Best IT Security Software for GitLab - Page 3
View:
Compare the Top IT Security Software that integrates with GitLab as of October 2025 - Page 3
Sort By:
This a list of IT Security software that integrates with GitLab. Use the filters on the left to add additional filters for products that have integrations with GitLab. View the products that work with GitLab in the table below.
-
1
esChecker
eShard
With esChecker, fasten your release cycles, dramatically reduce testing and delivery costs, and mitigate risks. Don't compromise your digitalization, leverage your mobile application security with automated testing within your CI/CD process. With a unique dynamic analysis feature, esChecker automatically executes the mobile application binary on unsafe devices and gives immediate feedback on your protections. Like any other IT system component, mobile apps must be designed, developed, and maintained with security in mind. They are the entry point to the system and require special attention. Compared to pentesting, a MAST tool enables a shorter, quicker, and more efficient security testing process to better control the application's code as it progresses. It’s about code verification integrated into a development cycle and it gives immediate feedback, allows compliance, and can be integrated into a DevSecOps process.Starting Price: Free -
2
Pynt
Pynt
Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. We help hundreds of companies such as Telefonica, Sage, Halodoc, and more, to continuously monitor, classify and attack poorly secured APIs, before hackers do. Pynt's leverages an integrated shift-left approach, and unique hack technology using home-grown attack scenarios, to detect real threats, discover APIs, suggest fixes to verified vulnerabilities, thereby eliminating the API attack surface risk. Thousands of companies rely on Pynt to secure the no. 1 attack surface - APIs, as part of their AppSec strategy.Starting Price: $1888/month -
3
Resmo
Resmo
All-in-one platform for SaaS app and access management for modern IT teams. Streamline app discovery, identity security, user offboarding, access reviews, and cost tracking. Actively scan and notify for vulnerabilities with 100+ native integrations with your favorite tools. Review identity access permissions, OAuth risks, and SSO logins. Uncover shared accounts, weak passwords, excessive permissions, externally shared files, and more. Let them use the SaaS they need to get their job done quickly. Lift the burden of security checks on your IT and security teams with automation. Offboard employees securely with no dormant accounts left behind. We empower your team to take ownership of security without any roadblocks, ensuring a seamless and secure workflow. Get accurate visibility over the apps your employees login with their business accounts. Empower your workforce with SaaS adoption while maintaining control over your SaaS security posture.Starting Price: $2 per month -
4
ZITADEL
ZITADEL
ZITADEL is an open-source identity and access management platform designed to simplify authentication and authorization for applications. It offers a comprehensive suite of features, including customizable hosted login pages, support for modern authentication methods such as Single Sign-On (SSO) and social logins, and enforcement of multifactor authentication to enhance security. Developers can integrate authentication directly into their applications using ZITADEL's APIs or build dedicated login interfaces. The platform supports role-based access control, allowing for precise permission assignments based on user roles, and is inherently multi-tenant, facilitating easy extension of applications to new organizations. ZITADEL's extensibility enables seamless adaptation to various workflows, user management processes, and brand guidelines, with features like ZITADEL Actions that execute workflows after predefined events without the need for additional code deployment.Starting Price: $100 per month -
5
Docker Scout
Docker
Container images consist of layers and software packages, which are susceptible to vulnerabilities. These vulnerabilities can compromise the security of containers and applications. Docker Scout is a solution for proactively enhancing your software supply chain security. By analyzing your images, Docker Scout compiles an inventory of components, also known as a Software Bill of Materials (SBOM). The SBOM is matched against a continuously updated vulnerability database to pinpoint security weaknesses. Docker Scout is a standalone service and platform that you can interact with using Docker Desktop, Docker Hub, the Docker CLI, and the Docker Scout Dashboard. Docker Scout also facilitates integrations with third-party systems, such as container registries and CI platforms. Reveal and dig into the composition of your images. Ensure that your artifacts align with supply chain best practices.Starting Price: $5 per month -
6
authentik
authentik
authentik is an open source identity provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company that is building on top of the open-source project. Using a self-hosted, open-source identity provider means prioritizing security and taking control of your most sensitive data. With authentik, you no longer need to continually place your trust in a third-party service. Adopt authentik to your environment, regardless of your requirements. Use our APIs and fully customizable policies to automate any workflow. Simplify deployment and scaling with prebuilt templates and support for Kubernetes, Terraform, and Docker Compose. No need to rely on a third-party service for critical infrastructure or expose your sensitive data to the public internet. Use our pre-built workflows, or customize every step of authentication through configurable templates, infrastructure as code, and comprehensive APIs.Starting Price: $0.02 per month -
7
ZeroThreat.ai
ZeroThreat Inc.
