Alternatives to ProGet
Compare ProGet alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to ProGet in 2026. Compare features, ratings, user reviews, pricing, and more from ProGet competitors and alternatives in order to make an informed decision for your business.
-
1
GitLab
GitLab
GitLab is a complete DevOps platform. With GitLab, you get a complete CI/CD toolchain out-of-the-box. One interface. One conversation. One permission model. GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate. GitLab helps teams accelerate software delivery from weeks to minutes, reduce development costs, and reduce the risk of application vulnerabilities while increasing developer productivity. Source code management enables coordination, sharing and collaboration across the entire software development team. Track and merge branches, audit changes and enable concurrent work, to accelerate software delivery. Review code, discuss changes, share knowledge, and identify defects in code among distributed teams via asynchronous review and commenting. Automate, track and report code reviews.Starting Price: $29 per user per month -
2
JFrog Artifactory
JFrog
The Industry Standard Universal Binary Repository Manager. Supports all major package types (over 27 and growing) such as Maven, npm, Python, NuGet, Gradle, Go, and Helm including Kubernetes and Docker as well as integration with leading CI servers and DevOps tools that you already use. Additional functionalities include: - High Availability that scales to infinity with active/active clustering of your DevOps environment and scales as business grows - On-Prem, Cloud, Hybrid, or Multi-Cloud Solution - De Facto Kubernetes Registry managing application packages, operating system’s component dependencies, open source libraries, Docker containers, and Helm charts with full visibility of all dependencies. Compatible with a growing list of Kubernetes cluster providers. -
3
Azure Artifacts
Microsoft
Add fully integrated package management to your continuous integration/continuous delivery (CI/CD) pipelines with a single click. Create and share Maven, npm, NuGet, and Python package feeds from public and private sources with teams of any size. Create and share Maven, npm, NuGet, and Python package feeds from public and private sources. Easily share code across small teams and large enterprises. Get universal artifact management for Maven, npm, NuGet, and Python. Share packages, and use built-in CI/CD, versioning, and testing. Share code effortlessly by storing Maven, npm, NuGet, and Python packages together. And there's no need to store binaries in Git, simply store them using Universal Packages. Keep every public source package you use, including packages from npmjs and nuget.org, safe in your feed where only you can delete it, and where it's backed by the enterprise-grade Azure SLA.Starting Price: $6 per user per month -
4
OneDev
OneDev
OneDev is an open-source, self-hosted DevOps platform that unifies Git repository management, CI/CD pipelines, issue tracking, kanban boards, and package registries into a single application. It offers an intuitive GUI for creating CI/CD jobs with features like typed parameters, matrix jobs, logic reuse, and cache management. OneDev includes built-in registries for Docker, NPM, Maven, NuGet, PyPi, and more, facilitating comprehensive package management. It supports progressive and iterative issue tracking through iterations, enhancing agile workflows. With out-of-the-box code search and navigation, Renovate integration for dependency updates, and a RESTful API, OneDev streamlines development processes. It is designed for easy installation and maintenance, providing high performance and scalability. OneDev is developed and maintained by an inclusive community, ensuring continuous improvements and support.Starting Price: $6 per month -
5
Yarn
Yarn
Yarn is a package manager which doubles down as project manager. Whether you work on one-shot projects or large monorepos, as a hobbyist or an enterprise user, we've got you covered. Split your project into sub-components kept within a single repository. Yarn guarantees that an install that works now will continue to work the same way in the future. Yarn cannot solve all your problems, but it can be the foundation for others to do it. We believe in challenging the status quo. What should the ideal developer experience be like? Yarn is an independent open-source project tied to no company. Your support makes us thrive. Yarn already knows everything there is to know about your dependency tree, it even installs it on the disk for you. So, why is it up to Node to find where your packages are? Instead, it should be the package manager's job to inform the interpreter about the location of the packages on the disk and manage any dependencies between packages and even versions of packages.Starting Price: Free -
6
Sonatype Nexus Repository
Sonatype
