Best IT Security Software for GitHub - Page 9
View:
Compare the Top IT Security Software that integrates with GitHub as of November 2025 - Page 9
Sort By:
This a list of IT Security software that integrates with GitHub. Use the filters on the left to add additional filters for products that have integrations with GitHub. View the products that work with GitHub in the table below.
-
1
Threater
Threater
Threater Enforce deploys and enforces data — in real time — at scale — across your entire network and blocks all known bad threat actors from ever entering your network. With full threat source attribution on every connection in your network, you are not only blocking all of the known bad threat actors at scale — but you’re arming your team with powerful insights about what is happening in your network — all in real time. Threater is a solution for managing and understanding all threats that blocks both inbound and outbound threats on your network. This service works with your existing security stack by blocking threat actors before they can even access your network. Threater has built-in support for most popular apps and common connectors, so you can maximize value and share data across all your tools. -
2
Dazz
Dazz
Unified remediation for code, clouds, applications, and infrastructure. We help security and dev teams accelerate remediation and reduce exposure with one remediation solution for everything developed and run in their environments. Dazz connects security tools and pipelines, correlates insights from code to cloud, and shrinks alert backlog into root causes, so your team can remediate smarter and faster. Shrink your risk window from weeks to hours. Prioritize the vulnerabilities that matter most. Say goodbye to chasing and triaging alerts manually, and hello to automation that reduces exposure. We help security teams triage and prioritize critical fixes with context. Developers get insight into root causes and backlog relief. With less friction, your teams truly could become BFFs. -
3
Opus Security
Opus Security
Prioritize what really matters based on risk, contextual analysis, and event de-duplication. Manage the full remediation lifecycle and eliminate manual effort from the remediation process by introducing automation throughout. Drive cross-organizational initiatives with ease. Consolidate all your issues across posture management and vulnerability tools. Drastically reduce the number of issues by identifying common root causes, and get clear visibility and in-depth reporting. Effectively collaborate with distributed teams within their own tools. Deliver a personalized, relevant experience for every engineer. Provide actionable remediation guidance and practical code suggestions. Easily adapt to your own organizational structure. A centralized, unified platform designed to drive effective remediation across any attack surface, any tool, and any stakeholder. Easily integrating with existing posture management and vulnerability tools, Opus provides much-needed visibility. -
4
Blink
Blink Ops
Blink is an ROI force multiplier for security teams and business leaders looking to quickly and easily secure a wide variety of use cases. Get full visibility and coverage of alerts across your organization and security stack. Utilize automated flows to reduce noise and false positives in alerts. Scan for attacks and proactively identify insider threats and vulnerabilities. Create automated workflows that add relevant context, streamline communications, and reduce MTTR. Take action on alerts and improve your cloud security posture with no-code automation and generative AI. Shift-left access requests, streamline approvals flows, and unblock developers while keeping your applications secure. Continuously monitor your application for SOC2, ISO, GDPR, or other compliance checks and enforce controls. -
5
TruAnon
TruAnon
TruAnon takes this a critical step further, it tabulates the depth of these interconnections and this rank/score makes you visibly trusted. Voluntary yet transparent verification shifts the burden of trust, naturally benefitting the credible. Regular users find pleasure in the process, engaging with the system that empowers them, while fraudsters find the economics of their tactics undone. The genius of this system lies in its simplicity, natural motivations safeguard the community and undermine the economic incentives of fraud. Results are immediate for any size community, fraudsters can't buy their way in, and the effort to sustain a fake presence is too costly to maintain in such a public way. -
6
Coana
Socket
Traditional SCA tools do not distinguish between exploitable and unexploitable vulnerabilities. As a consequence, up to 95% of the vulnerabilities that developers are remediating 'are irrelevant and can be safely ignored. Coana employs reachability analysis to eliminate up to 95% false positives. As a consequence, developers only need to remediate the remaining few vulnerabilities that are relevant. With up to 95% of vulnerabilities being unreachable, you save time and resources by focusing only on the remaining few that pose a real threat. Pinpoint the exact locations in your code affected by reachable vulnerabilities. See exactly which dependency updates are necessary to remediate reachable vulnerabilities. Identify reachable vulnerabilities in both direct and indirect dependencies.Starting Price: $20 per user per month -