ZeroThreat.ai is an automated penetration testing and vulnerability scanning platform designed to secure web applications and APIs. It detects, prioritizes, and helps mitigate over 40,000+ vulnerabilities, including OWASP Top 10 and CWE Top 25 issues such as logic flaws, misconfigurations, and data leaks. With near-zero false positives and AI-generated remediation reports, ZeroThreat.ai enables security and development teams to identify and fix vulnerabilities up to 10x faster. It integrates seamlessly with CI/CD pipelines, Slack, and Microsoft Teams for continuous testing and real-time alerts. Built for startups and enterprises alike, ZeroThreat.ai delivers speed, accuracy, and scalability, ensuring secure releases and continuous protection against evolving threats.Starting Price: $100/Target -
8
Praetorian Chariot
Praetorian
Chariot is the first all-in-one offensive security platform that comprehensively catalogs Internet-facing assets, contextualizes their value, identifies and validates real compromise paths, tests your detection response program, and generates policy-as-code rules to prevent future exposures from occurring. As a concierge managed service, we operate as an extension of your team to reduce the burden of day-to-day blocking and tackling. Dedicated offensive security experts are assigned to your account to assist you through the full attack lifecycle. We remove the noise by verifying the accuracy and importance of every risk before ever submitting a ticket to your team. Part of our core value is only signaling when it matters and guaranteeing zero false positives. Gain the upper-hand over attackers by partnering Praetorian. We put you back on the offensive by combining security expertise with technology automation to continuously focus and improve your defensive. -
9
Uptycs
Uptycs
Uptycs is the first unified CNAPP and XDR platform. Reduce risk by prioritizing responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates. With Uptycs, you can protect your entire enterprise, from laptops and servers to public and private cloud infrastructure. The platform streamlines your response to threats and offers a single UI and data model for easy management. Uptycs ties together threat activity as it traverses on-prem and cloud boundaries, delivering a more cohesive security posture. If you're looking for a powerful security solution that eliminates silos and tool sprawl, Uptycs is the answer. Looking for acronym coverage? We have you covered, including CNAPP, CWPP, CSPM, KSPM, CIEM, CDR, and XDR. Start with your Detection Cloud, Google-like search, and the attack surface coverage you need today. Be ready for what’s next. Shift up with Uptycs. -
10
Coralogix
Coralogix
Coralogix is the leading stateful streaming platform providing modern engineering teams with real-time insights and long-term trend analysis with no reliance on storage or indexing. Ingest data from any source for a centralized platform to manage, monitor, and alert on your applications. As data is ingested, Coralogix instantly narrows millions of events down to common patterns for deeper insights and faster troubleshooting. Machine learning algorithms continuously observe data patterns and flows between system components and trigger dynamic alerts so you know when a pattern deviates from the norm without static thresholds or the need for pre-configurations. Connect any data, in any format, and view your insights anywhere including our purpose-built UI, Kibana, Grafana, SQL clients, Tableau, or using our CLI and full API support. Coralogix has successfully completed relevant security and privacy compliances by BDO including GDPR, SOC 2, PCI, HIPAA, and ISO 27001/27701. -
11
Appvance
Appvance.ai
Appvance IQ (AIQ) delivers transformational productivity gains and lower costs in both test creation and execution. For test creation, it offers both AI-driven (fully machine-generated tests) and also 3rd-generation, codeless scripting. It then executes those scripts through data-driven functional, performance, app-pen and API testing — for both web and mobile apps. AIQ’s self-healing technology gives you complete code coverage with just 10% the effort of traditional testing systems. Most importantly, AIQ finds important bugs autonomously, with little effort. No coding, scripting, logs or recording required. AIQ is easy to integrate with your current DevOps tools and processes. Appvance IQ was developed by a pioneering team who envisioned a better way to test. Their innovative vision has been made possible by applying differentiated, patented AI methods to test creation while leveraging today’s high-availability compute resources for massive levels of parallel execution. -
12
SD Elements
Security Compass
Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. -
13
Drone
Harness
Configuration as a code. Pipelines are configured with a simple, easy‑to‑read file that you commit to your git repository. Each pipeline step is executed inside an isolated Docker container that is automatically downloaded at runtime. Any source code manager. Drone integrates seamlessly with multiple source code management systems, including GitHub, GitHubEnterprise, Bitbucket, and GitLab. Any platform. Drone.io natively supports multiple operating systems and architectures, including Linux x64, ARM, ARM64 and Windows x64. Any language. Drone works with any language, database or service that runs inside a Docker container. Choose from thousands of public Docker images or provide your own. Create and share plugins. Drone uses containers to drop pre‑configured steps into your pipeline. Choose from hundreds of existing plugins, or create your own. Drone makes advanced customization easy. Implement custom access controls, approval workflows, secret management, yaml syntax extensions& more. -