Sonatype Nexus Repository is a robust binary repository manager designed to store, manage, and distribute open-source components, dependencies, and artifacts across the software development lifecycle (SDLC). It supports over 20 formats, including Maven, npm, PyPI, and Docker, allowing for seamless integration with build tools and CI/CD pipelines. With advanced features like high availability, disaster recovery, and scalability across cloud platforms, Nexus Repository ensures secure and efficient management of your software artifacts. The platform enhances collaboration, automates workflows, and improves visibility into your software supply chain, helping teams manage dependencies and improve software quality. -
7
ActiveState
ActiveState
ActiveState provides software development teams with the world's most comprehensive library of secure and trusted open source, over 79 million vetted components across all major language ecosystems (e.g., Java, Javascript, Python, R, Go, etc.), including transitive dependencies and OS-level libraries. By building everything from source, we ensure that every component is what it says it is, contains the fewest amount of vulnerabilities, and is continuously remediated. Companies can consume this open source where and when they need it - through their existing artifact repositories, as container images or managed distributions, or via IDPs. When teams transfer their open source responsibility to ActiveState, developers and security teams break free from the endless cycle of vulnerability management. Developers gain confidence knowing their code will make it to production faster and with less friction. Security gains assurance that policy and compliance standards are met by default. -
8
MyGet
MyGet
The Secure Universal Package Manager. Continuously govern and audit all packages in your DevOps lifecycle. Thousands of teams worldwide trust MyGet with their package management and governance. Accelerate your software team with cloud package management, robust security controls and easy continuous integration build services. MyGet is a Universal Package Manager that integrates with your existing source code ecosystem and enables end-to-end package management. Centralized package management delivers consistency and governance to your DevOps workflow. MyGet real-time software license detection tracks your teams’ package usage and detects dependencies across all of your packages. Customized usage policies ensure your teams are only using approved packages while reporting vulnerabilities and outdated packages early in your software build and release cycles.Starting Price: $15 per month -
9
Rails Assets
Rails Assets
Rails Assets is the frictionless proxy between Bundler and Bower. It automatically converts the packaged components into gems that are easily droppable into your asset pipeline and stay up to date. First, make sure you use bundler >= 1.8.4. Add Rails Assets as a new gem source, then reference any Bower components that you need as gems. In development, if you have issues with SSL certificates and security is not a priority, you can use the alternate endpoint instead. During bundle install, if Bundler requests a package like this, Rails Assets’ daemon automatically will fetch the component from Bower’s registry, analyze its manifest file, bower.json, repackage the component as a valid Ruby gem and serve it to your application. Dependencies are handled the same way recursively. Gems created by Rails Assets work great with any Sprockets-based application. It works with Sinatra too!Starting Price: Free -
10
GitHub Packages
GitHub
With GitHub Packages, you can safely publish and consume packages within your organization or with the entire world. Use industry and community-standard package managers with native tooling commands. Then authenticate and publish directly to GitHub. Understand and safely install package contents. Get packages directly from the community on GitHub, and use only what’s been approved for your organization. Store your packages in the same secure environment as your source code, all protected by your GitHub credentials. With a full API and webhooks support, you can extend your workflows to work with GitHub Packages. GitHub Packages is built with the latest edge caching via a global CDN to deliver great performance, no matter where your builds run. Use Actions to automatically publish new package versions to GitHub Packages. Run your CI/CD with Actions, and install packages and images hosted on GitHub Packages or your preferred registry of record.Starting Price: $0.25 per GB -
11
Chocolatey
Chocolatey
Chocolatey has the largest online registry of Windows packages. Chocolatey packages encapsulate everything required to manage a particular piece of software into one deployment artifact by wrapping installers, executables, zips, and/or scripts into a compiled package file. Package submissions go through a rigorous moderation review process, including automatic virus scanning. The community repository has a strict policy on malicious and pirated software. Many organizations face the ongoing challenge of deploying and supporting various versions of software. Chocolatey allows organizations to automate and simplify the management of their complex Windows environments. Our customers have experienced a massive reduction in effort, improved speed of deployment, high reliability, and comprehensive reporting. Reduce complexity, save yourself time, and get up to speed on the latest technologies and approaches.Starting Price: $96 per year -
