Best IT Security Software for GitHub - Page 8
View:
Compare the Top IT Security Software that integrates with GitHub as of June 2025 - Page 8
Sort By:
This a list of IT Security software that integrates with GitHub. Use the filters on the left to add additional filters for products that have integrations with GitHub. View the products that work with GitHub in the table below.
-
1
Astrix Security
Astrix Security
Astrix ensures your core systems are securely connected to third-party cloud services by extending access management and threat prevention to API keys, OAuth tokens, service accounts, and more. Our agentless, easy-to-deploy solution enables you to discover and remediate risky app-to-app connections that expose you to supply chain attacks, data breaches, and compliance violations. Get a consolidated view of all the connections to your critical systems: internal and external apps, access keys, secrets, and workflows. Uncover over-privileged, unnecessary, and untrusted connections. Get an alert when an app behaves suspiciously. -
2
Scrut Automation
Scrut
With Scrut, automate your risk assessment and monitoring, build your own unique risk-first infosec program, effortlessly manage multiple compliance audits, and demonstrate trust with your customers, all from a single window. Discover cyber assets, set up your infosec program and controls, continuously monitor your controls for 24/7 compliance, and manage multiple compliance audits simultaneously, all through a single window on Scrut. Monitor risks across your infrastructure and application landscape in real-time and continuously stay compliant with 20+ compliance frameworks. Collaborate with team members, auditors, and pen-testers with automated workflows and seamless artifact sharing. Create, assign, and monitor tasks to manage daily compliance with automated alerts and reminders. With the help of 70+ integrations with commonly used applications, make continuous security compliance effortless. Scrut’s intuitive dashboards provide quick overviews and insights. -
3
Silk Security
Silk Security
Cut through the findings flood, holistically understand risk, automate prioritization, and collaborate on fix remediation — all in one platform. Adoption of cloud, hybrid, and cloud-native applications generates more complexity and scale issues that legacy approaches can't begin to address. Without enough environmental context, security teams struggle to measure and prioritize the risk associated with findings. Duplicate alerts from multiple tools mean compounds the challenge for security teams to prioritize and assign remediation ownership. 60% of the breaches that occur are due to a security alert that the organization knew about, but struggled to map stakeholder responsibility for the fix. Map stakeholder responsibility, enable self-service remediation with actionable recommendations, and facilitate bidirectional collaboration through integration into existing tools and workflows. -
4
Polar Security
Polar Security
Automate data discovery, protection & governance in your cloud workload and SaaS applications. Automatically pinpoint all your exposed sensitive data in cloud workloads and SaaS applications, allowing you to shrink the data attack surface. Identify and classify sensitive data such as PII, PHI, PCI, and custom company IP to prevent sensitive data exposure. Get actionable insights on how to protect your cloud data and ensure compliance, in real-time. Enforce data access policies to achieve least privileged access, maintain a strong security posture, and remain resilient to cyber-threats. -
5
Stack Identity
Stack Identity
We identify, eliminate and govern shadow access - unauthorized, unmonitored and invisible access to cloud data, applications and infrastructure before an attacker can exploit it. We transform cloud IAM operations with an automated and risk-driven approach to securing and governing cloud data. This empowers cloud and security teams to quickly identify every data access pattern; who, what, when, where and why there is data access and its impact on cloud data security. Stack Identity protects cloud data by prioritizing both the risk and impact of identity, access and data vulnerabilities, visualized via our live data attack map. We help you remediate all types of access risks – human and API-based, guiding identity practitioners, governance and compliance teams and data owners to take definitive action and provide SecOps and DevOps teams with an honest view of cloud security risks. -
6
Tromzo
Tromzo
Tromzo builds deep environmental and organizational context from code to cloud so you can accelerate the remediation of critical risks across the software supply chain. Tromzo accelerates the remediation of risks at every layer from code to cloud. We do this by building a prioritized risk view of the entire software supply chain with context from code to cloud. This context helps our users understand which few assets are critical to the business, prevent risks from being introduced to those critical assets, and automate the remediation lifecycle of the few issues that truly matter. Contextual software asset inventory (code repos, software dependencies, SBOMs, containers, microservices, etc.), so you know what you have, who owns them, and which ones are important to the business. Understand the security posture for every team with SLA compliance, MTTR, and other custom KPIs, so you can drive risk remediation and accountability across the organization. -
