Compare the Top IT Security Software that integrates with GitLab as of July 2026

This a list of IT Security software that integrates with GitLab. Use the filters on the left to add additional filters for products that have integrations with GitLab. View the products that work with GitLab in the table below.

What is IT Security Software for GitLab?

IT security software is designed to protect information technology (IT) systems, networks, and data from cyber threats, such as malware, hacking, and unauthorized access. These tools provide various features such as antivirus protection, firewalls, encryption, intrusion detection and prevention systems, and vulnerability management to ensure the integrity, confidentiality, and availability of sensitive information. IT security software helps organizations detect, prevent, and respond to security incidents, mitigate risks, and ensure compliance with industry regulations. It is critical for businesses and individuals to safeguard against cyberattacks, data breaches, and other security vulnerabilities. Compare and read user reviews of the best IT Security software for GitLab currently available using the table below. This list is updated regularly.

  • 1
    Google Cloud Platform
    Google Cloud Platform offers robust IT security tools to protect cloud workloads, including identity management, encryption, and threat detection. GCP’s multi-layered approach ensures that businesses can secure their infrastructure, data, and applications. With tools like Google Cloud Identity & Access Management (IAM) and Google Cloud Security Command Center, businesses can manage risks and compliance. New customers receive $300 in free credits to run, test, and deploy workloads, making it easier to evaluate the platform's IT security features at no upfront cost. GCP’s security tools include automated patch management, vulnerability scanning, and secure authentication, which help mitigate risks and reduce the threat surface. The platform is also designed to meet stringent compliance standards, ensuring that businesses can secure their cloud environments while adhering to industry regulations.
    Leader badge
    Starting Price: Free ($300 in free credits)
    View Software
    Visit Website
  • 2
    Daylight

    Daylight

    Daylight Security

    Daylight merges lightning-fast agentic AI with elite human expertise to deliver a next-gen managed detection and response service that goes beyond alerts, aiming to “take command” of your cyber-frontier. It promises full coverage of your environment with no blind spots, context-aware protection that continuously learns from your systems and past cases (including Slack chats), near-zero false positives, the industry’s lowest mean time to detection and mean time to response, and deep integration with your IT and security stack so it supports unlimited platforms, unlimited integrations, and delivers actionable, noise-free insights via AI dashboards. With Daylight, you get true end-to-end threat detection and response (no escalation games), 24/7 expert support, custom response workflows, environment-wide visibility, and measurable improvements in analyst utilization and response speed, all built to shift your security operations from reactive to commanding.
    View Software
    Visit Website
  • 3
    Aikido Security

    Aikido Security

    Aikido Security

    Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks to: - False-positive reduction - AI Autotriage & AI Autofix - Deep integration into the dev workflow (from IDEs and task managers to CI/CD gating) - AI Pentests - Automated Compliance Aikido covers the entire Software Development Lifecycle (SDLC), including: static application security testing (SAST), dynamic application security testing (DAST), infrastructure-as-code (IaC), container scanning, secrets detection, open source license scanning (SCA), cloud posture management (CSPM), runtime protection, AI pentests, and more.
    Starting Price: Free
    View Software
    Visit Website
  • 4
    Gearset

    Gearset

    Gearset

    Gearset is the complete, enterprise-ready Salesforce DevOps platform, enabling teams to implement best practices across the entire DevOps lifecycle. With powerful solutions for metadata and CPQ deployments, CI/CD, testing, code scanning, sandbox seeding, backups, archiving, observability, and Org Intelligence — including the Gearset Agent — Gearset gives teams complete visibility, control, and confidence in every release. More than 3,000 enterprises, including McKesson, IBM and Zurich, trust Gearset to deliver securely at scale. Combining advanced governance, built‑in audit trails, SOX/ISO/HIPAA support, parallel pipelines, integrated security scans, and compliance with ISO 27001, SOC 2, GDPR, CCPA/CPRA, and HIPAA, Gearset provides enterprise‑grade controls, rapid onboarding, and a user‑friendly interface — all in one platform. Gearset delivers enterprise‑grade power without the overhead, which is why leading global organizations in finance, healthcare, and technology choose us,
    Starting Price: $200 per user, per month
    Partner badge
  • 5
    Insightful

