor Authentication (MFA) increases your security by authorizing access attempts to a registered device in real-time, be it through a push notification or verification code (SMS, TOTP, email, and etc.). With our timed based one-time password (TOTP), security key, or biometric options, you can authenticate access even when offline. -
4
1Kosmos
1Kosmos
1Kosmos enables passwordless access for workers, customers and citizens to securely transact with digital services. By unifying identity proofing and strong authentication, the BlockID platform creates a distributed digital identity that prevents identity impersonation, account takeover and fraud while delivering frictionless user experiences. BlockID is the only NIST, FIDO2, and iBeta biometrics certified platform that performs millions of authentications daily for some of the largest banks, telecommunications and healthcare organizations in the world. -
5
StackPulse
StackPulse
StackPulse automates and orchestrates incident response and management, enabling a continuous approach to software services reliability. The StackPulse platform gives SREs, developers and on-callers the context and control necessary to analyze, respond to, and resolve incidents across the entire stack, at any scale. StackPulse transforms how engineering and operations teams operate software and infrastructure services. Our Platform makes it easy to get started collaborating with a suite of incident management tools, from automated war room creation, to data capture and auto-generated postmortems. The data captured during these incidents then generates recommendations for playbooks and triggers that result in significant reductions in MTTR or improvements in SLO adherence. StackPulse identifies risk based on specific patterns of your organization’s unique monitoring, infrastructure, and operational data, and then recommends automated playbooks tailored to your organization. -
6
Bugcrowd
Bugcrowd
Crowdcontrol’s advanced analytics and security automation connect and enhance human creativity to help you find and fix more high priority vulnerabilities, faster. From intelligent workflows to robust program performance tracking and reporting, Crowdcontrol provides the insights needed to multiply impact, measure success, and secure your business. Crowdsource human intelligence at scale to discover high-risk vulnerabilities faster. Take a proactive, pay-for-results approach by actively engaging with the Crowd. Meet compliance and reduce risk with a framework to receive vulnerabilities. Find, prioritize, and manage more of your unknown attack surface. -
7
Doppler
Doppler
Stop struggling with scattered API keys, hacking together home-brewed configuration tools, and avoiding access controls. Give your team a single source of truth with Doppler. The best developers automate the pain away. Create references to frequently used secrets in Doppler. Then when they need to change, you only need to update them once. Your team's single source of truth. Organize your variables across projects and environments. The scary days of sharing secrets over Slack, email, git, zip files, are over. After adding a secret, your team and their apps have it instantly. Like git, the Doppler CLI smartly knows which secrets to fetch based on the project directory you are in. Gone are the futile days of trying to keep ENV files in sync! Practice least privilege with granular access controls. Reduce exposure when deploying with read-only service tokens. Contractor needs access to just development? Easy!Starting Price: $6 per seat per month -
8
Delinea Cloud Access Controller
Delinea
Gain granular control over web applications and web-based cloud management platforms. Delinea's Cloud Access Controller provides a comprehensive PAM solution that operates at cloud speed and is quick to deploy and secure access to any web application. With Cloud Access Controller, you can easily integrate your existing authentication solutions with any web application without having to write any additional code. Apply granular RBAC policies that enforce least privilege and zero trust initiatives, even to custom and legacy web applications. Specify what an individual employee is allowed to read or modify within any web application. Grant, manage and revoke access to cloud applications. Specify who gets access to what, at a granular level. Track usage of each and every cloud application. Clientless session recording without agents. Secure access to all web applications, including social media, custom, and legacy web applications. -
9
Authomize
Authomize