14
Qwiet AI
Qwiet AI
The Fastest Code Analysis, Hands Down. 40X faster scan times so developers never have to wait for results after submitting pull requests. The Most Accurate Results. Qwiet AI has the highest OWASP Benchmark score, which is nearly triple the commercial average and more than double the 2nd highest score. Developer-Centric Security Workflows. 96% of developers report that disconnected security and development workflows inhibit their productivity. Implementing developer-centric AppSec workflows decreases mean-time-to-remediation (MTTR), typically by 5X - enhancing both security and developer productivity. Automatically Find Business Logic Flaws in Dev. Identify vulnerabilities that are unique to your code base before they reach production. Achieve Compliance. Demonstrate and maintain compliance with security and privacy regulations such as SOC 2, PCI-DSS, GDPR, and CCPA.Starting Price: Free -
15
GuardRails
GuardRails
Empowering modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration. Empowering modern development teams to find, fix, and prevent security vulnerabilities in their applications. Continuous security scanning reduces cycle times and speeds up the shipping of features. Our expert system reduces the amount of false alerts and only informs about relevant security issues. Consistent security scanning across the entire product portfolio results in more secure software. GuardRails provides a completely frictionless integration with modern Version Control Systems like Github and GitLab. GuardRails seamlessly selects the right security engines to run based on the languages in a repository. Every single rule is curated to decide whether it has a high security impact issue resulting in less noise. Has built an expert system that detects false positives that is continuously tuned to be more accurate.Starting Price: $35 per user per month -
16
ARMO
ARMO
ARMO pioneers a new approach to Cloud Security with an open source powered, behavioral driven, Cloud Runtime Security Platform. ARMOs CADR (Cloud App Detection & Response) solution addresses a major unsolved pain point for organizations running on cloud-native architectures: how to continuously protect dynamic workloads during runtime without overwhelming teams with alerts or interrupting operations. ARMO CADR continuously reduces the cloud attack surface using real-time runtime insights, while actively detecting and responding to threats with true risk context. It includes 2 major products that are tightly integrated together and are part of one platform solution - * Kubernetes-First, runtime driven, Cloud Security Posture mgmt (CSPM) - identifying risks, prioritizing them and offering remediation without breaking applications in production * Real-Time Threat Detection & Response - detecting and responding to active threats across the entire cloud and applications stack -
17
Akeyless Vault
Akeyless
Akeyless is a cloud-native SaaS platform that secures the entire lifecycle of machine identities, credentials, certificates, and keys, eliminating complex and burdensome vault management, resulting in up to a 70% reduction in costs. The platform uses Distributed Fragments Cryptology (DFC™) to ensure zero knowledge—secrets are created as distributed fragments in the cloud and never found in one place. Akeyless is fast to deploy, requires no maintenance, is built for automation, and offers infinite scaling capabilities regardless of the number of environments, regions, or clouds, leading to a 270% higher adoption rate compared to vaults. Akeyless also strengthens AI pipelines from end to end by centralizing authentication, secrets management, certificate automation, and policy enforcement so AI agents can work securely and efficiently without relying on embedded credentials. -
18
Lenses
Lenses.io
Enable everyone to discover and observe streaming data. Sharing, documenting and cataloging your data can increase productivity by up to 95%. Then from data, build apps for production use cases. Apply a data-centric security model to cover all the gaps of open source technology, and address data privacy. Provide secure and low-code data pipeline capabilities. Eliminate all darkness and offer unparalleled observability in data and apps. Unify your data mesh and data technologies and be confident with open source in production. Lenses is the highest rated product for real-time stream analytics according to independent third party reviews. With feedback from our community and thousands of engineering hours invested, we've built features that ensure you can focus on what drives value from your real time data. Deploy and run SQL-based real time applications over any Kafka Connect or Kubernetes infrastructure including AWS EKS.Starting Price: $49 per month -
19
Cyral
Cyral