12
Apptimized Workspace
Apptimized
Discover, package and test your apps in your browser. Cloud-based application packaging environment, created for application packaging professionals by application packaging professionals. The scalable, low-cost alternative to traditional thick client discovery & packaging tools. Flexible and easy-to-use environment to serve all your software packaging needs. Access everything needed to analyze, document, package, remediate and test Microsoft Win32 applications. Without the need for infrastructure or VPN, a low monthly subscription with nothing to install, maintain or configure. Apptimized Workspace is a comprehensive and instantly available packaging environment in the cloud that takes your packaging process and all related areas to a new efficiency level. Do more with Apptimized Workspace than with any existing toolset, straight out of the box. -
13
Sonatype Nexus Repository is a powerful binary repository manager designed to streamline the management of open-source and third-party components in your software development lifecycle. The Community Edition, available for free, supports essential features such as integration with popular CI/CD tools, enhanced security for managing components, and support for up to 200,000 requests per day. As your needs scale, Nexus Repository Pro offers additional features like unlimited components, high availability, disaster recovery, and advanced security controls, making it a comprehensive solution for businesses of all sizes.Starting Price: Free
-
14
Bower
Bower
Web sites are made of lots of things, frameworks, libraries, assets, and utilities. Bower manages all these things for you. Keeping track of all these packages and making sure they are up to date (or set to the specific versions you need) is tricky. Bower to the rescue! Bower can manage components that contain HTML, CSS, JavaScript, fonts, or even image files. Bower doesn’t concatenate or minify code or do anything else, it just installs the right versions of the packages you need and their dependencies. To get started, Bower works by fetching and installing packages from all over, taking care of hunting, finding, downloading, and saving the stuff you’re looking for. Bower keeps track of these packages in a manifest file, bower.json. How you use packages is up to you. Bower provides hooks to facilitate using packages in your tools and workflows. Bower is optimized for the front-end. If multiple packages depend on a package, jQuery, for example, Bower will download jQuery just once.Starting Price: Free -
15
Aleo
Aleo
Modular and compliant. The ultimate toolkit for building private applications is finally here. World-class infrastructure built for you and your team. From IDE to blockchain and everything in between. Develop with Leo. Write your app using our programming language, with ease. Iterate blazingly fast. Use our platform to compile and test, frustration-free. Deploy to the blockchain. Launch your shiny new app in less time than ever. Discover what we're building for developers like you. Write applications in a breeze with packages from our community on Aleo Package Manager. For the first time, make no compromise between convenience and user privacy. Deploy and share your application on Aleo easily for life. Aleo has put together a solid compiler team to build a very ambitious circuit compiler language. The core aim of this endeavor is to allow developers to make use of zero-knowledge proofs in their applications in as simple a manner as possible. -
16
InstallAnywhere
Revenera
Don’t risk an installation error and poor customer experience. InstallAnywhere is the leading multi-platform solution for developers creating installers for physical, virtual, and cloud environments. InstallAnywhere makes it easy for developers to create professional installation software that performs the same, no matter what the platform. You’ll be able to create reliable installations for on-premises platforms like Windows, Linux, Apple, Solaris, AIX, HP-UX, and IBM, and then deploy them physically, virtually, or to the cloud (you can even package it up into a Docker container) all from a single project file. Whether for standalone instances or integrated into your current systems, with InstallAnywhere, you’ll be able to adapt to industry changes quickly, get to market faster and deliver an engaging customer experience. Reduce software development time and go to market faster. Impress end-users with customized installations. Simplify Virtualization and cloud-based deployments.Starting Price: $7,423 per 3 years -
17
packagecloud
packagecloud