Authomize continuously detects all effective relationships between both human and machine identities to company assets throughout all your organization’s environments (IaaS, PaaS, SaaS, Data, On-prem), down to the most granular company asset and normalized consistently across apps. Authomize offers a continuously updated inventory of your identities, assets and access policies, blocking unintended access with guardrails and alerting on anomalies and various risks. Authomize’s AI-driven engine harnesses its comprehensive and granular visibility over all of an organization’s environments to construct an optimal set of access policies for any identity-asset relationship. This SmartGroup technology performs continuous access modeling, self-correcting as it incorporates new inputs such as actual usage, activities and decisions you take to create an optimal and accurate permission structure. -
10
Zluri
Zluri
Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management, Access Management, and Access Review capabilities. Zluri empowers IT and Security teams to gain visibility into their SaaS landscape, unlock recurring savings, & securely manage access with provisioning and de-provisioning of users. Zluri’s technology is powered by an Authknox engine, and assisted by an Automation engine, enabling companies to navigate & control complex SaaS ecosystems easily. Trusted by over 250 global customers, Zluri is committed to delivering innovative, reliable, and scalable solutions that empower organizations to optimize their SaaS usage, ensure compliance, and enhance Access Management practices. -
11
AuthPoint
WatchGuard
Our unique multi-factor authentication (MFA) solution not only helps to reduce the likelihood of network disruptions and data breaches arising from lost or stolen credentials, but we deliver this important capability entirely from the Cloud for easy set-up and management. AuthPoint goes beyond traditional 2-Factor Authentication (2FA) by considering innovative ways to positively identify users, and our large ecosystem of 3rd party integrations means that you can use MFA to protect access. Ultimately, WatchGuard AuthPoint is the right solution at the right time to make MFA a reality for the businesses who desperately need it to block attacks. AuthPoint uses a push message, QR code, or one-time password (OTP) as an additional factor proving your identity, and our mobile device DNA matches the authorized user’s phone when granting access to systems and applications. Therefore, any attacker who clones a user’s device in an attempt to access a protected system would be blocked. -
12
Anchore
Anchore
DevSecOps at full speed with deep inspection of container images and policy-based compliance. In an environment where application development must be fast and flexible, containers are the future. Adoption is accelerating, but with it comes risk. Anchore makes it possible to manage, secure, and troubleshoot containers continuously, without sacrificing speed. It delivers a process that allows container development and deployment to be secure from the start, by ensuring that the contents of your containers match the standards that you define. The tools are transparent to developers, visible to production, accessible to security, and all designed for the fluid nature of containers. Anchore sets a trusted standard for containers. It empowers you to certify your containers, making them predictable and protectable. So you can deploy containers with confidence. Protect against risks using a complete container image security solution. -
13
IRI Voracity
IRI, The CoSort Company
Voracity is the only high-performance, all-in-one data management platform accelerating AND consolidating the key activities of data discovery, integration, migration, governance, and analytics. Voracity helps you control your data in every stage of the lifecycle, and extract maximum value from it. Only in Voracity can you: 1) CLASSIFY, profile and diagram enterprise data sources 2) Speed or LEAVE legacy sort and ETL tools 3) MIGRATE data to modernize and WRANGLE data to analyze 4) FIND PII everywhere and consistently MASK it for referential integrity 5) Score re-ID risk and ANONYMIZE quasi-identifiers 6) Create and manage DB subsets or intelligently synthesize TEST data 7) Package, protect and provision BIG data 8) Validate, scrub, enrich and unify data to improve its QUALITY 9) Manage metadata and MASTER data. Use Voracity to comply with data privacy laws, de-muck and govern the data lake, improve the reliability of your analytics, and create safe, smart test data -
14
ActiveState
ActiveState
ActiveState delivers Intelligent Remediation for vulnerability management, which enables DevSecOps teams to not only identify vulnerabilities in open source packages, but also to automatically prioritize, remediate, and deploy fixes into production without breaking changes, ensuring that applications are truly secured. Existing tools overwhelm DevSecOps teams with excessive vulnerability data, false positives, and a lack of prioritization, often leading to inaction and increased exposure to exploits. ActiveState’s solution provides your DevSecOps with a comprehensive view of open source vulnerability status across your application portfolio, enabling them to prioritize the vulnerabilities that matter, assess the risk of updates, and choose recommended remediation paths. The ActiveState platform centers on open source languages packaged as runtimes that can be deployed in various form factors. Low-to-no CVE container images are also available for plug-in and play needs. -