7
ProjectDiscovery
ProjectDiscovery
Use automation, integrations, and continuous scanning to defend your modern tech stack. Build your regression database with alerts and CI/CD tools to prevent vulnerabilities from reappearing. Effortlessly retest vulnerabilities. Save time and resources allowing your team to ship faster. Security should be simple, accessible, and community-driven. Not all vulnerabilities and assets are worth triaging. Focus on the ones that matter to your workflows with context-enriched data. Our AI templating integration reads vulnerability reports and tailors templates to your needs, saving you time and effort on automation. Automate with support from APIs and webhooks. Trigger scans and receive real-time updates on vulnerabilities, assets, and templates. Collaborate across teams by sharing templates, assets, and vulnerabilities. Our enterprise platform has an amazing foundation. -
8
Maverix
Maverix
Maverix blends itself into the existing DevOps process, brings all required integrations with software engineering and application security tools, and manages the application security testing process end to end. AI-based automation for security issues management including detection, grouping, prioritization, filtration, synchronization, control of fixes, and support of mitigation rules. Best-in-class DevSecOps data warehouse for full visibility into application security improvements over time and team efficiency. Security issues can be easily tracked, triaged, and prioritized – all from a single user interface for the security team, with integrations to third-party products. Gain full visibility into application production readiness and application security improvements over time. -
9
Cypago
Cypago
Reduce manual efforts, lower costs and strengthen trust with customers with no-code automation workflows. Elevate your security Governance, Risk, and Compliance (GRC) maturity through simplified and automated cross-functional processes. Everything you need to know about achieving and maintaining compliance across all security frameworks and IT environments. Get in-depth ongoing insight into your compliance and risk posture. Save thousands of hours of manual work by leveraging the power of true automation. Put security policies and procedures into action to maintain accountability. At last, a complete audit automation experience, including audit scope generation and customization, 3600 evidence collection across data silos, in-context gap analysis, and auditor-trusted reports. Because audits can be easier and way more efficient than they are today. Transform chaos into compliance and enjoy instant insights on your employee and user base access privileges and permissions. -
10
Josys
Josys
Discover and visualize SaaS apps, streamline all provisioning operations, and conquer shadow IT while gaining valuable insights into SaaS expenditure and optimizing where it counts. Simplify, optimize, and secure your SaaS and device management, all on a unified console with just a few clicks. Visualize devices, monitor statuses, and manage lifecycle. Choose the right equipment and configurations for your team with ease, and streamline delivery logistics with utmost efficiency. Select from a large catalog of popular SaaS integrations to drastically simplify your workflows and eliminate the burden of bouncing around various SaaS consoles. Josys integrates with popular SaaS apps to enable operational efficiencies like never before, streamlining your workflows via effortless integrations with a wide range of SaaS apps. This leads to streamlined processes, eliminated redundant tasks, reduced manual errors, and enhanced workflow fluidity across apps. -
11
Attack Surface Management detects known, unknown, and potentially vulnerable public-facing assets, as well as changes to your attack surface that may introduce risk. How? Through a combination of NetSPI’s powerful ASM technology platform, our global penetration testing experts, and our 20+ years of pen-testing expertise. Take comfort in the fact that the ASM platform is always on, working continuously in the background to provide you with the most comprehensive and up-to-date external attack surface visibility. Get proactive with your security using continuous testing. ASM is driven by our powerful automated scan orchestration technology, which has been utilized on the front lines of our pen-testing engagements for years. We use various automated and manual methods to continuously discover assets and leverage open source intelligence (OSINT) to identify publicly available data sources.