Fast, reliable, and secure software starts here. A unified, developer-friendly interface for all of your artifacts written in any language, delivered to any infrastructure. Ship securely and quickly knowing your packages are handled by packagecloud. Consistent package repositories, at enterprise scale and startup speed. A single API and CLI for every environment and package type. Works seamlessly and harmoniously with the systems you already use. Manage all of your packages and deploy to any environment, from one beautiful interface, on-premise or in the cloud. Packagecloud supports the most popular package types, from Java to Python to Ruby and Node, and more. Built for teams with collaboration and access control features. Packagecloud just works. Upload any supported package type via a single, consistent API and deploy with ease. We run thousands of tests to ensure correct and consistent behavior even in the face of bugs in the packaging systems themselves.Starting Price: $150 per month -
18
RepoFlow
RepoFlow
RepoFlow makes package management effortless and efficient. Designed to simplify your development workflow, RepoFlow provides a seamless experience for managing, discovering, and utilizing your software packages. Whether you’re a solo developer or part of a large team, RepoFlow has the tools you need to work smarter and faster. Why RepoFlow? • Simple and Intuitive RepoFlow is designed with developers in mind, offering a clean, straightforward interface. Quickly find the packages you need, view their details, and access ReadMe files without jumping through hoops. • Lightning-Fast Search Handle thousands of packages effortlessly with a powerful search that surfaces the exact package you're looking for, with the ability to filter by repository, version, or other metadata. • Rich Package Insights View ReadMe files, setup instructions, and other package details in just a few clicks. RepoFlow ensures all relevant information is easily accessible, saving you time.Starting Price: $79/month -
19
eemaan Deployment Manager
eemaan
Package and deploy software & configuration updates in seconds. Follow a 5-step wizard to package Genesys software and configuration into a portable package ready to be shared with colleagues, all from the comfort of a powerful dashboard. Deploy any shared package in a few clicks. Select the location, the package, the Genesys Application you want to update, optionally customize the deployment, and just click 'Go'. The whole process of downloading software, and updating the Genesys configuration is carried out automatically. The deployment didn't go to plan? Not to worry, just one click, and the old software and configuration are restored. The best is always saved for last. The deployment process comes with an automatic Runbook generator. In the blink of an eye, a step-by-step runbook is generated for the approval process, and for that, just in case something goes the wrong backup plan. -
20
Packagist
Packagist
Packagist is the main composer repository. It aggregates public PHP packages installable with Composer. Put a file named composer.json at the root of your project, containing your project dependencies. Packagist is the default Composer package repository. It lets you find packages and lets Composer know where to get the code from. You can use Composer to manage your project or libraries' dependencies. First of all, you must pick a package name. This is a very important step since it can not change and it should be unique enough to avoid conflicts in the future. The package name consists of a vendor name and a project name joined by a/. The vendor name exists to prevent naming conflicts. The composer.json file should reside at the top of your package's git/svn/ repository and is the way you describe your package to both packagist and composer. New versions of your package are automatically fetched from tags you create in your VCS repository. -
21
npm
npm
We're npm, Inc., the company behind Node package manager, the npm Registry, and npm CLI. We offer those to the community for free, but our day job is building and selling useful tools for developers like you. Get started today for free, or step up to npm Pro to enjoy a premium JavaScript development experience, with features like private packages. Bring the best of open source to you, your team, and your company. Relied upon by more than 11 million developers worldwide, npm is committed to making JavaScript development elegant, productive, and safe. The free npm Registry has become the center of JavaScript code sharing, and with more than one million packages, the largest software registry in the world. Our other tools and services take the Registry, and the work you do around it, to the next level. At npm, Inc., we're proud to dedicate teams of full-time employees to operating the npm Registry, enhancing the CLI, improving JavaScript security, and other projects.Starting Price: $7 per month -
22
Gemfury
Gemfury