Granular visibility and policy enforcement across all your data endpoints. Designed to support your infrastructure-as-code workflows and orchestration. Dynamically scales to your workloads, with sub millisecond latency. Easily clicks with all your tools with no changes to your applications. Enhance cloud security with granular data access policies. Extend Zero Trust to the data cloud. Protect your organization from data breaches. Increase trust with your customers and provide assurance. Cyral is built to handle the unique performance, deployment and availability challenges of the data cloud. With Cyral you see the full picture. Cyral’s data cloud sidecar is a featherweight and stateless interception service that enables real time observability into all data cloud activity, and granular access controls. Highly performant and scalable interception. Prevention of threats and malicious access to your data that would go otherwise undetected.Starting Price: $50 per month -
20
1Kosmos
1Kosmos
1Kosmos enables passwordless access for workers, customers and citizens to securely transact with digital services. By unifying identity proofing and strong authentication, the BlockID platform creates a distributed digital identity that prevents identity impersonation, account takeover and fraud while delivering frictionless user experiences. BlockID is the only NIST, FIDO2, and iBeta biometrics certified platform that performs millions of authentications daily for some of the largest banks, telecommunications and healthcare organizations in the world. -
21
Doppler
Doppler
Stop struggling with scattered API keys, hacking together home-brewed configuration tools, and avoiding access controls. Give your team a single source of truth with Doppler. The best developers automate the pain away. Create references to frequently used secrets in Doppler. Then when they need to change, you only need to update them once. Your team's single source of truth. Organize your variables across projects and environments. The scary days of sharing secrets over Slack, email, git, zip files, are over. After adding a secret, your team and their apps have it instantly. Like git, the Doppler CLI smartly knows which secrets to fetch based on the project directory you are in. Gone are the futile days of trying to keep ENV files in sync! Practice least privilege with granular access controls. Reduce exposure when deploying with read-only service tokens. Contractor needs access to just development? Easy!Starting Price: $6 per seat per month -
22
AuthPoint
WatchGuard
Our unique multi-factor authentication (MFA) solution not only helps to reduce the likelihood of network disruptions and data breaches arising from lost or stolen credentials, but we deliver this important capability entirely from the Cloud for easy set-up and management. AuthPoint goes beyond traditional 2-Factor Authentication (2FA) by considering innovative ways to positively identify users, and our large ecosystem of 3rd party integrations means that you can use MFA to protect access. Ultimately, WatchGuard AuthPoint is the right solution at the right time to make MFA a reality for the businesses who desperately need it to block attacks. AuthPoint uses a push message, QR code, or one-time password (OTP) as an additional factor proving your identity, and our mobile device DNA matches the authorized user’s phone when granting access to systems and applications. Therefore, any attacker who clones a user’s device in an attempt to access a protected system would be blocked. -
23
ThreatSync
WatchGuard
From distributed enterprises with 10 branch offices to small and midsize businesses (SMBs) with employees working outside of the network, it can be a struggle to manage security consistently and cohesively across your organization. It is critical for SMBs and distributed enterprise organizations to not only have visibility into both their network and endpoint event data, but to be able to quickly and efficiently leverage actionable insight to remove threats. ThreatSync, a critical component of TDR, collects event data from the WatchGuard Firebox, Host Sensor and enterprise-grade threat intelligence feeds, analyzes this data using a proprietary algorithm, and assigns a comprehensive threat score and rank. This powerful correlation engine enables cloud-based threat prioritization to empower IT team to quickly and confidently respond to threats. Collects and correlates threat event data from the Firebox and Host Sensor. -
24
Anchore
Anchore
DevSecOps at full speed with deep inspection of container images and policy-based compliance. In an environment where application development must be fast and flexible, containers are the future. Adoption is accelerating, but with it comes risk. Anchore makes it possible to manage, secure, and troubleshoot containers continuously, without sacrificing speed. It delivers a process that allows container development and deployment to be secure from the start, by ensuring that the contents of your containers match the standards that you define. The tools are transparent to developers, visible to production, accessible to security, and all designed for the fluid nature of containers. Anchore sets a trusted standard for containers. It empowers you to certify your containers, making them predictable and protectable. So you can deploy containers with confidence. Protect against risks using a complete container image security solution. -
25
IRI Voracity
IRI, The CoSort Company
