Best IT Security Software for GitLab

Compare the Top IT Security Software that integrates with GitLab as of July 2025

Sort By:

GitLab IT Security Clear Filters

This a list of IT Security software that integrates with GitLab. Use the filters on the left to add additional filters for products that have integrations with GitLab. View the products that work with GitLab in the table below.

What is IT Security Software for GitLab?

IT security software is designed to protect information technology (IT) systems, networks, and data from cyber threats, such as malware, hacking, and unauthorized access. These tools provide various features such as antivirus protection, firewalls, encryption, intrusion detection and prevention systems, and vulnerability management to ensure the integrity, confidentiality, and availability of sensitive information. IT security software helps organizations detect, prevent, and respond to security incidents, mitigate risks, and ensure compliance with industry regulations. It is critical for businesses and individuals to safeguard against cyberattacks, data breaches, and other security vulnerabilities. Compare and read user reviews of the best IT Security software for GitLab currently available using the table below. This list is updated regularly.

1

Google Cloud Platform

Google

Google Cloud Platform offers robust IT security tools to protect cloud workloads, including identity management, encryption, and threat detection. GCP’s multi-layered approach ensures that businesses can secure their infrastructure, data, and applications. With tools like Google Cloud Identity & Access Management (IAM) and Google Cloud Security Command Center, businesses can manage risks and compliance. New customers receive $300 in free credits to run, test, and deploy workloads, making it easier to evaluate the platform's IT security features at no upfront cost. GCP’s security tools include automated patch management, vulnerability scanning, and secure authentication, which help mitigate risks and reduce the threat surface. The platform is also designed to meet stringent compliance standards, ensuring that businesses can secure their cloud environments while adhering to industry regulations.

56,320 Ratings

Starting Price: Free ($300 in free credits)

View Software
Visit Website
2

Kinde

Kinde

Authentication happens at some of the most important, and highly impactful, places in your customers' journey. Take control of user authorization with a passwordless authentication, social integrations, and enterprise SSO. Support the branding of all your customers with custom domains and a fully customisable UI by bringing your own pages and designs. Integrate with complex requirements and run your own code during authentication using our powerful workflows. Organise all your business customers using organizations to easily segergate them and fine tune the authentication experience to their individual needs. Monetize your ideas quickly with Kinde's billing tools. Create subscription plans and collect revenue effortlessly. Kinde adapts to your business model, supporting B2C, B2B, and B2B2C with robust organization management and flexible billing logic that scales with your customers.

48 Ratings

Starting Price: $25 per month

View Software
Visit Website
3

NeoLoad

Tricentis

Continuous performance testing software to automate API and application load testing. Design code-less performance tests for complex applications. Script performance tests <as:code /> within automated pipelines for API testing. Design, maintain and run performance tests as code and analyze results within continuous integration pipelines using pre-packaged plugins for CI/CD tools and the NeoLoad API. Create test scripts quickly for large, complex applications using a graphical user interface and skip the complexity of hand coding new and updated tests. Define SLAs based on built-in monitoring metrics. Put pressure on the app and compare SLAs to server-level statistics to determine performance. Automate pass/fail triggers based on SLAs. Contributes to root cause analysis. Update test scripts faster with automatic test script updates. Update only the part of the test that’s changed and re-use the rest for easy test maintenance.

369 Ratings

View Software
Visit Website
4

Aikido Security

Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks to: - False-positive reduction - AI Autotriage & AI Autofix - Deep integration into the dev workflow (from IDEs and task managers to CI/CD gating) - Automated Compliance Aikido’s covers the entire Software Development Lifecycle (SDLC), including: static application security testing (SAST), dynamic application security testing (DAST), infrastructure-as-code (IaC), container scanning, secrets detection, open source license scanning (SCA), cloud posture management (CSPM), runtime protection, and more.