Gemfury is a hosted repository for your public and private packages, where they are safe and within reach. Install them to any machine in minutes without worrying about running and securing your own repository server. Gemfury works with RubyGems, Python packages, npm modules, and all compatible frameworks and services. Authenticated Repo-URL keeps your private packages safe and secure during deployment. All management and deployment is done over SSL. Do everything you need with just a few terminal commands. We are hackers and love the command line; this one is our favorite. Gemfury is designed for teams. Share your account with coworkers and let them easily access your packages. Gemfury works with RubyGems, Python packages, npm modules, and all compatible frameworks and services. Install and use your code anywhere. Seamless integration and secure installation. Collaborate with your team.Starting Price: $9 per month -
23
CloudRepo
CloudRepo
CloudRepo provides fully managed, cloud-based, private repositories. With CloudRepo, developers store and access Public and Private, Maven, and Python repositories in the cloud. CloudRepo stores your maven repositories across multiple physical servers reducing the probability of data loss & maven repository downtime due to hardware failure. We help reduce time and resources spent running unsecured & vulnerable maven repositories, which allows everyone to focus on developing more. Your team has completed all this developing to ultimately distribute your repositories. Use the Software Distribution feature to make sure your repositories get in the right hands.Starting Price: $79 per month -
24
InstallShield
Revenera
Create native MSIX packages, build clean installs, and build installations in the cloud with InstallShield from Revenera. Consistent and reliable installs. Every time. With InstallShield, you’ll adapt to industry changes quickly, get to market faster and deliver an engaging customer experience. Revenera InstallShield (formerly Flexera InstallShield) is the fastest easiest way to build Windows installers and MSIX packages and create installations directly within Microsoft Visual Studio. Configure install conditions to specifically target Windows 11 and Windows Server 2022. Install files to native ARM locations on Windows 10 running on ARM machines. Easily move your build infrastructure to the cloud by connecting to Revenera’s Cloud License Server. Build one-click installers that are more modern than ever and refreshingly simple. Configure pre-requisites to install third-party packages from Microsoft’s Windows Package Manager.Starting Price: $4,498 per 3 years -
25
NuGet
NuGet
NuGet is the package manager for .NET. The NuGet client tools provide the ability to produce and consume packages. The NuGet Gallery is the central package repository used by all package authors and consumers. New to NuGet? Start with a walkthrough showing how NuGet powers your .NET development. Browse the thousands of packages that developers like you have created and shared with the .NET community. Want to make your first NuGet package and share it with the community? Start with our walkthrough! The command-line tool, nuget.exe, builds and runs under Mono 3.2+ and can create packages in Mono. Although nuget.exe works fully on Windows, there are known issues with Linux and OS X. The primary source for learning about a package is its listing page on NuGet (or another private feed). Each package page on NuGet includes a description of the package, its version history, and usage statistics.Starting Price: Free -
26
JFrog
JFrog
Fully automated DevOps platform for distributing trusted software releases from code to production. Onboard DevOps projects with users, resources and permissions for faster deployment frequency. Fearlessly update with proactive identification of open source vulnerabilities and license compliance violations. Achieve zero downtime across your DevOps pipeline with High Availability and active/active clustering for your enterprise. Control your DevOps environment with out-of-the-box native and ecosystem integrations. Enterprise ready with choice of on-prem, cloud, multi-cloud or hybrid deployments that scale as you grow. Ensure speed, reliability and security of IoT software updates and device management at scale. Create new DevOps projects in minutes and easily onboard team members, resources and storage quotas to get coding faster.Starting Price: $98 per month -
27
Sonatype Vulnerability Scanner
Sonatype
Sonatype’s Vulnerability Scanner is a tool designed to help developers identify security risks and compliance issues in their open-source components. It provides users with a comprehensive Software Bill of Materials (SBOM), which lists all open-source dependencies and highlights vulnerabilities and license risks. The platform offers real-time scanning and actionable insights, allowing teams to assess the severity of risks and implement fixes swiftly. With automated scans and detailed reports, Sonatype’s Vulnerability Scanner helps organizations secure their applications, manage third-party dependencies, and maintain compliance across their software environments. -
28
Docker Scout
Docker