7
SURF Security
SURF Security
Create a security air gap, reduce your attack surface and isolate your business from internal and external exploits, while streamlining SaaS apps and accessing your data. Grants access based on the identity of the users and their devices to any SaaS or on-prem apps. Isolated work environment from device and web threats locally on the endpoint, by encrypting, sandboxing and rendering content. Enforcing enterprise browser security policies like DLP, web filtering, phishing protection, extension management and more. SURF brings Zero-Trust principles to the user via the browser, protecting everyone and everything in the enterprise regardless of role. By configuring only a few policies, IT and security teams can significantly reduce the attack surface. Discover the benefits of utilizing SURF from an Information technology perspective. -
8
RiskApp
RiskApp
With RiskApp, you will have the ability to centralize your AppSec data sources, normalize them, and deduplicate the data. RiskApp then helps you understand your unique AppSec posture. Helping you to prioritize where to take action and set your custom RiskAppetite. RiskApp empowers organizations to centralize their application security data, bringing together fragmented tools and processes into a unified platform. Gain a single source of truth for your application security posture. Unlock the power of RiskApp's advanced analytics and insights. Understand and prioritize your application security comprehensively, from vulnerabilities to threat trends. Make data-driven decisions to fortify your defenses and stay ahead of emerging risks. RiskApp simplifies communication between teams via multiple collaboration tools as well as GRC. This enables the RiskApp platform to break barriers between developers and the security team. -
9
OpenContext
OpenContext
OpenContext eliminates drift and provides the insight DevOps folks need to reduce toil. OpenContext unites all aspects of the socio-technical stack, connecting your code to artifacts in the cloud into a graph-based view. Our always-growing integration ecosystem tells the whole story of your tech stack. OpenContext discovers your socio-technical graph in real time, tracking the data lineage and best practices that ensure your team is audit-ready. We’ll show you exactly who has the relevant knowledge to address the problem, finding your fixer without all the extra effort. That means fewer interruptions, fewer contributors pulled off their regular work, and a much better use of your time and money. OpenContext auto-discovers your technical stack. You can’t afford to let those liabilities stay hidden. It leads to a real scramble to find the key people, your fixers, who know exactly how everything is put together. -
10
Syhunt Hybrid
Syhunt
Syhunt dynamically injects data in web applications and analyzes the application response to determine if the application code is vulnerable, automating the web application security testing and proactively guarding your organization's Web infrastructure against several kinds of web application security threats. Syhunt Hybrid follows simple GUI standards, prioritizing ease of use and automation and thus requiring minimal to no user intervention before or during scans despite a large number of customization options. Compare past scan sessions to determine new, unchanged or removed vulnerabilities. Generate a comparison report that displays the evolution of vulnerabilities over time by automatically comparing previous scan session data related to a specific target. -
11
BlueFlag Security
BlueFlag Security
BlueFlag Security provides multi-layer defense, protecting developer identities and their tools throughout the software development lifecycle (SDLC). Don't let uncontrolled developer and machine identities become the Achilles' heel of your software supply chain. Weaknesses in these identities create a backdoor for attackers. BlueFlag seamlessly integrates identity security across the SDLC safeguarding your code, tools, and infrastructure. BlueFlag automates the rightsizing of permissions for developer and machine identities, enforcing the principle of least privilege throughout the dev environment. BlueFlag enforces strong identity hygiene by deactivating off-boarded users, managing personal access tokens, and restricting direct access to developer tools and repositories. BlueFlag's ensures early detection and prevention of insider threats and unauthorized privileged escalation by continuously monitoring behavior patterns across the CI/CD. -
12
Tarsal
Tarsal
Tarsal's infinite scalability means as your organization grows, Tarsal grows with you. Tarsal makes it easy for you to switch where you're sending data - today's SIEM data is tomorrow's data lake data; all with one click. Keep your SIEM and gradually migrate analytics over to a data lake. You don't have to rip anything out to use Tarsal. Some analytics just won't run on your SIEM. Use Tarsal to have query-ready data on a data lake. Your SIEM is one of the biggest line items in your budget. Use Tarsal to send some of that data to your data lake. Tarsal is the first highly scalable ETL data pipeline built for security teams. Easily exfil terabytes of data in just just a few clicks, with instant normalization, and route that data to your desired destination. -