15
TruffleHog
Truffle Security
TruffleHog runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs. Secrets can be found anywhere, so TruffleHog scans more than just code repositories, including SaaS and internally hosted software. With support for custom integrations and new integrations added all the time, you can secure your secrets across your entire environment. TruffleHog is developed by a team entirely comprised of career security experts. Security is our passion and primary concern, and all features are developed with best practices in mind. TruffleHog enables you to track and manage secrets within our intuitive management interface, including links to exactly where secrets have been found. Authenticate with secure OAuth workflows for users and never worry about username and password breaches. -
16
Access Auditor
Security Compliance Corp
Access Auditor automates user entitlement reviews and user access reviews. Access Auditor also alerts on changes in user access rights, and watches for separation of duties violations, and shows who has access to what. Users can be imported from any AD/LDAP, Database, or any REST API. Enterprise roles (RBAC) can be modeled and defined, allowing full RBAC reviews and provisioning. Access Manager leverages the same ease-of-use to automate the provisioning and management of user access rights. Any system with a database, LDAP, or REST API can be automatically managed via role based access controls. SCC’s powerful and simple approach to Identity Management enables a very rapid success at a low overall cost. With a 100% customer success rate, Access Auditor is the fastest and simplest solution available and can automate your user access reviews in under a week. -
17
Legit Security
Legit Security
Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Automatically discover security issues, remediate threats and ensure the integrity and compliance of software releases. Comprehensive, visual SDLC inventory that's continually updated. Reveal unknown, misconfigured and vulnerable SDLC systems and infrastructure. Centralized visibility over location, coverage and configuration of your existing security tools and scanners. Catch insecure build actions before they can embed vulnerabilities downstream. Centralized, early prevention of sensitive data leaks, secrets and PII, before being pushed into the SDLC. Track security trends across teams and product lines to improve security posture and incentivize behavior. Get security posture at-a-glance with Legit Security Scores, Integrate your own alert and ticketing tools or use ours. -
18
Asgardeo
WSO2
Asgardeo helps developers implement secure authentication flows to applications in a few simple steps. Easily integrate single page, regular web, and mobile applications. SDKs that enable working with various technology stacks. Enable social sign-in with Google, Facebook, and GitHub using pre-defined templates (with more to follow). Configure external identity providers that can connect with open standards like OpenID Connect and SAML to your application. Manage your customers, employees, and partners with (default) supported onboarding and management workflows. Use Asgardeo provided directory or plug in your own LDAP or Active Directory via an agent. Choose from a variety of methods such as Email OTP, SMS OTP, and TOTP for 2FA. Define multiple steps and configure options according to user requirements. Unlock the full application experience by focusing on the business logic and enable login and secure access to end-users. -
19
oak9
oak9
Visualize your IaC architecture and fix security design gaps before deployment. oak9 easily identifies security design gaps by reading Infrastructure as Code (e.g., Terraform) to understand what should be, then monitors for drift and offers actionable advice to quickly remediate. Build security into your application and avoid costly design gaps. Automatically catch and fix design gaps before deployment. Continuously and dynamically monitor infrastructure as code. oak9 lets you tailor security standards to your needs and intelligently learns the more you build, so you aren’t slowed by hundreds of false positives or non-relevant exceptions. You can focus on the functional capabilities of your application while oak9 assesses every change to your application architecture against your customized security blueprint to notify you in real-time of any risks. Seamlessly integrate into your CI/CD pipeline with real-time notifications and integrations with all the tools you already use. -