Container images consist of layers and software packages, which are susceptible to vulnerabilities. These vulnerabilities can compromise the security of containers and applications. Docker Scout is a solution for proactively enhancing your software supply chain security. By analyzing your images, Docker Scout compiles an inventory of components, also known as a Software Bill of Materials (SBOM). The SBOM is matched against a continuously updated vulnerability database to pinpoint security weaknesses. Docker Scout is a standalone service and platform that you can interact with using Docker Desktop, Docker Hub, the Docker CLI, and the Docker Scout Dashboard. Docker Scout also facilitates integrations with third-party systems, such as container registries and CI platforms. Reveal and dig into the composition of your images. Ensure that your artifacts align with supply chain best practices.Starting Price: $5 per month -
29
AppScan
HCLSoftware
HCL AppScan is a suite of application security testing platforms, technologies, and services that help organizations detect and remediate vulnerabilities throughout the software development lifecycle (SDLC). Powerful static, dynamic, interactive, and open-source scanning engines (DAST, SAST, IAST, SCA, API) quickly and accurately test code, web applications, APIs, mobile applications, containers, and open-source components with the help of AI and machine learning capabilities. Centralized dashboards provide visibility, oversight, compliance policies, and reporting. HCL AppScan’s scanning engines are maintained by expert security researchers and are continuously updated to remain current with recent technologies, vulnerabilities, and attack vectors. With HCL AppScan, organizations can manage their application security posture and reduce risk across their entire software supply chain.Starting Price: $296 -
30
Apache Subversion
Apache Software Foundation
Welcome to subversion, the online home of the Apache® Subversion® software project. Subversion is an open-source version control system. Founded in 2000 by CollabNet, Inc., the Subversion project and software have seen incredible success over the past decade. Subversion has enjoyed and continues to enjoy widespread adoption in both the open-source arena and the corporate world. Subversion is developed as a project of the Apache Software Foundation, and as such is part of a rich community of developers and users. We're always in need of individuals with a wide range of skills, and we invite you to participate in the development of Apache Subversion. Subversion exists to be universally recognized and adopted as an open-source, centralized version control system characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects. -
31
Perforce TeamHub
Perforce
Your code repository software is where you store your source code. This might be a Mercurial, Git, or SVN repository. Perforce TeamHub (formerly Helix TeamHub) can host your source code repository, whether it’s Mercurial, Git, or SVN. You can add multiple repositories in one project — or create a separate project for each repository. Perforce TeamHub can host more than your code repositories. You can manage and maintain all of your software assets in one spot. This includes build artifacts (Maven, Ivy) and Docker container registries. It also includes private file sharing through WebDAV repositories for your other binary files. You can use TeamHub on its own or alongside P4 to maintain a single source of truth across development teams. For example, you can keep large binary files in P4, then combine those files with Git assets from Perforce TeamHub in a hybrid workspace to achieve high build performance.Starting Price: $1.05/month -
32
RapidFort
RapidFort
Automatically eliminate unused software components and deploy smaller, faster, more secure workloads. RapidFort drastically reduces vulnerability and patch management queues so that developers can focus on building. By eliminating unused container components, RapidFort enhances production workload security and saves developers from unnecessarily patching and maintaining unused code. RapidFort profiles containers to understand what components are needed to run. Run your containers as normal in any environment, dev, test, or prod. Use any container deployment, including Kubernetes, Docker Compose, Amazon EKS, and AWS Fargate. RapidFort then identifies which packages you must keep, enabling you to remove unused packages. Typical improvements are in the 60% to 90% range. RapidFort also provides the option to build and customize remediation profiles, allowing you to pick and choose what to retain or remove.Starting Price: $5,000 per month -
33
PackageManagement (OneGet)
PackageManagement (OneGet)
This module is currently not in development. We are no longer accepting any pull requests to this repository. OneGet is in a stable state and is expected to receive only high-priority bug fixes from Microsoft in the future. If you have a question or are seeing an unexpected behavior from this module please open up an issue in this repository. PackageManagement is supported in Windows, Linux and MacOS now. We periodically make binary drops to PowerShellCore, meaning PackageManagement is a part of PowerShell Core releases.Starting Price: Free -
34
Forgejo
Forgejo