72 Ratings

Starting Price: Free

View Software
5

Paessler PRTG

Paessler GmbH

Paessler PRTG is an all-inclusive monitoring software solution developed by Paessler. Equipped with an easy-to-use, intuitive interface with a cutting-edge monitoring engine, PRTG optimizes connections and workloads as well as reduces operational costs by avoiding outages while saving time and controlling service level agreements (SLAs). The solution is packed with specialized monitoring features that include flexible alerting, cluster failover solution, distributed monitoring, in-depth reporting, maps and dashboards, and more. PRTG monitors your entire IT infrastructure. All important technologies are supported: • SNMP: ready-to-use and custom options • WMI and Windows Performance Counters • SSH: for Linux/Unix and macOS systems • Traffic analysis using flow protocols or packet sniffing • HTTP requests • REST APIs returning XML or JSON • Ping, SQL, and many more

741 Ratings

Starting Price: $2149 for PRTG 500

View Software
6

Carbide

Carbide

Carbide is a tech-enabled service that strengthens your company’s information security and privacy management capabilities. Our platform is tailored for companies aiming for a sophisticated security posture, particularly valuable for organizations that must meet rigorous compliance requirements and require hands-on services. With Carbide, you can benefit from continuous cloud monitoring and the educational resources of Carbide Academy. Our platform supports over 100 technical integrations, enabling efficient evidence collection and meeting of security framework controls necessary for passing audits.

88 Ratings

Starting Price: $7,500 annually

View Software
7

Chainguard

Chainguard

Chainguard Containers are a guarded catalog of minimal, zero-CVE container images with a best-in-class CVE remediation SLA (7 days for high severity, 14 days for high, medium and low) that helps customers build and deploy software better. Modern software development practices and deployment pipelines require secure, up-to-date containerized applications for cloud-native applications. Chainguard builds minimal images that contain only the components required to build and run your containers entirely from source in hardened build infrastructure. Aimed at engineering organizations and security teams alike, Chainguard Containers help reduce costly engineering this product enhances the security posture of containerized applications while simplifying maintenance and reducing potential attack surfaces.

40 Ratings

View Software
8

Astra Pentest

Astra Security

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also conducts all tests required to comply with ISO 27001, HIPAA, SOC2, and GDPR. Astra offers an interactive pentest dashboard that the user can use to visualize vulnerability analyses, assign vulnerabilities to team members, and collaborate with security experts. And if the users don’t want to get back to the dashboard every time they want to use the scanner or assign a vulnerability to a team member, they can simply use the integrations with CI/CD platforms, Slack, and Jira.

169 Ratings

Starting Price: $199 per month

View Software
9

Massdriver

Massdriver

At Massdriver, we believe in prevention, not permission, letting ops teams enforce guardrails while developers deploy confidently. Our platform encodes your non-negotiables into self-service modules built with your preferred IaC (Terraform, Helm, OpenTofu, etc.) standardizing infrastructure across AWS, Azure, GCP, and Kubernetes out-of-the-box. By bundling policy, security, and cost controls into functional IaC assets, Massdriver cuts overhead for ops teams and speeds developer workflows. Through a central service catalog, developers can provision what they need with integrated monitoring, secrets management, and RBAC baked in. No more brittle IaC pipelines; ephemeral CI/CD spins up automatically from each module’s tooling. Scale faster with unlimited cloud accounts and projects, all while reducing risk and ensuring compliance. Massdriver—fast by default, safe by design.

3 Ratings

Starting Price: Free trial

View Software
10

Visual Expert

Novalys

Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking changes. Automatically scan your code to detect and fix security vulnerabilities, bugs and maintenance Issues. Implement continuous code inspection Understand the inner workings of your code with call graphs, code diagrams, CRUD Matrix and Object Dependency Matrix (ODM). Automatically generate an HTML Source Code documentation. Explore your code exploration with hyperlinks Compare applications, databases or pieces of code. Improve maintainability. Clean up code. Comply with dev standards. Analyze and Improve DB code performance: Find slow objects and SQL queries, Optimize a slow object, a Chain of calls a slow SQL, Get a query Execution Plan. And much more.

Starting Price: $495 per year

View Software
11

GitGuardian

GitGuardian

GitGuardian is a code security platform that provides solutions for DevOps generation. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers. GitGuardian helps developers, cloud operation, security, and compliance professionals secure software development and define and enforce policies consistently and globally across all systems. GitGuardian solutions monitor public and private repositories in real-time, detect secrets, sensitive files, IaC misconfigurations, and alert to allow investigation and quick remediation. Additionally, GitGuardian's Honeytoken module exposes decoy resources like AWS credentials, increasing the odds of catching intrusion in the software delivery pipeline. GitGuardian is trusted by leading companies, including 66 degrees, Snowflake, Orange, Iress, Maven Wave, DataDog, and PayFit. Used by more than 300K developers, it ranks #1 in the security category on GitHub Marketplace.