Voracity is the only high-performance, all-in-one data management platform accelerating AND consolidating the key activities of data discovery, integration, migration, governance, and analytics. Voracity helps you control your data in every stage of the lifecycle, and extract maximum value from it. Only in Voracity can you: 1) CLASSIFY, profile and diagram enterprise data sources 2) Speed or LEAVE legacy sort and ETL tools 3) MIGRATE data to modernize and WRANGLE data to analyze 4) FIND PII everywhere and consistently MASK it for referential integrity 5) Score re-ID risk and ANONYMIZE quasi-identifiers 6) Create and manage DB subsets or intelligently synthesize TEST data 7) Package, protect and provision BIG data 8) Validate, scrub, enrich and unify data to improve its QUALITY 9) Manage metadata and MASTER data. Use Voracity to comply with data privacy laws, de-muck and govern the data lake, improve the reliability of your analytics, and create safe, smart test data -
26
ActiveState
ActiveState
ActiveState delivers Intelligent Remediation for vulnerability management, which enables DevSecOps teams to not only identify vulnerabilities in open source packages, but also to automatically prioritize, remediate, and deploy fixes into production without breaking changes, ensuring that applications are truly secured. Existing tools overwhelm DevSecOps teams with excessive vulnerability data, false positives, and a lack of prioritization, often leading to inaction and increased exposure to exploits. ActiveState’s solution provides your DevSecOps with a comprehensive view of open source vulnerability status across your application portfolio, enabling them to prioritize the vulnerabilities that matter, assess the risk of updates, and choose recommended remediation paths. The ActiveState platform centers on open source languages packaged as runtimes that can be deployed in various form factors. Low-to-no CVE container images are also available for plug-in and play needs. -
27
Harness
Harness
Harness is an AI-native software delivery platform that helps engineering teams achieve excellence by automating and streamlining the entire software delivery lifecycle. It enables continuous integration, continuous delivery, and GitOps for multi-cloud, multi-region deployments with increased speed and reliability. Harness simplifies infrastructure as code, database DevOps, and artifact management to improve collaboration and reduce errors. The platform offers AI-powered testing, incident response, chaos engineering, and feature management to enhance quality and resilience. Harness also provides cloud cost management, security testing orchestration, and developer insights to optimize performance and governance. Trusted by leading enterprises, Harness accelerates innovation while reducing manual effort and risk. -
28
TruffleHog
Truffle Security
TruffleHog runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs. Secrets can be found anywhere, so TruffleHog scans more than just code repositories, including SaaS and internally hosted software. With support for custom integrations and new integrations added all the time, you can secure your secrets across your entire environment. TruffleHog is developed by a team entirely comprised of career security experts. Security is our passion and primary concern, and all features are developed with best practices in mind. TruffleHog enables you to track and manage secrets within our intuitive management interface, including links to exactly where secrets have been found. Authenticate with secure OAuth workflows for users and never worry about username and password breaches. -
29
Legit Security
Legit Security
Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Automatically discover security issues, remediate threats and ensure the integrity and compliance of software releases. Comprehensive, visual SDLC inventory that's continually updated. Reveal unknown, misconfigured and vulnerable SDLC systems and infrastructure. Centralized visibility over location, coverage and configuration of your existing security tools and scanners. Catch insecure build actions before they can embed vulnerabilities downstream. Centralized, early prevention of sensitive data leaks, secrets and PII, before being pushed into the SDLC. Track security trends across teams and product lines to improve security posture and incentivize behavior. Get security posture at-a-glance with Legit Security Scores, Integrate your own alert and ticketing tools or use ours. -
30
JFrog
JFrog
Fully automated DevOps platform for distributing trusted software releases from code to production. Onboard DevOps projects with users, resources and permissions for faster deployment frequency. Fearlessly update with proactive identification of open source vulnerabilities and license compliance violations. Achieve zero downtime across your DevOps pipeline with High Availability and active/active clustering for your enterprise. Control your DevOps environment with out-of-the-box native and ecosystem integrations. Enterprise ready with choice of on-prem, cloud, multi-cloud or hybrid deployments that scale as you grow. Ensure speed, reliability and security of IoT software updates and device management at scale. Create new DevOps projects in minutes and easily onboard team members, resources and storage quotas to get coding faster.Starting Price: $98 per month