Forgejo is a self-hosted, lightweight software forge designed to be easy to install and low maintenance, providing a familiar environment for GitHub users seeking to transition to a platform they own. It offers simple software project management with features like Git repository hosting, issue tracking, pull requests, wikis, and kanban boards to coordinate with your team. Forgejo includes a built-in continuous integration system called Forgejo Actions, which allows automation directly from the repository. It is customizable, supports organizations and team permissions, uses LDAP, OAuth, and more. Forgejo is privacy-focused, with no tracking, and is built to be lightweight and performant, requiring significantly fewer resources than other forges. It is 100% free, and it is developed and maintained by an inclusive community under the umbrella of Codeberg e.V., a democratic non-profit organization.Starting Price: Free -
35
Flox
Flox
Flox is a development environment manager and package tool that lets developers define, share, and replicate consistent environments across machines by leveraging the Nix ecosystem. Flox lets you create environments via a simple manifest.toml, layering and replacing dependencies precisely where needed. It activates subshells with reproducible dependencies and integrates shell hooks, version constraints, and services (e.g., local databases) to automate setup. Because it runs on the host system (rather than inside containers), developers maintain access to files, configurations, SSH keys, and shell aliases without Docker-style bind mounts. Flox supports cross-platform and multi-architecture environments by default, allowing environments to run identically on various systems; you can constrain them to specific systems or use package groups to manage architecture-specific dependencies.Starting Price: $20 per month -
36
Sonatype Intelligence
Sonatype
Sonatype Intelligence provides a powerful platform for managing open-source security risks with advanced tools for vulnerability identification and remediation. It uses cutting-edge technology like Advanced Binary Fingerprinting (ABF) to scan deployed applications for embedded third-party components, minimizing false positives. Sonatype Intelligence goes beyond public data sources, continuously monitoring GitHub commits, advisory sites, and vulnerability databases to offer real-time insights into emerging threats. With expert-curated guidance for developers, it helps teams quickly identify and fix vulnerabilities, ensuring the security of their open-source components and enhancing their software supply chain security. -
37
Bytesafe
Bitfront
Increase your open source security posture with automated best practices, with a unified workflow for security and developer teams. The cloud-native security platform reduces risk and protects revenue, without slowing down developers. The dependency firewall quarantines malicious open source before reaching developers and infrastructure, protecting data, assets, and company reputation. Our policy engine evaluates threat signals such as known vulnerabilities, license information, and customer-defined rules. Having insight into what open-source components are used in applications is crucial to avoid exploitable vulnerabilities. Software Composition Analysis (SCA) and dashboard reporting give stakeholders a holistic overview with immediate insights into the current situation. Discover when new open-source licenses are introduced in the codebase. Automatically track license compliance issues and restrict problematic or unlicensed packages.Starting Price: €1100 per month -
38
Sonatype Auditor
Sonatype
Sonatype Auditor is a powerful software tool designed to automate and streamline open-source security and compliance management. It enables organizations to generate a Software Bill of Materials (SBOM) and identify any open-source components in third-party or legacy applications. Auditor scans for security risks, such as vulnerabilities or restricted licenses, and provides real-time alerts for continuous monitoring. With its remediation guidance, users can easily address identified issues and improve their security posture. This tool is ideal for businesses looking to manage open-source components, ensure compliance, and reduce risk across their software environments. -
39
Artifact Registry is Google Cloud’s unified, fully managed package and container registry designed for high-performance artifact storage and dependency management. It centralizes hosting of container images (Docker/OCI), Helm charts, language packages (Java/Maven, Node.js/npm, Python), and OS packages, offering fast, scalable, reliable, and secure handling with built-in vulnerability scanning and IAM-based access control. Integrated seamlessly with Google Cloud CI/CD tools like Cloud Build, Cloud Run, GKE, Compute Engine, and App Engine, it supports regional and virtual repositories with granular security via VPC Service Controls and customer-managed encryption keys. Developers benefit from standardized Docker Registry API support, comprehensive REST/RPC interfaces, and migration paths from Container Registry. Daily updated documentation includes quickstarts, repository management, access configuration, observability tools, and deep-dive guides.