    Insightful

    Insightful

    Insightful is a Work Intelligence platform that helps organizations understand how work actually happens across people, processes, and AI, so they can improve performance, optimize workflows, and reduce operational waste. 1. Workforce Analytics: Measure workforce productivity, utilization, and performance 2. Workflow Optimization: Identify bottlenecks, eliminate inefficiencies, and optimize workflows 3. Work Intelligence: Measure AI adoption, usage, and ROI of your AI investments With Insightful, you can: • Understand how work happens across teams, processes, and AI • Spot drops in utilization and output early • Track AI adoption, usage, and business impact • Create a custom layout with widgets to see the metrics most relevant to your role • See where work slows, stalls, or creates rework across workflows • Compare performance across teams, roles, or locations • Use real activity data to review work and resolve disputes • Automate time tracking and reporting
    Starting Price: $8 per employee per month
    Partner badge
  • 6
    Astra Pentest

    Astra Pentest

    Astra Security

    Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also conducts all tests required to comply with ISO 27001, HIPAA, SOC2, and GDPR. Astra offers an interactive pentest dashboard that the user can use to visualize vulnerability analyses, assign vulnerabilities to team members, and collaborate with security experts. And if the users don’t want to get back to the dashboard every time they want to use the scanner or assign a vulnerability to a team member, they can simply use the integrations with CI/CD platforms, Slack, and Jira.
    Starting Price: $199 per month
  • 7
    Securden Password Vault for Enterprises
    Securden Password Vault for Enterprises is a scalable, enterprise-grade credential management solution available in both cloud (SaaS) and on-premise deployments. It centralizes the storage of passwords, SSH keys, DevOps secrets, files, and other sensitive data in an AES-256 encrypted vault, helping organizations enforce strong security controls and defend against insider and external threats. The solution enables secure credential storage, granular access controls, automated password rotation, and just-in-time access while providing full visibility through audit logs, session recordings, and real-time alerts. IT teams can launch secure remote connections such as RDP, SSH, and SQL directly from the vault without exposing credentials. Trusted by enterprises worldwide, Securden helps organizations strengthen security posture, streamline credential governance, improve operational efficiency, and meet compliance requirements across industries.
  • 8
    Vanta

    Vanta

    Vanta

    Thousands of fast-growing companies trust Vanta to help build, scale, manage and demonstrate their security and compliance programs and get ready for audits in weeks, not months. By offering the most in-demand security and privacy frameworks such as SOC 2, ISO 27001, HIPAA, and many more, Vanta helps companies obtain the reports they need to accelerate growth, build efficient compliance processes, mitigate risks to their business, and build trust with external stakeholders. Simply connect your existing tools to Vanta, follow the prescribed guidance to fix gaps, and then work with a Vanta-vetted auditor to complete audit.
  • 9
    Kiuwan Code Security
    Kiuwan is an end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Governance and Code Quality, empowering your team to quickly identify and remediate vulnerabilities. Integrating into your CI/CD pipeline, Kiuwan enables early detection and remediation of security issues. Kiuwan supports strict compliance with industry standards including OWASP, CWE, MISRA, NIST, PCI DSS, and CERT, among others. ✅ Large language support: 30+ programming languages. ✅ Detailed action plans: Prioritize remediation with tailored action plans. ✅ Code Security: Seamless Static Application Security Testing (SAST) integration. ✅ Insights: On-demand or continuous scanning Software Composition Analysis (SCA) to help reduce third-party threats. ✅ One-click Software Bill of Materials (SBOM) generation Code Smarter. Secure Faster. Ship Sooner.
  • 10
    Routee

    Routee

    AMD Telecom

    Routee is an intelligent omnichannel communication platform (CPaaS) offering advanced Web and API automation for all industries worldwide. Powered by AMD Telecom’s robust infrastructure, Routee's services enable businesses to optimize their marketing & business processes. -SMS Marketing: tailor-made messages based on customers' individual preferences -Email Marketing: personalized newsletters & email campaigns based on an audience's behavioral data -Transactional Email: automated emails to customers on important data regarding their transactions -Marketing Automation: rich forms & customer data capture, automation of repetitive marketing tasks, and tracking of marketing campaigns -Two Factor Authentication: a second layer of security with fallback through SMS, Voice, Viber & Missed Call -Cloud IVR: multilingual capabilities, turning speech into text, & text to human-sounding speech -Push Notification: personalized web & mobile push notifications, based on segmentation and user
    Starting Price: $0.01 one-time fee
  • 11
    Visual Expert
    Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking changes. Automatically scan your code to detect and fix security vulnerabilities, bugs and maintenance Issues. Implement continuous code inspection Understand the inner workings of your code with call graphs, code diagrams, CRUD Matrix and Object Dependency Matrix (ODM). Automatically generate an HTML Source Code documentation. Explore your code exploration with hyperlinks Compare applications, databases or pieces of code. Improve maintainability. Clean up code. Comply with dev standards. Analyze and Improve DB code performance: Find slow objects and SQL queries, Optimize a slow object, a Chain of calls a slow SQL, Get a query Execution Plan. And much more.
    Starting Price: $495 per year
  • 12
    Carbide

