Best IT Security Software for GitLab - Page 5
View:
Compare the Top IT Security Software that integrates with GitLab as of December 2025 - Page 5
Sort By:
This a list of IT Security software that integrates with GitLab. Use the filters on the left to add additional filters for products that have integrations with GitLab. View the products that work with GitLab in the table below.
-
1
Cortex Cloud
Palo Alto Networks
Cortex Cloud from Palo Alto Networks is a cutting-edge platform designed to provide real-time cloud security across the entire software delivery lifecycle. By combining Cloud Detection and Response (CDR) with advanced Cloud Native Application Protection Platform (CNAPP), Cortex Cloud offers unified visibility and proactive security for code, cloud, and SOC environments. It enables teams to prevent and respond to threats quickly with AI-driven risk prioritization, runtime protection, and automated remediation. With seamless integration across multicloud environments, Cortex Cloud ensures scalable and efficient protection for modern cloud-native applications. -
2
Secureframe
Secureframe
Secureframe helps organizations get SOC 2 and ISO 27001 compliant the smart way. We help you stay secure at every stage of growth. Get SOC 2 ready in weeks, not months. Preparing for a SOC 2 can be confusing and full of surprises. We believe achieving best-in-class security should be transparent at every step. With our clear pricing and process, know exactly what you’re getting from the start. You don’t have time to fetch your vendor data or manually onboard employees. We’ve streamlined every step for you, automating hundreds of manual tasks. Your employees can easily onboard themselves through our seamless workflows, saving you both time. Maintain your SOC 2 with ease. Our alerts and reports notify you when there’s a critical vulnerability, so you can fix it quickly. Get detailed guidance for correcting each issue, so you know you’ve done it right. Get support from our team of security and compliance experts. We strive to respond to questions in 1 business day or less. -
3
Drata
Drata
Drata is the world’s most advanced security and compliance automation platform with the mission to help companies earn and keep the trust of their users, customers, partners, and prospects. Drata helps hundreds of companies streamline their SOC 2 compliance through continuous, automated control monitoring and evidence collection, resulting in lower costs and less time spent preparing for annual audits. The company is backed by Cowboy Ventures, Leaders Fund, SV Angel, and many key industry leaders. Drata is based in San Diego, CA.Starting Price: $10,000/year -
4
Apiiro
Apiiro
Complete risk visibility with every change, from design to code to cloud. Industry-first Code Risk Platform™ A 360° view of security & compliance risks across applications, infrastructure, developers’ knowledge & business impact. Data-driven decisions are better decisions. Understand your security & compliance risks with a real-time inventory of apps & infra code behavior, devs knowledge, 3rd-party security alerts & business impact. From design to code to cloud. Security architects don’t have time to review every change & investigate every alert. Make the most of their expertise by analyzing context across developers, code & cloud to identify risky material changes & automatically build an actionable workplan. No one likes manual risk questionnaires, security & compliance reviews - they’re tedious, inaccurate & not synced with the code. When the code is the design, we must do better - trigger contextual & automatic workflows. -
5
Cycode
Cycode
A platform for security, governance, and pipeline integrity for all your development tools & infrastructure. Harden your source control management systems (SCM), find secrets, leaks and prevent code tampering. Scan your CI/CD settings and Infrastructure-as-Code (IaC) for security misconfiguration. Identify drift between production systems IaC configurations and prevent source code tampering. Stop developers from inadvertently exposing proprietary code in public repositories, fingerprint code assets and proactively identify exposure on public sites. Inventory assets, enforce security policies, and easily demonstrate compliance across all your DevOps tools and infrastructure, both in the cloud and on-premises. Scan IaC for security misconfigurations and ensure compliance between defined IaC configurations and production infrastructure. Scan every commit or pull/merge request for hard-coded secrets and prevent them from reaching the master branch across all SCMs and programming languages. -
6
DNSWatch
WatchGuard
WatchGuard DNSWatch is a Cloud-based service adding DNS-level filtering to detect and block potentially dangerous connections and protect networks and employees from damaging attacks. WatchGuard analysts triage any critical alerts, following up with an easy-to-understand accounting that includes detailed insights about the potential infection. When the attack uses phishing, and an employee clicks the link, DNSWatch automatically redirects them away from the malicious site and offers resources that reinforce phishing education. Hackers rely on DNS to execute attacks on unsuspecting victims, so careful examination of DNS requests is a great way to find and ultimately intercept attacks! DNSWatch brings DNS-level filtering into our Total Security Suite, providing an added layer of security to stop malware infections. Unwitting attempts to connect to known malicious DNS addresses by your users are automatically blocked, and the user is seamlessly redirected to a safe landing page. -