-
12
Revelstoke
Revelstoke
Rock your SOC with the first universal, low-code, high-speed security automation platform with case management built in. Revelstoke uses a single, universal data model that normalizes input and output data to allow for fast integration of any security product, and it’s future-proof. Our UI is based on the Kanban-style workflow. Grab a card, drag it into place, drop it where you want, and boom, the automation works. You can track and monitor case actions, timeline information, and workflow actions, all from the case management dashboard. IR is at your fingertips. Measure and report on the business impact of security automation, prove the value of the investment and show what your team is worth. Revelstoke radically simplifies security orchestration, automation, and response (SOAR), so security teams can work faster, smarter, and more effectively. With a low-code, drag-and-drop interface, dozens of built-in integrations, and incredible visibility into performance metrics. -
13
Learn what a digital risk protection solution is and how it can help you be better prepared by understanding who is targeting you, what they’re after, and how they plan to compromise you. Google Digital Risk Protection delivers a broad digital risk protection solution either via stand-alone self-managed SaaS products or a comprehensive service. Both options give security professionals visibility outside their organization, the ability to identify high-risk attack vectors, malicious orchestration from the deep and dark web, and attack campaigns on the open web. The Google Digital Risk Protection solution also provides contextual information on threat actors and their tactics, techniques, and procedures to provide a more secure cyber threat profile. Gain visibility into risk factors impacting the extended enterprise and supply chain by mapping your attack surface and monitoring deep and dark web activity.
-
14
Threater
Threater
Threater Enforce deploys and enforces data — in real time — at scale — across your entire network and blocks all known bad threat actors from ever entering your network. With full threat source attribution on every connection in your network, you are not only blocking all of the known bad threat actors at scale — but you’re arming your team with powerful insights about what is happening in your network — all in real time. Threater is a solution for managing and understanding all threats that blocks both inbound and outbound threats on your network. This service works with your existing security stack by blocking threat actors before they can even access your network. Threater has built-in support for most popular apps and common connectors, so you can maximize value and share data across all your tools. -
15
Dazz
Dazz
Unified remediation for code, clouds, applications, and infrastructure. We help security and dev teams accelerate remediation and reduce exposure with one remediation solution for everything developed and run in their environments. Dazz connects security tools and pipelines, correlates insights from code to cloud, and shrinks alert backlog into root causes, so your team can remediate smarter and faster. Shrink your risk window from weeks to hours. Prioritize the vulnerabilities that matter most. Say goodbye to chasing and triaging alerts manually, and hello to automation that reduces exposure. We help security teams triage and prioritize critical fixes with context. Developers get insight into root causes and backlog relief. With less friction, your teams truly could become BFFs. -
16
Opus Security
Opus Security
Prioritize what really matters based on risk, contextual analysis, and event de-duplication. Manage the full remediation lifecycle and eliminate manual effort from the remediation process by introducing automation throughout. Drive cross-organizational initiatives with ease. Consolidate all your issues across posture management and vulnerability tools. Drastically reduce the number of issues by identifying common root causes, and get clear visibility and in-depth reporting. Effectively collaborate with distributed teams within their own tools. Deliver a personalized, relevant experience for every engineer. Provide actionable remediation guidance and practical code suggestions. Easily adapt to your own organizational structure. A centralized, unified platform designed to drive effective remediation across any attack surface, any tool, and any stakeholder. Easily integrating with existing posture management and vulnerability tools, Opus provides much-needed visibility. -
17
Blink
Blink Ops
Blink is an ROI force multiplier for security teams and business leaders looking to quickly and easily secure a wide variety of use cases. Get full visibility and coverage of alerts across your organization and security stack. Utilize automated flows to reduce noise and false positives in alerts. Scan for attacks and proactively identify insider threats and vulnerabilities. Create automated workflows that add relevant context, streamline communications, and reduce MTTR. Take action on alerts and improve your cloud security posture with no-code automation and generative AI. Shift-left access requests, streamline approvals flows, and unblock developers while keeping your applications secure. Continuously monitor your application for SOC2, ISO, GDPR, or other compliance checks and enforce controls. -
18
TruAnon
TruAnon