    Carbide

    Carbide

    Carbide is a tech-enabled service that strengthens your company’s information security and privacy management capabilities. Our platform and expert services are tailored for companies aiming for a sophisticated security posture, particularly valuable for organizations that must meet rigorous compliance requirements of security frameworks like SOC 2, ISO 27001, HIPAA, GDPR, and more. With Carbide, you can benefit from continuous cloud monitoring and the educational resources of Carbide Academy. Our platform supports over 100 technical integrations, enabling efficient evidence collection and meeting of security framework controls necessary for passing audits.
    Starting Price: $7,500 annually
  • 13
    Paessler PRTG

    Paessler PRTG

    Paessler GmbH

    Paessler PRTG is an all-inclusive monitoring software solution developed by Paessler. Equipped with an easy-to-use, intuitive interface with a cutting-edge monitoring engine, PRTG optimizes connections and workloads as well as reduces operational costs by avoiding outages while saving time and controlling service level agreements (SLAs). The solution is packed with specialized monitoring features that include flexible alerting, cluster failover solution, distributed monitoring, in-depth reporting, maps and dashboards, and more. PRTG monitors your entire IT infrastructure. All important technologies are supported: • SNMP: ready-to-use and custom options • WMI and Windows Performance Counters • SSH: for Linux/Unix and macOS systems • Traffic analysis using flow protocols or packet sniffing • HTTP requests • REST APIs returning XML or JSON • Ping, SQL, and many more
    Leader badge
    Starting Price: $2149 for PRTG 500
  • 14
    GitGuardian

    GitGuardian

    GitGuardian

    GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non human identities and their secrets lifecycle. The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF and Bouygues Telecom for robust secrets protection.
    Leader badge
    Starting Price: $0
  • 15
    Invicti

    Invicti

    Invicti Security

    Application security is noisy and overly complicated. The good news: you can relieve that unnecessary noise and dramatically reduce your risk of attacks with Invicti. Keeping up with security is more manageable with accurate, automated testing that scales as your needs shift and grow. That's where Invicti shines. With a leading dynamic application security testing solution (DAST), Invicti helps teams automate security tasks and save hundreds of hours each month by identifying the vulnerabilities that really matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss. With asset discovery, it's easier to discover all web assets — even ones that are lost, forgotten, or created by rogue departments. Through tried-and-true methods, Invicti helps DevSecOps teams get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively.
  • 16
    Crashtest Security

    Crashtest Security

    Crashtest Security

    Crashtest Security is a SaaS-based security vulnerability scanner allowing agile development teams to ensure continuous security before even hitting Production. Our state-of-the-art dynamic application security testing (DAST) solution integrates seamlessly with your dev environment and protects multi-page and JavaScript apps, as well as microservices and APIs. Set up Crashtest Security Suite in minutes, get advanced crawling options, and automate your security. Whether you want to see vulnerabilities within the OWASP Top 10 or you want to go for deep scans, Crashtest Security is here to help you stay on top of your security and protect your code and customers.
    Starting Price: €35 per month
  • 17
    Massdriver

    Massdriver

    Massdriver

    At Massdriver, we believe in prevention, not permission, letting ops teams enforce guardrails while developers deploy confidently. Our platform encodes your non-negotiables into self-service modules built with your preferred IaC (Terraform, Helm, OpenTofu, etc.) standardizing infrastructure across AWS, Azure, GCP, and Kubernetes out-of-the-box. By bundling policy, security, and cost controls into functional IaC assets, Massdriver cuts overhead for ops teams and speeds developer workflows. Through a central service catalog, developers can provision what they need with integrated monitoring, secrets management, and RBAC baked in. No more brittle IaC pipelines; ephemeral CI/CD spins up automatically from each module’s tooling. Scale faster with unlimited cloud accounts and projects, all while reducing risk and ensuring compliance. Massdriver—fast by default, safe by design.
    Starting Price: Free trial
  • 18
    Dynatrace