32 Ratings

Starting Price: $0

View Software
12

Kiuwan Code Security

Kiuwan

Security Solutions For Your DevOps Process. Automatically scan your code to identify and remediate vulnerabilities. Compliant with the most stringent security standards, such as OWASP and CWE, Kiuwan Code Security covers all important languages and integrates with leading DevOps tools. Effective static application security testing and source code analysis, with affordable solutions for teams of all sizes. Kiuwan includes a variety of essential functionality in a single platform that can be integrated directly into your internal development infrastructure. Fast Vulnerability Detection: Easy and instant setup. Start scanning and get results in just minutes. DevOps Approach To Code Security: Integrate Kiuwan with your Ci/CD/DevOps pipeline to automate your security process. Flexible Licensing Options: Plenty of options, one time scans or continuous scanning. Kiuwan also offers a Saas or On-Premise model.

11 Ratings

View Software
13

Invicti

Invicti Security

Application security is noisy and overly complicated. The good news: you can relieve that unnecessary noise and dramatically reduce your risk of attacks with Invicti. Keeping up with security is more manageable with accurate, automated testing that scales as your needs shift and grow. That's where Invicti shines. With a leading dynamic application security testing solution (DAST), Invicti helps teams automate security tasks and save hundreds of hours each month by identifying the vulnerabilities that really matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss. With asset discovery, it's easier to discover all web assets — even ones that are lost, forgotten, or created by rogue departments. Through tried-and-true methods, Invicti helps DevSecOps teams get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively.

6 Ratings

View Software
14

Crashtest Security

Crashtest Security

Crashtest Security is a SaaS-based security vulnerability scanner allowing agile development teams to ensure continuous security before even hitting Production. Our state-of-the-art dynamic application security testing (DAST) solution integrates seamlessly with your dev environment and protects multi-page and JavaScript apps, as well as microservices and APIs. Set up Crashtest Security Suite in minutes, get advanced crawling options, and automate your security. Whether you want to see vulnerabilities within the OWASP Top 10 or you want to go for deep scans, Crashtest Security is here to help you stay on top of your security and protect your code and customers.

5 Ratings

Starting Price: €35 per month

View Software
15

Dynatrace

Dynatrace

The Dynatrace software intelligence platform. Transform faster with unparalleled observability, automation, and intelligence in one platform. Leave the bag of tools behind, with one platform to automate your dynamic multicloud and align multiple teams. Spark collaboration between biz, dev, and ops with the broadest set of purpose-built use cases in one place. Harness and unify even the most complex dynamic multiclouds, with out-of-the box support for all major cloud platforms and technologies. Get a broader view of your environment. One that includes metrics, logs, and traces, as well as a full topological model with distributed tracing, code-level detail, entity relationships, and even user experience and behavioral data – all in context. Weave Dynatrace’s open API into your existing ecosystem to drive automation in everything from development and releases to cloud ops and business processes.

3 Ratings

Starting Price: $11 per month

View Software
16

Astra Security

Astra Security

Astra Security is the go-to security suite for web & mobile apps, network, cloud infrastructures, API and more. With Astra Website Protection, you don't have to worry about any malware, credit card hack, SQLi, XSS, SEO spam, comments spam, brute force & 100+ types of internet threats. Astra Website Protection offers Website/Web Application Firewall and Malware Scanner. This means you can get rid of multiple security solutions & let Astra take care of it all.

2 Ratings

Starting Price: $25/month

View Software
17

Debricked

Debricked

Debricked's tool enables for increased use of Open Source while keeping associated risks at bay, making it possible to keep a high development speed while still staying secure. The service runs on state of the art machine learning, allowing the data quality to be outstanding as well as instantly updated. High precision (over 90% in supported languages) in combination with flawless UX and scalable automation features makes Debricked one of a kind and the way to go for open source management. Recently, debricked released their new platform by the name of Open Source Select where open source projects can be compared, evaluated and monitored to ensure high quality and community health.