TruAnon takes this a critical step further, it tabulates the depth of these interconnections and this rank/score makes you visibly trusted. Voluntary yet transparent verification shifts the burden of trust, naturally benefitting the credible. Regular users find pleasure in the process, engaging with the system that empowers them, while fraudsters find the economics of their tactics undone. The genius of this system lies in its simplicity, natural motivations safeguard the community and undermine the economic incentives of fraud. Results are immediate for any size community, fraudsters can't buy their way in, and the effort to sustain a fake presence is too costly to maintain in such a public way. -
19
Coana
Socket
Traditional SCA tools do not distinguish between exploitable and unexploitable vulnerabilities. As a consequence, up to 95% of the vulnerabilities that developers are remediating 'are irrelevant and can be safely ignored. Coana employs reachability analysis to eliminate up to 95% false positives. As a consequence, developers only need to remediate the remaining few vulnerabilities that are relevant. With up to 95% of vulnerabilities being unreachable, you save time and resources by focusing only on the remaining few that pose a real threat. Pinpoint the exact locations in your code affected by reachable vulnerabilities. See exactly which dependency updates are necessary to remediate reachable vulnerabilities. Identify reachable vulnerabilities in both direct and indirect dependencies.Starting Price: $20 per user per month -
20
SURF Security
SURF Security
Create a security air gap, reduce your attack surface and isolate your business from internal and external exploits, while streamlining SaaS apps and accessing your data. Grants access based on the identity of the users and their devices to any SaaS or on-prem apps. Isolated work environment from device and web threats locally on the endpoint, by encrypting, sandboxing and rendering content. Enforcing enterprise browser security policies like DLP, web filtering, phishing protection, extension management and more. SURF brings Zero-Trust principles to the user via the browser, protecting everyone and everything in the enterprise regardless of role. By configuring only a few policies, IT and security teams can significantly reduce the attack surface. Discover the benefits of utilizing SURF from an Information technology perspective. -
21
RiskApp
RiskApp
With RiskApp, you will have the ability to centralize your AppSec data sources, normalize them, and deduplicate the data. RiskApp then helps you understand your unique AppSec posture. Helping you to prioritize where to take action and set your custom RiskAppetite. RiskApp empowers organizations to centralize their application security data, bringing together fragmented tools and processes into a unified platform. Gain a single source of truth for your application security posture. Unlock the power of RiskApp's advanced analytics and insights. Understand and prioritize your application security comprehensively, from vulnerabilities to threat trends. Make data-driven decisions to fortify your defenses and stay ahead of emerging risks. RiskApp simplifies communication between teams via multiple collaboration tools as well as GRC. This enables the RiskApp platform to break barriers between developers and the security team. -
22
OpenContext
OpenContext
OpenContext eliminates drift and provides the insight DevOps folks need to reduce toil. OpenContext unites all aspects of the socio-technical stack, connecting your code to artifacts in the cloud into a graph-based view. Our always-growing integration ecosystem tells the whole story of your tech stack. OpenContext discovers your socio-technical graph in real time, tracking the data lineage and best practices that ensure your team is audit-ready. We’ll show you exactly who has the relevant knowledge to address the problem, finding your fixer without all the extra effort. That means fewer interruptions, fewer contributors pulled off their regular work, and a much better use of your time and money. OpenContext auto-discovers your technical stack. You can’t afford to let those liabilities stay hidden. It leads to a real scramble to find the key people, your fixers, who know exactly how everything is put together. -
23
Syhunt Hybrid
Syhunt
Syhunt dynamically injects data in web applications and analyzes the application response to determine if the application code is vulnerable, automating the web application security testing and proactively guarding your organization's Web infrastructure against several kinds of web application security threats. Syhunt Hybrid follows simple GUI standards, prioritizing ease of use and automation and thus requiring minimal to no user intervention before or during scans despite a large number of customization options. Compare past scan sessions to determine new, unchanged or removed vulnerabilities. Generate a comparison report that displays the evolution of vulnerabilities over time by automatically comparing previous scan session data related to a specific target. -
24
BlueFlag Security
BlueFlag Security
BlueFlag Security provides multi-layer defense, protecting developer identities and their tools throughout the software development lifecycle (SDLC). Don't let uncontrolled developer and machine identities become the Achilles' heel of your software supply chain. Weaknesses in these identities create a backdoor for attackers. BlueFlag seamlessly integrates identity security across the SDLC safeguarding your code, tools, and infrastructure. BlueFlag automates the rightsizing of permissions for developer and machine identities, enforcing the principle of least privilege throughout the dev environment. BlueFlag enforces strong identity hygiene by deactivating off-boarded users, managing personal access tokens, and restricting direct access to developer tools and repositories. BlueFlag's ensures early detection and prevention of insider threats and unauthorized privileged escalation by continuously monitoring behavior patterns across the CI/CD. -