13
SandboxAQ
SandboxAQ
The emergence of large, fault-tolerant quantum computers poses a significant threat to current public-key cryptography, leaving sensitive data and systems vulnerable to attacks. SandboxAQ was selected by the NIST's National Cybersecurity Center of Excellence for its Migration to Post-Quantum Cryptography project, which partners with industry to help the government develop best practices to transition from current public-key cryptography to post-quantum cryptography algorithms. Easily adhere to new cryptographic requirements and switch between them without requiring additional development or maintenance. Application Analyzer detects and records all calls to cryptographic libraries made by an application at run time, identifying vulnerabilities and policy breaches. -
14
Vorlon
Vorlon
Continuous near real-time detection and identification of your data in motion between third-party apps with remediation capabilities. By not continuously monitoring third-party APIs, you inadvertently grant attackers an average of seven months to act before you detect and remediate an issue. Vorlon continuously monitors your third-party applications and detects abnormal behavior in near real-time, processing your data every hour. Understand your risks in the third-party apps your Enterprise uses with clear insights and recommendations. Report progress to your stakeholders and board with confidence. Gain visibility into your third-party apps. Detect, investigate, and respond to abnormal third-party app activity, data breaches, and security incidents in near real-time. Determine whether the third-party apps your Enterprise uses are compliant with regulations. Provide proof of compliance to stakeholders with confidence. -
15
SecureFlag
SecureFlag
SecureFlag’s hands-on training in real development environments offers a tailored approach to enterprise training needs. 45+ technologies supported and over 150 vulnerability types covered. Each comprises a fully configured development environment. With more than 70% of vulnerabilities introduced during development, writing secure software is more critical than ever. SecureFlag has revolutionized the approach to secure coding training. With SecureFlag’s hands-on labs, participants learn in virtualized environments using the tools they know and love. SecureFlag’s Labs teaches participants how to identify and remediate the most prevalent security issues by doing instead of simply just seeing. Labs run in real, virtualized development environments, and participants learn using the same tools they use at work. Engage with your organization’s developer community and promote learning through enjoyable competition. -
16
Tracebit
Tracebit
Tracebit generates and maintains tailored canary resources in your cloud environments, closing gaps in stock protection without time and cost intensive detection engineering. Tracebit generates and maintains dynamic cloud canaries. Tracebit alerts have inherent context that can be understood and actioned by the whole team. We cover a full and growing range of cloud resources, and continue to evolve and refresh your canaries instep with your environment to constantly keep your adversaries guessing. Leverage our infrastructure as code integration and automated canary recommendations to scale our cloud canaries across your estate rapidly. -
17
AirMDR
AirMDR
AI-powered virtual analysts automate 80-90% of routine tasks, delivering faster, higher-quality, and more affordable alert triage, investigation, and response, all supported by human experts. Say no to expensive, slow, poor quality, and inconsistent investigations. Say hello to precision investigations at blazing-fast speed. Traditional MDRs rely on human analysts for case triage, but at AirMDR, our intelligent virtual analyst processes these cases 20 times faster with greater consistency and depth. At AirMDR, human analysts have to manually triage over 90% fewer cases. Experience high-quality investigation, triage, and response for every alert, with 90% of alerts investigated in under five minutes. Every alert is automatically enriched, investigated, and triaged by our virtual analyst, serving as the first responder. This process is continuously supervised and enhanced by our team of human security experts, ensuring a seamless and efficient security operation. -
18
otto-js
otto
otto-js understands what it takes to work with small & mid-sized businesses. While many SMBs choose otto-js directly through one of our many no-code platform plugins, for large partners, who also service the SMB market, we have a flexible, robust, API capable of onboarding thousands of customers in a flash. We work with others to help consolidate vendor sprawl, consolidating costs & integration time. otto-js is committed to being there when you need us, regardless of platforms, stack, and integrations. That's why we've kept our learning curb low and our return on value high. Shoppers are more than 90% more likely to buy online from brands they trust. Proving you are a safe and compliant website is one of the number one ways to develop trust quickly and increase conversions. -