7
Rezilion
Rezilion
Automatically detect, prioritize and remediate software vulnerabilities with Rezilion’s Dynamic SBOM. Focus on what matters, eliminate risk quickly, and free up time to build. In a world where time is of the essence, why sacrifice security for speed when you can have both? Rezilion is a software attack surface management platform that automatically secures the software you deliver to customers, giving teams time back to build. Rezilion is different from other security tools that create more remediation work. Rezilion reduces your vulnerability backlogs. It works across your stack, helping you to know what software is in your environment, what is vulnerable, and what is actually exploitable, so you can focus on what matters and remediate automatically. Create an instant inventory of all of the software components in your environment. Know which of your software vulnerabilities are exploitable, and which are not, through runtime analysis. -
8
Cyscale
Cyscale
Map, secure, and monitor your cloud assets across platforms in under 5 minutes. Optimize operations and costs with an agentless CSPM solution that uses our Security Knowledge Graph™ to ensure scalable, consistent protection and governance. Specialists across industries rely on Cyscale to apply their expertise where it makes the biggest difference. We help you see through infrastructure layers and scale your efforts to organization-wide impact. Bridge multiple environments with Cyscale and visualise your cloud inventory in full. Discover unused, forgotten cloud resources and eliminate them to get smaller invoices from cloud providers and optimize costs for the whole organization. See accurate correlations across all cloud accounts and assets as soon as you sign up and act on alerts to avoid fines for data breaches. -
9
YesWeHack
YesWeHack
YesWeHack is a leading Bug Bounty and Vulnerability Management Platform. Founded by ethical hackers in 2015, YesWeHack connects organisations worldwide to tens of thousands of ethical hackers, who uncover vulnerabilities in websites, mobile apps, connected devices and digital infrastructure. The YesWeHack platform offers a range of integrated, API-based solutions: Bug Bounty (crowdsourcing vulnerability discovery); Vulnerability Disclosure Policy (creating and managing a secure channel for external vulnerability reporting); Pentest Management (managing pentest reports from all sources); Attack Surface Management (continuously mapping online exposure and detecting attack vectors); and ‘Dojo’ and YesWeHackEDU (ethical hacking training). YesWeHack's services have ISO 27001 and ISO 27017 certifications, and its IT infrastructure is hosted by EU-based IaaS providers, compliant with the most stringent standards: ISO 27001 (+ 27017, 27018 & 27701), CSA STAR, SOC I/II Type 2 and PCI DSS. -
10
42Crunch
42Crunch
Your most valuable intelligence isn’t AI, it’s your developers. Empower them with tools to be the driving force behind API security – ensuring continuous, unparalleled protection across the entire API lifecycle. Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your API. Audit your OpenAPI / Swagger file against 300+ security vulnerabilities, we’ll rank them by severity level and tell you exactly how to fix them – making security a seamless part of your development lifecycle Enforce a zero-trust architecture by ensuring all your APIs meet a set security standard before production, scan the live API endpoints for potential vulnerabilities, and automate redeployment. Ensure security of all your APIs from design to deployment, get detailed insight about attacks on APIs in production – and protect against threats – without impacting performance. -
11
Oxeye
Oxeye
Oxeye is designed to expose vulnerable flows in distributed cloud native application code. We incorporate next-generation SAST, DAST, IAST, and SCA capabilities to ensure verification of risks in both Dev and Runtime environments. Built for developers and AppSec teams, Oxeye helps to shift-left security while accelerating development cycles, reducing friction, and eliminating vulnerabilities. We deliver reliable results with high accuracy. Oxeye analyzes code vulnerabilities across microservices delivering contextualized risk assessment enriched with infrastructure configuration data. With Oxeye developers can easily track and resolve vulnerabilities. We deliver the vulnerability visibility flow, steps to reproduce, and the exact line of code. Oxeye offers a seamless integration as Daemonset with a single deployment that doesn’t require performing changes in the code. We deliver frictionless security to your cloud-native apps. -
12
Enso
Enso Security
Enso is transforming application security by empowering organizations to build, manage and scale their AppSec programs. Its Application Security Posture Management (ASPM) platform easily deploys into an organization’s environment to create an actionable, unified inventory of all application assets, their owners, security posture and associated risk. With Enso Security, AppSec teams gain the capacity to manage the tools, people and processes involved in application security, enabling them to build a simplified, agile and scalable application security program without interfering with development. Enso has been recognized with numerous awards including the 2022 Excellence Awards, Globee Awards, and Forbes Top 20 Cybersecurity Startups to Watch. -