    Dynatrace

    Dynatrace

    The Dynatrace software intelligence platform. Transform faster with unparalleled observability, automation, and intelligence in one platform. Leave the bag of tools behind, with one platform to automate your dynamic multicloud and align multiple teams. Spark collaboration between biz, dev, and ops with the broadest set of purpose-built use cases in one place. Harness and unify even the most complex dynamic multiclouds, with out-of-the box support for all major cloud platforms and technologies. Get a broader view of your environment. One that includes metrics, logs, and traces, as well as a full topological model with distributed tracing, code-level detail, entity relationships, and even user experience and behavioral data – all in context. Weave Dynatrace’s open API into your existing ecosystem to drive automation in everything from development and releases to cloud ops and business processes.
    Starting Price: $11 per month
  • 19
    Debricked

    Debricked

    Debricked

    Debricked's tool enables for increased use of Open Source while keeping associated risks at bay, making it possible to keep a high development speed while still staying secure. The service runs on state of the art machine learning, allowing the data quality to be outstanding as well as instantly updated. High precision (over 90% in supported languages) in combination with flawless UX and scalable automation features makes Debricked one of a kind and the way to go for open source management. Recently, debricked released their new platform by the name of Open Source Select where open source projects can be compared, evaluated and monitored to ensure high quality and community health.
    Starting Price: Free
  • 20
    ZeroThreat.ai

    ZeroThreat.ai

    ZeroThreat Inc.

    ZeroThreat.ai is an AI-powered web application and API pentesting platform designed to identify real, exploitable vulnerabilities—not just surface-level findings. Built for modern engineering teams, it combines Agentic AI pentesting with a high-performance scanning engine to deliver up to 10× faster, deeply validated security testing. Unlike traditional DAST tools that rely on static signatures and generate excessive noise, ZeroThreat.ai executes adaptive, attacker-style workflows that evolve based on application behavior. Its interpreter-driven vulnerability intelligence continuously ingests emerging threats and newly disclosed CVEs, enabling near real-time detection updates and rapid CVE-to-exploit mapping. The platform supports over 130,000 vulnerability checks, including native Nuclei template execution, and extends beyond known issues with zero-day detection through behavioral pattern analysis.
    Starting Price: $100/Target
  • 21
    Vercel

    Vercel

    Vercel

    Vercel is an AI-powered cloud platform that helps developers build, deploy, and scale high-performance web experiences with speed and security. It provides a unified set of tools, templates, and infrastructure designed to streamline development workflows from idea to global deployment. With support for modern frameworks like Next.js, Svelte, Vite, and Nuxt, teams can ship fast, responsive applications without managing complex backend operations. Vercel’s AI Cloud includes an AI Gateway, SDKs, workflow automation tools, and fluid compute, enabling developers to integrate large language models and advanced AI features effortlessly. The platform emphasizes instant global distribution, enabling deployments to become available worldwide immediately after a git push. Backed by strong security and performance optimizations, Vercel helps companies deliver personalized, reliable digital experiences at massive scale.
  • 22
    Snyk

    Snyk

    Snyk

    Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.
    Starting Price: $0
  • 23
    HackenProof

    HackenProof

    HackenProof

    We are a web3 bug bounty platform since 2017. We help to set a clear scope (or you can do it by yourself), agree on a budget for valid bugs (platform subscription is free), and make recommendations based on your company`s needs. We launch your program and reach out to our committed crowd of hackers, attracting top talent to your bounty program by with consistent and coordinated attention. Our community of hackers starts searching for vulnerabilities. Vulnerabilities are submitted and managed via our Coordination platform. Reports are reviewed and triaged by the HackenProof team (or by yourself), and then passed on to your security team for fixing. Depending on preference, you can choose to publicly disclose any reports, once the issues are resolved. We connect business with a community of hackers from different parts of the globe.
    Starting Price: $0 per month
  • 24
    ZeroPath

    ZeroPath

    ZeroPath

    ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix vulnerabilities. ZeroPath provides complete security coverage: 1. AI-powered SAST for business logic flaws & broken authentication 2. SCA with reachability analysis 3. Secrets detection and validation 4. Infrastructure as Code 5. Automated patch generation. any more... ZeroPath delivers 2x more real vulnerabilities with 75% fewer false positives. Our research team has been successful in finding vulns like critical account takeover in better-auth (CVE-2025-61928, 300k+ weekly downloads), identifying 170+ verified bugs in curl, and discovering 0-days in production systems at Netflix, Hulu, and Salesforce. Trusted by 750+ companies and performing 200k+ code scans monthly.
    Starting Price: Free
  • 25
    Nucleus