20
Sprinto
Sprinto
Replace the slow, laborious and error-prone way of obtaining SOC 2, ISO 27001, HIPAA, GDPR & PCI DSS compliance with a swift, hassle-free, and tech-enabled experience. Unlike generic compliance programs, Sprinto is specifically designed for cloud-hosted companies. SOC 2, ISO 27001, HIPAA, GDPR & PCI DSS have different implications for different types of companies. This is why generic compliance programs end up giving you more compliance debt and less security. Sprinto is specifically built to suit your needs as a cloud-hosted company. Sprinto is more than just a SaaS tool, it comes baked in with security and compliance expertise. Compliance experts handhold you in live sessions. Custom designed for your needs. No compliance cruft. 14 session, well-structured implementation program. Sense of clarity & control for the head of engineering. 100% compliance coverage. No evidence is shared outside Sprinto. Compliance automation for policies, integrations and all other requirements. -
21
Phylum
Phylum
Phylum defends applications at the perimeter of the open-source ecosystem and the tools used to build software. Its automated analysis engine scans third-party code as soon as it’s published into the open-source ecosystem to vet software packages, identify risks, inform users and block attacks. Think of Phylum like a firewall for open-source code. Phylum’s database of open-source software supply chain risks is the most comprehensive and scalable offering available, and can be deployed throughout the development lifecycle depending on an organization’s infrastructure and appsec program maturity: in front of artifact repository managers, directly with package managers or in CI/CD pipelines. The Phylum policy library allows users to toggle on the blocking of critical vulnerabilities, attacks like typosquats, obfuscated code and dependency confusion, copyleft licenses, and more. Users can also leverage OPA to create custom policies. -
22
securityprogram.io
Jemurai
Excellent security for small companies. Easily build a standard and audit-ready cybersecurity program. We want to make excellent security accessible to smaller organizations, and help them build legitimate security programs so they can win deals. Perfect for startups, you're already sprinting. Leverage a tool and a team that can keep pace with you. Document templates and built-in training allow you to make pragmatic improvements that improve security and demonstrate alignment to standards that customers trust. Your security program begins with reviewing and adopting security policies. We built the simplest possible policies that adhere to NIST 800-53 standards. We mapped the standards so that you'll know you're covered. We cross-reference our program activities to other standards including SOC 2, ISO 27001, NIST CSF, CIS 20, and CMMC to make sure you get credit for the work you do with customers and your management team.Starting Price: $99 one-time payment -
23
Prancer
Prancer
Large-scale cyber assaults occur regularly, and most security systems are reactive to eliminate intrusions. Prancer’s patented attack automation solution aggressively validates your zero-trust cloud security measures against real-world critical attacks to harden your cloud ecosystem continuously. It automates the discovery of cloud APIs across an organization. It offers automated cloud pentesting, enabling businesses to quickly identify potential security risks and vulnerabilities related to their APIs and minimize false positives with correlated risk scoring. Prancer auto-discovers enterprise resources in the cloud and find out all the attack surfaces at the Infrastructure and Application layers. Prancer engine reviews the security configuration of the resources and correlates data from different sources. It immediately reports back all the security misconfigurations and provides auto-remediation. -
24
Trustle
Trustle
Conventional cloud data security applications don’t scale. But with Trustle, you can automatically grant and rescind access to multiple data sources on a user-by-user basis while offering a holistic overview of all your connected systems—all from an easy-to-use SaaS product. Trustle allows every employee access where and when it’s needed, only for as long as it’s needed. Positive team dynamics are a crucial component of every employer's value proposition. Strengthen your employer brand while building strong team cohesion business-wide. Developers, citizen developers, teams and organizations will experience a significant change in their daily lives. Trustle is a unique SaaS offering, allowing you to start managing access-at-risk within minutes, while providing new structure to your business’s holistic data strategy within days.Starting Price: $10 per user per month -