25
Tarsal
Tarsal
Tarsal's infinite scalability means as your organization grows, Tarsal grows with you. Tarsal makes it easy for you to switch where you're sending data - today's SIEM data is tomorrow's data lake data; all with one click. Keep your SIEM and gradually migrate analytics over to a data lake. You don't have to rip anything out to use Tarsal. Some analytics just won't run on your SIEM. Use Tarsal to have query-ready data on a data lake. Your SIEM is one of the biggest line items in your budget. Use Tarsal to send some of that data to your data lake. Tarsal is the first highly scalable ETL data pipeline built for security teams. Easily exfil terabytes of data in just just a few clicks, with instant normalization, and route that data to your desired destination. -
26
SandboxAQ
SandboxAQ
The emergence of large, fault-tolerant quantum computers poses a significant threat to current public-key cryptography, leaving sensitive data and systems vulnerable to attacks. SandboxAQ was selected by the NIST's National Cybersecurity Center of Excellence for its Migration to Post-Quantum Cryptography project, which partners with industry to help the government develop best practices to transition from current public-key cryptography to post-quantum cryptography algorithms. Easily adhere to new cryptographic requirements and switch between them without requiring additional development or maintenance. Application Analyzer detects and records all calls to cryptographic libraries made by an application at run time, identifying vulnerabilities and policy breaches. -
27
Vorlon
Vorlon
Continuous near real-time detection and identification of your data in motion between third-party apps with remediation capabilities. By not continuously monitoring third-party APIs, you inadvertently grant attackers an average of seven months to act before you detect and remediate an issue. Vorlon continuously monitors your third-party applications and detects abnormal behavior in near real-time, processing your data every hour. Understand your risks in the third-party apps your Enterprise uses with clear insights and recommendations. Report progress to your stakeholders and board with confidence. Gain visibility into your third-party apps. Detect, investigate, and respond to abnormal third-party app activity, data breaches, and security incidents in near real-time. Determine whether the third-party apps your Enterprise uses are compliant with regulations. Provide proof of compliance to stakeholders with confidence. -
28
Aftra
Aftra
Gain valuable insights, protect sensitive data, and strengthen your defenses with our automated scanning, monitoring, and continuous vulnerability detection. Aftra provides the insight; you steer the course. Safeguard your reputation, trust, and assets. Aftra illuminates what needs protection. Aftra is your ally in the fight against cyber threats. Proactive, insightful, and empowering. Aftra empowers you with insights and tools to secure your digital assets, so you can make informed decisions and bolster your defenses with confidence. Aftra offers a comprehensive view of both internal and external digital assets, providing invaluable insights for making informed security decisions. Aftra identifies both known and unknown domains and accounts associated with your organization. Aftra actively suggests domains and accounts that may belong to your organization. Aftra reveals the services and accounts used by your company and identifies employee digital footprints on third-party platforms. -
29
SecureFlag
SecureFlag
SecureFlag’s hands-on training in real development environments offers a tailored approach to enterprise training needs. 45+ technologies supported and over 150 vulnerability types covered. Each comprises a fully configured development environment. With more than 70% of vulnerabilities introduced during development, writing secure software is more critical than ever. SecureFlag has revolutionized the approach to secure coding training. With SecureFlag’s hands-on labs, participants learn in virtualized environments using the tools they know and love. SecureFlag’s Labs teaches participants how to identify and remediate the most prevalent security issues by doing instead of simply just seeing. Labs run in real, virtualized development environments, and participants learn using the same tools they use at work. Engage with your organization’s developer community and promote learning through enjoyable competition. -
30
Tracebit
Tracebit
Tracebit generates and maintains tailored canary resources in your cloud environments, closing gaps in stock protection without time and cost intensive detection engineering. Tracebit generates and maintains dynamic cloud canaries. Tracebit alerts have inherent context that can be understood and actioned by the whole team. We cover a full and growing range of cloud resources, and continue to evolve and refresh your canaries instep with your environment to constantly keep your adversaries guessing. Leverage our infrastructure as code integration and automated canary recommendations to scale our cloud canaries across your estate rapidly.