    Nucleus

    Nucleus

    Nucleus is redefining the vulnerability management software category as the single source of record for all assets, vulnerabilities, and associated data. We unlock the value you’re not getting from existing tools and place you squarely on the path to program maturity by unifying the people, processes, and technology involved in vulnerability management. With Nucleus, you receive unmatched visibility into your program and a suite of tools with functionality that simply can’t be replicated in any other way. Nucleus is the single shift-left tool that unifies development and security operations. It unlocks the value you’re not getting out of your existing tools and puts you on the path to unifying the people, processes, and technology involved in addressing vulnerabilities and code weaknesses. With Nucleus, you’ll get unmatched pipeline integration, tracking, triage, automation and reporting capabilities and a suite of tools with functionality.
    Starting Price: $10 per user per year
  • 26
    Xygeni

    Xygeni

    Xygeni Security

    Xygeni All-In-One AppSec Platform protects software from code to cloud with a unified solution built for Application Security Posture Management (ASPM). It gives CISOs, CIOs, and DevSecOps teams full visibility and control across the software supply chain, without slowing delivery. Xygeni secures every SDLC stage, code, dependencies, secrets, builds, IaC, containers, and CI/CD systems, detecting vulnerabilities, misconfigurations, and malware in real time. Powered by advanced AI, Xygeni prioritizes exploitable risks, cuts 90% of alert noise, and drives automated remediation through AI SAST, Auto-Fix, and Xygeni Bot. Developers scan and fix issues directly in their IDE, keeping code secure from the start. Early Malware Warning blocks zero-day supply-chain threats at publication, while smart dependency analysis prevents breaking updates. Seamless integration with GitHub, GitLab, Bitbucket, Jenkins, and Azure DevOps ensures a frictionless experience.
  • 27
    DevArmor

    DevArmor

    DevArmor

    DevArmor is an application security platform built for modern engineering and security teams. Instead of scanning for vulnerabilities only after code is written, DevArmor works earlier in the process — automating threat modeling and embedding secure-by-design practices directly into how teams build software. This helps organizations identify architectural and design-level risks early, where they're cheapest and easiest to fix. DevArmor is designed to fit the way engineers already work, so security becomes part of the development lifecycle rather than a bottleneck at the end. It gives security teams visibility into design risk across their applications while empowering developers to make secure decisions without needing to be security experts. With growing coverage for modern stacks — including AI-powered components — DevArmor supports AppSec, DevSecOps, and shift-left initiatives across the software development lifecycle.
    Starting Price: Custom Pricing
  • 28
    Mend.io

    Mend.io

    Mend.io

    Mend.io offers the first AI native application security platform, empowering organizations to build and run a proactive AppSec program tuned for AI powered development. The unified platform secures AI generated code and embedded AI components, drives risk reduction through AI powered remediation, automates compliance, and provides a holistic enterprise scale view of risks and clear actions for developers across your entire codebase.
    Starting Price: $1,000 per developer, per year
  • 29
    Akamai Cloud
    Akamai Cloud (formerly Linode) is the world’s most distributed cloud computing platform, designed to help businesses deploy low-latency, high-performance applications anywhere. It delivers GPU acceleration, managed Kubernetes, object storage, and compute instances optimized for AI, media, and SaaS workloads. With flat, predictable pricing and low egress fees, Akamai Cloud offers a transparent and cost-effective alternative to traditional hyperscalers. Its global infrastructure ensures faster response times, improved reliability, and data sovereignty across key regions. Developers can scale securely using Akamai’s firewall, database, and networking solutions, all managed through an intuitive interface or API. Backed by enterprise-grade support and compliance, Akamai Cloud empowers organizations to innovate confidently at the edge.
  • 30
    Jit

    Jit

    Jit

    DevOps ain’t easy! We are hearing more and more about the breakdown and friction where Dev meets Ops, so let’s not even talk about all the other shift-left domains that add another layer of complexity in the middle like DevSecOps. Where this comes with the need to implement and integrate dozens of security tools in their SDLC. But what if it doesn’t have to be difficult? Jit's DevSecOps Orchestration Platform allows high-velocity Engineering teams to own product security while increasing dev velocity. With a unified and friendly developer experience, we envision a world where every cloud application is born with Minimal Viable Security (MVS) embedded and iteratively improves by adding Continuous Security into CI/CD/CS.
  • Previous
  • You're on page 1
  • 2
  • 3
  • 4
  • 5
  • Next