13
Code Intelligence
Code Intelligence
Our platform uses various security techniques, including coverage-guided and feedback-based fuzz testing, to automatically generate millions of test cases that trigger hard-to-find bugs deep within your application. This white-box approach protects against edge cases and speeds up development. Advanced fuzzing engines generate inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Uncover true vulnerabilities only. Get the input and stack trace as proof, so you can reliably reproduce errors every time. AI white-box testing uses data from all previous test runs to continuously learn the inner-workings of your application, triggering security-critical bugs with increasingly high precision. -
14
Seemplicity
Seemplicity
The fundamentals of workplace productivity have been redefined with automated workflows in nearly all domains. But what about security? When it comes to driving risk down, security teams are forced to play air traffic controller, deduplicating, sorting, and prioritizing every security finding that comes in, then routing and following up with developers all across the organization to make sure problems get fixed. The result, is a massive administrative burden on an already resource-constrained team, stubbornly long time-to-remediation, friction between security and development, and an inability to scale. Seemplicity revolutionizes the way security teams work by automating, optimizing, and scaling all risk reduction workflows in one workspace. Aggregated findings with the same solution on the same resource. Exceptions, such as rejected tickets or tickets with a fixed status but an open finding, are automatically redirected to the security team for review. -
15
Argon
ArgonSec
The first unified security solution protecting the integrity of your software throughout the entire DevOps CI CD pipeline. Track all events and actions across your software supply chain with unparalleled clarity, get actionable information and make decisions faster. Bolster your security posture by enforcing security best practices at all stages of the software delivery process with real-time alerts and auto-remediation. Ensure source code integrity with automated validity checks on each release, so you can be sure the code you committed is the source code deployed. Argon continuously monitors your DevOps infrastructure to identify security risks, code leaks, misconfigurations, and anomalies, and provide insights about the posture of your CI CD pipeline. -
16
ArmorCode
ArmorCode
Centralize all AppSec findings (SAST, DAST, SCA, etc) and correlate with infrastructure and cloud security vulnerabilities to get a 360o view of you application security posture. Normalize, de-dup and correlate findings to improve risk mitigation efficiency and prioritize the findings that impact the business. A single source of truth for findings and remediations from across tools, teams and applications. AppSecOps is the process of identifying, prioritizing, remediating and preventing Security breaches, vulnerabilities and risks - fully integrated with existing DevSecOps workflows, teams and tools An AppSecOps platform enables security teams to scale their ability to successfully identify, remediate and prevent high-priority application level security, vulnerability, and compliance issues, as well as identify and eliminate coverage gaps. -
17
Procyon
Procyon
Get frictionless, secure access to cloud infrastructure. Get passwordless access to major cloud platforms and thousands of cloud resources. We work seamlessly with AWS, GCP, Azure, and other cloud-native tools. Stop overprivileged access with just-in-time access for developers. DevOps users can request access to cloud resources with ‘just enough privileges’ to get timebound access to resources. Eliminate productivity bottlenecks of a centralized administrator. Configure approval policies based on a variety of factors. View a catalog of granted and unaccessed resources. Stop credential sprawl and worrying about credential theft. Developers can get passwordless access to cloud resources using Trusted Platform Module (TPM) based technology. Discover potential vulnerabilities now with our free assessment tool and understand how Procyon can help solve the problem in a matter of hours. Leverage TPM to strongly identify users and devices. -
18
Entitle
BeyondTrust
Entitle fuses a security-first approach to provisioning and governance, with a commitment to business enablement for all teams, from R&D and sales to H&R and finance. Speed up provisioning to unlock security policies that automatically update with changing infrastructure and employee needs. Grant permissions to specific resources, like Google Drive folders, database tables, Git repositories, and more. Keep privileged resources and roles safe by granting access only when needed, and removing them when not. Give peers, managers, and resource owners the power to approve access requests, for authorizations you can trust. With automated access requests and zero-touch provisioning, DevOps, IT, and all teams can save serious time and resources. Users can request access to what they need via Slack, Teams, Jira, or email for a seamless approval process. Grant bulk permissions for fast onboarding and offboarding to keep up with organizational changes. -
19
Scrut Automation
Scrut