19
Aembit
Aembit
Replace manual and insecure access to non-human identities with our automated and secretless Workload IAM platform. Manage your workload-to-workload access like you do your users: with automated, policy-based and identity-driven controls, so you can proactively eliminate the risk of non-human identities. Aembit boosts security by cryptographically verifying workload identities, in real time, ensuring that only trusted workloads have access to your sensitive data. Aembit injects short-lived credentials into requests just-in-time so you never have to store or protect secrets. Dynamically enforce access rights based on real-time evaluations of workload security posture, geography and other key behavioral characteristics. Aembit secures access amongst workloads in the cloud on-prem and in SaaS. -
20
Apono
Apono
Use the Apono cloud-native access governance platform to work faster and more securely with self-service, secure, scalable access built for modern enterprises running in the cloud. Discover who has access to what with context. Identify access risk leveraging enriched identity and cloud resource context from the environment. Enforce access guardrails at scale. Apono automatically suggests dynamic policies that fit your business needs, streamlining the cloud access lifecycle and gaining control of cloud-privileged access. Improve your environment access controls with Apono’s AI, which detects high-risk unused, over provisioned and shadow access. Remove standing access and prevent lateral movement in your cloud environment. Organizations can enforce strict authentication, authorization, and audit controls for these high-level accounts, reducing the risk of insider threats, data breaches, and unauthorized access. -
21
Rainforest
Rainforest
Achieve higher cyber security protection with the Rainforest platform. Trust Rainforest to safeguard your innovations and provide you with the confidence to navigate the digital world securely, with quick implementation, and faster results. Traditional solutions are too complex to implement for companies that don't waste time and money. Frictionless integration, so you can use your time more fixing than implementing our solutions. Our trained models use AI to suggest fixes, empowering your team to resolve issues easily. 7 different application analyses with comprehensive application security, local code analysis, and AI-driven fix suggestions, ensure seamless integration, rapid vulnerability detection, and effective remediation for robust application protection. Continuous cloud security posture management, identifying misconfigurations and vulnerabilities in real-time enhancing cloud security effortlessly. -
22
Notus
Notus
Notus integrates with a wide range of data sources to deliver continuous, unified asset visibility, enabling actionable insights for critical remediation. Identify all devices, software, and configurations with existing tools. Focus on the most critical vulnerabilities first. Stay informed of changes and emerging threats. Uncover vulnerabilities and misconfiguration. Ensure that security considerations are addressed throughout the asset and software lifecycles. Track software usage, prevent violations, and optimize costs. continuous. Streamline issue resolution by assigning tasks to relevant teams. Conducting manual cybersecurity asset inventories is labor-intensive, often carried out around 12 times annually. Despite this effort, you still won't achieve an up-to-date, consolidated view of your entire environment. By using Notus, the process of managing cybersecurity asset inventories becomes straightforward and instantaneous. -
23
Oneleet
Oneleet
We help companies build trust by creating real-world security controls, and then attesting to those controls with a SOC 2 report. Oneleet is a full-stack cybersecurity platform that makes effective cybersecurity easy and painless. We help businesses stay secure so that they can focus on providing value to their customers. We'll start by doing a scoping call to learn about your infrastructure, security concerns, & compliance needs. Then we'll build you out a custom security program that is stage-appropriate. We'll perform your penetration test with highly qualified OSCE-certified or OSWE-certified testers, only around 1,000 of whom exist worldwide. Finally, we'll take you through the SOC 2 auditing process with a 3rd party CPA. Oneleet has everything you need to become compliant and secure in one place. Having all tools under one roof makes the compliance journey smooth and seamless. -
24
RAD Security
RAD Security
RAD Security automates threat investigations, cuts through security noise, and helps teams secure smarter and defend faster. Powered by AI-driven digital workers, RAD Security is on a mission to make security make sense. RAD's holistic security platform goes beyond static alerts to correlate signals, prioritize threats, and deliver accurate, actionable insights. From continuous cloud monitoring to automated compliance readiness, RAD enables lean security teams to operate at enterprise scale. With RAD, security teams spend less time chasing false positives and more time solving real security issues. See RAD in action at radsecurity.ai. -