2 Ratings

Starting Price: Free

View Software
18

Routee

AMD Telecom

Routee is an intelligent omnichannel communication platform (CPaaS) offering advanced Web and API automation for all industries worldwide. Powered by AMD Telecom’s robust infrastructure, Routee's services enable businesses to optimize their marketing & business processes. -SMS Marketing: tailor-made messages based on customers' individual preferences -Email Marketing: personalized newsletters & email campaigns based on an audience's behavioral data -Transactional Email: automated emails to customers on important data regarding their transactions -Marketing Automation: rich forms & customer data capture, automation of repetitive marketing tasks, and tracking of marketing campaigns -Two Factor Authentication: a second layer of security with fallback through SMS, Voice, Viber & Missed Call -Cloud IVR: multilingual capabilities, turning speech into text, & text to human-sounding speech -Push Notification: personalized web & mobile push notifications, based on segmentation and user

2 Ratings

Starting Price: $0.01 one-time fee

View Software
19

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.

1 Rating

Starting Price: $0

View Software
20

HackenProof

HackenProof

We are a web3 bug bounty platform since 2017. We help to set a clear scope (or you can do it by yourself), agree on a budget for valid bugs (platform subscription is free), and make recommendations based on your company`s needs. We launch your program and reach out to our committed crowd of hackers, attracting top talent to your bounty program by with consistent and coordinated attention. Our community of hackers starts searching for vulnerabilities. Vulnerabilities are submitted and managed via our Coordination platform. Reports are reviewed and triaged by the HackenProof team (or by yourself), and then passed on to your security team for fixing. Depending on preference, you can choose to publicly disclose any reports, once the issues are resolved. We connect business with a community of hackers from different parts of the globe.

1 Rating

Starting Price: $0 per month

View Software
21

Linode

Linode

Simplify your cloud infrastructure with our Linux virtual machines and robust set of tools to develop, deploy, and scale your modern applications faster and easier. Linode believes that in order to accelerate innovation in the cloud, virtual computing must be more accessible, affordable, and simple. Our infrastructure-as-a-service platform is deployed across 11 global markets from our data centers around the world and is supported by our Next Generation Network, advanced APIs, comprehensive services, and vast library of educational resources. Linode products, services, and people enable developers and businesses to build, deploy, and scale applications more easily and cost-effectively in the cloud.

1 Rating

Starting Price: $5 per month

View Software
22

Nucleus

Nucleus

Nucleus is redefining the vulnerability management software category as the single source of record for all assets, vulnerabilities, and associated data. We unlock the value you’re not getting from existing tools and place you squarely on the path to program maturity by unifying the people, processes, and technology involved in vulnerability management. With Nucleus, you receive unmatched visibility into your program and a suite of tools with functionality that simply can’t be replicated in any other way. Nucleus is the single shift-left tool that unifies development and security operations. It unlocks the value you’re not getting out of your existing tools and puts you on the path to unifying the people, processes, and technology involved in addressing vulnerabilities and code weaknesses. With Nucleus, you’ll get unmatched pipeline integration, tracking, triage, automation and reporting capabilities and a suite of tools with functionality.

1 Rating

Starting Price: $10 per user per year

View Software
23

Mend.io

Mend.io

Trusted by the world's leading companies, including IBM, Google, and Capital One, Mend.io's enterprise suite of application security tools is designed to help you build and manage a mature, proactive AppSec program. Mend.io understands the different AppSec requirements of developers and security teams. Unlike other AppSec solutions that force everyone to use a single tool, Mend.io helps them work in harmony by giving each team different, but complementary, tools - enabling them to stop chasing vulnerabilities and start proactively managing application risk.

1 Rating

Starting Price: $1,000 per developer, per year

View Software
24

Jit

Jit

DevOps ain’t easy! We are hearing more and more about the breakdown and friction where Dev meets Ops, so let’s not even talk about all the other shift-left domains that add another layer of complexity in the middle like DevSecOps. Where this comes with the need to implement and integrate dozens of security tools in their SDLC. But what if it doesn’t have to be difficult? Jit's DevSecOps Orchestration Platform allows high-velocity Engineering teams to own product security while increasing dev velocity. With a unified and friendly developer experience, we envision a world where every cloud application is born with Minimal Viable Security (MVS) embedded and iteratively improves by adding Continuous Security into CI/CD/CS.