With Scrut, automate your risk assessment and monitoring, build your own unique risk-first infosec program, effortlessly manage multiple compliance audits, and demonstrate trust with your customers, all from a single window. Discover cyber assets, set up your infosec program and controls, continuously monitor your controls for 24/7 compliance, and manage multiple compliance audits simultaneously, all through a single window on Scrut. Monitor risks across your infrastructure and application landscape in real-time and continuously stay compliant with 20+ compliance frameworks. Collaborate with team members, auditors, and pen-testers with automated workflows and seamless artifact sharing. Create, assign, and monitor tasks to manage daily compliance with automated alerts and reminders. With the help of 70+ integrations with commonly used applications, make continuous security compliance effortless. Scrut’s intuitive dashboards provide quick overviews and insights. -
20
Silk Security
Silk Security
Cut through the findings flood, holistically understand risk, automate prioritization, and collaborate on fix remediation — all in one platform. Adoption of cloud, hybrid, and cloud-native applications generates more complexity and scale issues that legacy approaches can't begin to address. Without enough environmental context, security teams struggle to measure and prioritize the risk associated with findings. Duplicate alerts from multiple tools mean compounds the challenge for security teams to prioritize and assign remediation ownership. 60% of the breaches that occur are due to a security alert that the organization knew about, but struggled to map stakeholder responsibility for the fix. Map stakeholder responsibility, enable self-service remediation with actionable recommendations, and facilitate bidirectional collaboration through integration into existing tools and workflows. -
21
Tromzo
Tromzo
Tromzo builds deep environmental and organizational context from code to cloud so you can accelerate the remediation of critical risks across the software supply chain. Tromzo accelerates the remediation of risks at every layer from code to cloud. We do this by building a prioritized risk view of the entire software supply chain with context from code to cloud. This context helps our users understand which few assets are critical to the business, prevent risks from being introduced to those critical assets, and automate the remediation lifecycle of the few issues that truly matter. Contextual software asset inventory (code repos, software dependencies, SBOMs, containers, microservices, etc.), so you know what you have, who owns them, and which ones are important to the business. Understand the security posture for every team with SLA compliance, MTTR, and other custom KPIs, so you can drive risk remediation and accountability across the organization. -
22
ProjectDiscovery
ProjectDiscovery
Use automation, integrations, and continuous scanning to defend your modern tech stack. Build your regression database with alerts and CI/CD tools to prevent vulnerabilities from reappearing. Effortlessly retest vulnerabilities. Save time and resources allowing your team to ship faster. Security should be simple, accessible, and community-driven. Not all vulnerabilities and assets are worth triaging. Focus on the ones that matter to your workflows with context-enriched data. Our AI templating integration reads vulnerability reports and tailors templates to your needs, saving you time and effort on automation. Automate with support from APIs and webhooks. Trigger scans and receive real-time updates on vulnerabilities, assets, and templates. Collaborate across teams by sharing templates, assets, and vulnerabilities. Our enterprise platform has an amazing foundation. -
23
Maverix
Maverix
Maverix blends itself into the existing DevOps process, brings all required integrations with software engineering and application security tools, and manages the application security testing process end to end. AI-based automation for security issues management including detection, grouping, prioritization, filtration, synchronization, control of fixes, and support of mitigation rules. Best-in-class DevSecOps data warehouse for full visibility into application security improvements over time and team efficiency. Security issues can be easily tracked, triaged, and prioritized – all from a single user interface for the security team, with integrations to third-party products. Gain full visibility into application production readiness and application security improvements over time. -
24
Cypago
Cypago
Reduce manual efforts, lower costs and strengthen trust with customers with no-code automation workflows. Elevate your security Governance, Risk, and Compliance (GRC) maturity through simplified and automated cross-functional processes. Everything you need to know about achieving and maintaining compliance across all security frameworks and IT environments. Get in-depth ongoing insight into your compliance and risk posture. Save thousands of hours of manual work by leveraging the power of true automation. Put security policies and procedures into action to maintain accountability. At last, a complete audit automation experience, including audit scope generation and customization, 3600 evidence collection across data silos, in-context gap analysis, and auditor-trusted reports. Because audits can be easier and way more efficient than they are today. Transform chaos into compliance and enjoy instant insights on your employee and user base access privileges and permissions. -