25
NVIDIA Morpheus
NVIDIA
NVIDIA Morpheus is a GPU-accelerated, end-to-end AI framework that enables developers to create optimized applications for filtering, processing, and classifying large volumes of streaming cybersecurity data. Morpheus incorporates AI to reduce the time and cost associated with identifying, capturing, and acting on threats, bringing a new level of security to the data center, cloud, and edge. Morpheus also extends human analysts’ capabilities with generative AI by automating real-time analysis and responses, producing synthetic data to train AI models that identify risks accurately and run what-if scenarios. Morpheus is available as open-source software on GitHub for developers interested in using the latest pre-release features and who want to build from source. Get unlimited usage on all clouds, access to NVIDIA AI experts, and long-term support for production deployments with a purchase of NVIDIA AI Enterprise. -
26
MINDely
MIND
MIND is the first-ever data security platform that puts data loss prevention (DLP) and insider risk management (IRM) programs on autopilot, so you can automatically identify, detect, and prevent data leaks at machine speed. Continuously find your sensitive data in files spread across your IT environments whether at rest, in motion, or in use. MIND continuously exposes blindspots of sensitive data across your IT environments including SaaS, AI apps, endpoints, on-premise file shares, and emails. MIND monitors and analyzes billions of data security events in real time, enriches each incident with context, and remediates autonomously. MIND automatically blocks sensitive data in real-time from escaping your control, or collaborates with users to remediate risks and educate on your policies. MIND continuously exposes blindspots of sensitive data at rest, in motion, and in use by integrating with data sources across your IT workloads, e.g. SaaS, AI apps, on-premises, endpoints, and emails. -
27
Opsin
Opsin
Opsin is a cutting-edge GenAI security company. Opsin provides a comprehensive security orchestration layer that empowers organizations to build GenAI applications securely with their data. From a security perspective, Opsin includes enterprise-level security tools such as auditing and data lineage in GenAI models to meet security and compliance requirements from the outset. Our platform prevents sensitive data from being exposed or leaving the organization, safeguarding information at every step of the process. From a development perspective, our solution allows for the seamless integration of data from structured, unstructured, and CRM sources. This enables developers to create permission-aware GenAI applications that ensure only authorized users can access their permitted data. With tools like Glean and Microsoft Copilot bringing GenAI and data within easy reach, data security and governance still lag behind. -
28
Symops
Symops
Sym is a developer-friendly platform that enables organizations to implement just-in-time access controls, enhancing security without hindering operational efficiency. By automating the provisioning and revocation of temporary access to production environments, Sym reduces the risks associated with over-provisioned credentials. Its low-code software development kit allows teams to build custom authorization workflows, integrating seamlessly with tools like Slack for streamlined approval processes. Sym's centralized governance ensures that all access requests and approvals are logged, facilitating compliance with standards such as SOC 2. The platform's integrations with services like AWS Identity Center and Datadog further enhance its capability to manage access across various infrastructures. By leveraging Sym, organizations can empower their teams to move quickly while maintaining robust security measures. -
29
Token Security
Token Security
Token Security accelerates secure enterprise adoption of Agentic AI by discovering, managing, and governing every AI agent and non-human identity across the organization. From continuous visibility to least-privilege enforcement and lifecycle management, Token Security provides complete control over AI and machine identities, eliminating blind spots, reducing risk, and ensuring compliance at scale. -
30
Archipelo
Archipelo
Archipelo is a developer security posture management platform that helps organizations safeguard their software development lifecycle (SDLC) by providing real-time insights into developer activities, AI code tool usage, and tool governance. It features Developer Detection Response (DevDR) for proactively identifying and mitigating security risks, Automated Tool Governance to prevent shadow IT, and an AI Code Usage & Risk Monitor to ensure secure coding practices. With seamless integration into CI/CD workflows, Archipelo captures developer actions and provides actionable insights to enhance security, mitigate risks, and ensure compliance throughout the software development process.