25
Veza
Veza
Data is being reconstructed for the cloud. Identity has taken a new definition beyond just humans, extending to service accounts and principals. Authorization is the truest form of identity. The multi-cloud world requires a novel, dynamic approach to secure enterprise data. Only Veza can give you a comprehensive view of authorization across your identity-to-data relationships. Veza is a cloud-native, agentless platform, and introduces no risk to your data or its availability. We make it easy for you to manage authorization across your entire cloud ecosystem so you can empower your users to share data securely. Veza supports the most common critical systems from day one — unstructured data systems, structured data systems, data lakes, cloud IAM, and apps — and makes it possible for you to bring your own custom apps by leveraging Veza’s Open Authorization API. -
26
Infisical
Infisical
Compare secrets across environments and see what's different or missing. Set personal values for secrets – either during local development or for sensitive secrets. Easily inherit other secrets to establish a single source of truth. Automatically identify and prevent secret leaks to git using Infisical's continuous monitoring and pre-commit checks – support over 140 secret types.Starting Price: $6 per month -
27
Boman.ai
Boman.ai
Boman.ai can be integrated in your CI/CD pipeline with few commands and minimum configuration. No planning or expertise is needed. Boman.ai brings SAST, DAST, SCA, and secret scans all packaged in one integration. It can support multiple development languages. Boman.ai minimizes your application security expenses by utilizing open-source scanners. You don’t need to buy expensive application security tools. Boman.ai is powered by AI/ML that removes false positives and correlates results to help you in prioritization and fixes. The SaaS platform presents a dashboard for all your scan results in one place. Correlate the results and get insights for better application security. Manage vulnerabilities reported by the scanner. The platform helps to prioritize, triage, and remediate vulnerabilities. -
28
Kondukto
Kondukto
The Kondukto platform’s flexible design allows you to create custom workflows for responding to risks quickly and efficiently. Take advantage of more than 25 built-in open-source tools ready to run SAST, DAST, SCA, and Container Image scans within minutes without a need for installation, maintenance, or updates. Protect your corporate memory from changes in employees, scanners, or DevOps tools. All security data, statistics, and activities in one place for you to own. Avoid vendor lock or loss of historical data when you need to change an AppSec tool. Verify fixes automatically to ensure better collaboration and less distraction. Boost efficiency by eliminating redundant conversations between AppSec and development teams.Starting Price: $12,000 per annually -
29
Plurilock AI Cloud DLP
Plurilock Security
Plurilock AI Cloud DLP is a cloud-native yet endpoint-capable data loss prevention (DLP) solution that also provides passwordless SSO and CASB. It is designed specifically for cloud-centric companies relying on an army of SaaS applications to succeed. With Plurilock AI Cloud DLP, companies without the resources to configure and manage (much less pay for) the "default" incumbent DLP solutions can still gain the benefits of full-featured DLP, but at a level of simplicity and cost-effectiveness that makes DLP accessible to companies that don't specialize in IT. Plurilock AI Cloud DLP is part of the Plurilock AI platform, which grows as companies do, with an expansion path to true continuous, real-time authentication and user/entity behavior analytics (UEBA) for real-time biometric identity threat detection and response (ITDR). Plurilock AI is rated top in the industry in customer satisfaction by Info-Tech, based on the feedback of actual customers.Starting Price: $36/user/year -
30
PHP Secure
PHP Secure
PHP Secure is a FREE code scanner that analyzes your PHP code for critical security vulnerabilities. Free online scanner: - Quickly and qualitatively finds web app vulnerabilities - Gives explicit reports and recommendations to fix vulnerabilities - Easy to use and requires no specialized knowledge - Reduces risk, saves budget, and boosts productivity PHP Secure Scanner is suitable for analyzing sites on Php, framework Laravel, and CMS Wordpress, Drupal and Joomla. PHP Secure detects the most common and dangerous types: -SQL injection vulnerabilities -Command Injection -Cross-Site Scripting (XSS) Vulnerabilities -PHP Serialize Injections -Remote Code Executions -Double Escaping -Directory Traversal -Regular Expression Denial of Service (ReDos)