25
Opus Security
Opus Security
Prioritize what really matters based on risk, contextual analysis, and event de-duplication. Manage the full remediation lifecycle and eliminate manual effort from the remediation process by introducing automation throughout. Drive cross-organizational initiatives with ease. Consolidate all your issues across posture management and vulnerability tools. Drastically reduce the number of issues by identifying common root causes, and get clear visibility and in-depth reporting. Effectively collaborate with distributed teams within their own tools. Deliver a personalized, relevant experience for every engineer. Provide actionable remediation guidance and practical code suggestions. Easily adapt to your own organizational structure. A centralized, unified platform designed to drive effective remediation across any attack surface, any tool, and any stakeholder. Easily integrating with existing posture management and vulnerability tools, Opus provides much-needed visibility. -
26
Blink
Blink Ops
Blink is an ROI force multiplier for security teams and business leaders looking to quickly and easily secure a wide variety of use cases. Get full visibility and coverage of alerts across your organization and security stack. Utilize automated flows to reduce noise and false positives in alerts. Scan for attacks and proactively identify insider threats and vulnerabilities. Create automated workflows that add relevant context, streamline communications, and reduce MTTR. Take action on alerts and improve your cloud security posture with no-code automation and generative AI. Shift-left access requests, streamline approvals flows, and unblock developers while keeping your applications secure. Continuously monitor your application for SOC2, ISO, GDPR, or other compliance checks and enforce controls. -
27
OpenContext
OpenContext
OpenContext eliminates drift and provides the insight DevOps folks need to reduce toil. OpenContext unites all aspects of the socio-technical stack, connecting your code to artifacts in the cloud into a graph-based view. Our always-growing integration ecosystem tells the whole story of your tech stack. OpenContext discovers your socio-technical graph in real time, tracking the data lineage and best practices that ensure your team is audit-ready. We’ll show you exactly who has the relevant knowledge to address the problem, finding your fixer without all the extra effort. That means fewer interruptions, fewer contributors pulled off their regular work, and a much better use of your time and money. OpenContext auto-discovers your technical stack. You can’t afford to let those liabilities stay hidden. It leads to a real scramble to find the key people, your fixers, who know exactly how everything is put together. -
28
Mindflow
Mindflow
Embrace hyper-automation at scale with intuitive no-code & AI-generated flows. Access every tool you need through the most extensive integration library ever provided. Pick the service you want from the Integrations library and automate your way. Onboard and build your first workflows in minutes. Use pre-built templates if you need them, help yourself with the AI assistant, or benefit from the Mindflow excellence center. Type your input in plain-language text and let Mindflow do the rest. Generate workflows adapted to your tech stack from any input. Create AI-generated workflows to help you address any use case and reduce the building time to the minimum. Mindflow redefines enterprise automation, offering an extensive catalog of integrations. Add any new tool to our platform within minutes, breaking the barriers of traditional integration. Connect and orchestrate your tech stack, no matter the tools you use. -
29
AppSOC
AppSOC
Coverage for a wide variety of security scanners - infrastructure, platforms, and applications. Create a single policy to apply across all the scanners in the pipeline - any microservice or application. Enriched software bill of material with information from your SCA platform and multiple scanners. With unified application and vulnerability correlation information reporting, business executives and product owners can accelerate the time to market. With automated triaging, deduping and 95% noise reduction, you know exactly the vulnerabilities to focus on. With workflow automation, risk-based triaging and prioritization, you can now scale instead of manually chasing every issue. With machine learning based correlation and application level risk scoring you have an exact understanding of impact of every vulnerability on your compliance. -
30
Syhunt Hybrid
Syhunt
Syhunt dynamically injects data in web applications and analyzes the application response to determine if the application code is vulnerable, automating the web application security testing and proactively guarding your organization's Web infrastructure against several kinds of web application security threats. Syhunt Hybrid follows simple GUI standards, prioritizing ease of use and automation and thus requiring minimal to no user intervention before or during scans despite a large number of customization options. Compare past scan sessions to determine new, unchanged or removed vulnerabilities. Generate a comparison report that displays the evolution of vulnerabilities over time by automatically comparing previous scan session data related to a specific target.