1 Rating

View Software
25

Xygeni

Xygeni Security

Secure your Software Development and Delivery! Xygeni specializes in Application Security Posture Management (ASPM), using deep contextual insights to effectively prioritize and manage security risks while minimizing noise and overwhelming alerts. Our innovative technologies automatically detect malicious code in real-time upon new and updated components publication, immediately notifying customers and quarantining affected components to prevent potential breaches. With extensive coverage spanning the entire Software Supply Chain—including Open Source components, CI/CD processes and infrastructure, Anomaly detection, Secret leakage, Infrastructure as Code (IaC), and Container security—Xygeni ensures robust protection for your software applications. Trust Xygeni Security to protect your operations and empower your team to build and deliver with integrity and security.

1 Rating

View Software
26

Backslash Security

Backslash

Ensure the security of your code and open sources. Identify externally reachable data flows and vulnerabilities for effective risk mitigation. By identifying genuine attack paths to reachable code, we enable you to fix only the code and open-source software that is truly in use and reachable. Avoid unnecessary overloading of development teams with irrelevant vulnerabilities. Prioritize risk mitigation efforts more effectively, ensuring a focused and efficient security approach. Reduce the noise CSPM, CNAPP, and other runtime tools create by removing unreachable packages before running your applications. Meticulously analyze your software components and dependencies, identifying any known vulnerabilities or outdated libraries that could pose a threat. Backslash analyzes both direct and transitive packages, ensuring 100% reachability coverage. It outperforms existing tools that solely focus on direct packages, accounting for only 11% of packages.

1 Rating

View Software
27

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps with unrivaled expertise, precision, and confidence. Elevate your code-to-cloud experience with the excellence of our industry-leading CNAPP, delivering unmatched security to ensure your business’s data integrity and confidentiality. From advanced threat detection to real-time monitoring and rapid incident response, our platform delivers complete protection, providing you with the confidence to navigate today’s complex security challenges. Seamlessly connecting with your cloud and Kubernetes landscape, our revolutionary CNAPP ensures lightning-fast infrastructure scans and delivers comprehensive vulnerability reports in mere minutes. No extra resources and no maintenance hassle. From tackling vulnerabilities to ensuring multi-cloud compliance, safeguarding workloads, and securing containers, we’ve got it all covered.

1 Rating

View Software
28

SecureStack

SecureStack

With triggers in your CI/CD pipeline, SecureStack can check for common security issues and stop those issues from getting into your applications. SecureStack embeds security automatically with every git push. We built our technology to test every facet of your application security looking for things like missing security controls, are you using encryption correctly; we test the efficacy of your WAF and are your cloud-native components secure and more than 250 other data points. All of that was delivered in less than 60 seconds. See what a hacker can see when they view your applications. Test and compare your development, staging and production environments to quickly find critical differences and understand ways to fix high-priority defects. We help you decompose your web application so you are aware of all the resources your app is using behind the scenes.

Starting Price: $500/mo

View Software
29

Appdome

Appdome

Appdome changes the way people build mobile apps. Appdome’s industry defining no-code mobile solutions platform uses a patented, artificial-intelligence coding technology to power a self-serve, user-friendly service that anyone can use to build new security, authentication, access, enterprise mobility, mobile threat, analytics and more into any Android and iOS app instantly. There are over 25,000 unique combinations of mobile features, kits, vendors, standards, SDKs and APIs available on Appdome. Over 200+ leading financial, healthcare, government, and m-commerce providers use Appdome to consistently deliver richer and safer mobile experiences to millions of mobile end users, eliminating complex development and accelerating mobile app lifecycles.

Starting Price: $0

View Software
30

YAG-Suite

YAGAAN

The YAG-Suite is a French made innovative tool which brings SAST one step beyond. Based on static analysis and machine learning, YAGAAN offers customers more than a source code scanner : it offers a smart suite of tools to support application security audits as well as security and privacy by design DevSecOps processes. Beyond classic vulnerability detection, the YAG-Suite focuses the team attention on the problems that really matter in their business context, it supports developers in their understanding of the vulnerability causes and impacts. Its contextual remediation support them in fixing efficiently the problems while improving their secure coding skills. Additionally, YAG-Suite's unprecedented 'code mining' support security investigations of an unknown application with mapping all relevant code features and security mechanisms and offers querying capabilities to search for 0-days or non automatically detectable risks. PHP, Java and Python are supported. JS, C/C++ coming soon

Starting Price: From €500/token or €150/mo

View Software