-
40
GitHub
GitHub
GitHub is the world’s most secure, most scalable, and most loved developer platform. Join millions of developers and businesses building the software that powers the world. Build with the world’s most innovative communities, backed by our best tools, support, and services. If you manage multiple contributors , there’s a free option: GitHub Team for Open Source. We also run GitHub Sponsors, where we help fund your work. The Pack is back. We’ve partnered up to give students and teachers free access to the best developer tools—for the school year and beyond. Work for a government-recognized nonprofit, association, or 501(c)(3)? Get a discounted Organization account on us.Starting Price: $7 per month -
41
Boman.ai
Boman.ai
Boman.ai can be integrated in your CI/CD pipeline with few commands and minimum configuration. No planning or expertise is needed. Boman.ai brings SAST, DAST, SCA, and secret scans all packaged in one integration. It can support multiple development languages. Boman.ai minimizes your application security expenses by utilizing open-source scanners. You don’t need to buy expensive application security tools. Boman.ai is powered by AI/ML that removes false positives and correlates results to help you in prioritization and fixes. The SaaS platform presents a dashboard for all your scan results in one place. Correlate the results and get insights for better application security. Manage vulnerabilities reported by the scanner. The platform helps to prioritize, triage, and remediate vulnerabilities. -
42
GitCode
GitCode
GitCode is a global open source community and code-hosting platform that mirrors and aggregates repositories to provide deep, fast code exploration and seamless project collaboration in one unified interface. At its core is an intelligent code search engine that lets you query open source projects, models, datasets, issues, pull requests, users, and organizations, complete with keyword filtering by language, stars, forks, update time, highlighted result,s and customizable sorting to surface exactly what you need in seconds. Beyond search, GitCode offers online project browsing with automatic empty-directory folding, a Markdown editor with full emoji support, and both table and Kanban board views for issues and task management. The robust permission matrix lets teams define interdependent, role-based access controls while avoiding configuration errors, and the natural-language OpenAPI endpoint exposes repository metadata for integration into custom workflows. -
43
Advanced Installer
Advanced Installer
Advanced Installer is a Windows installer authoring tool for installing, updating, and configuring your products safely, securely, and reliably. Businesses around the globe, large and small, save hundreds of hours and thousands of dollars by taking advantage of the expert knowledge built into Advanced Installer. User-friendly, completely GUI driven, with no scripts to learn, no databases to edit, and no XML to write. Save time to market. Develop with wizards, import existing IDE projects, and integrate them into automated build tools and source control systems. Hundreds of powerful features are ready to use with just a few mouse clicks. Tons of functionality is configurable for your installers. Fewer incidents due to improper installers. Enjoy reliable installers crafted with great attention to detail. Included updater, launcher, bootstrapper, trialware, serial validation, dialog editor, additional languages, and countless others.Starting Price: $499 one-time payment -
44
PowerShell
Microsoft
PowerShell is a cross-platform task automation and configuration management framework, consisting of a command-line shell and scripting language. Unlike most shells, which accept and return text, PowerShell is built on top of the .NET Common Language Runtime (CLR), and accepts and returns .NET objects. This fundamental change brings entirely new tools and methods for automation. Unlike traditional command-line interfaces, PowerShell cmdlets are designed to deal with objects. An object is structured information that is more than just the string of characters appearing on the screen. Command output always carries extra information that you can use if you need it. If you've used text-processing tools to process data in the past, you'll find that they behave differently when used in PowerShell. In most cases, you don't need text-processing tools to extract specific information. You directly access portions of the data using standard PowerShell object syntax.Starting Price: Free -
45
A task-based, software configuration management solution that brings together global, distributed development teams on a unified platform. IBM® Rational® Synergy is a task-based, software configuration management (SCM) solution that brings together global, distributed development teams on a unified platform. It provides capabilities that help software and systems development teams work and collaborate faster and easier. IBM Rational Synergy helps software delivery teams manage the complexity of global collaboration and boosts overall productivity. Software changes and tasks are synchronized in real-time, so dispersed teams can collaborate in a cohesive fashion over the global delivery framework. High-performance WAN access allows distributed teams to carry out operations at LAN-like speeds, reducing the overhead of having multiple servers. The single SCM repository manages all artifacts related to software development, including source code, documents, and more.
-
46
P4
Perforce
P4 (formerly Helix Core) is an enterprise-grade version control system designed to manage the complexities of modern software development. It allows teams to store, track, and manage all digital assets—ranging from source code to 3D models—with unprecedented scalability. P4 is ideal for large, distributed teams working on large-scale projects, offering powerful collaboration tools, seamless integrations, and advanced branching capabilities. With strong support for both centralized and distributed workflows, P4 enhances productivity and efficiency, making it a top choice for software, game, and hardware development teams. -
47
InstallAware
InstallAware
Your setups are immune to corrupted Windows Installer stacks on target systems (which would cause your setups to fail through no fault of your own), and best of all, you get to switch between native code and Windows Installer setup engines at runtime, as often as you need! When you use the native code setup engine, InstantInstall Acceleration delivers setups that install an order of magnitude faster compared to all other Windows installers. InstallAware Developer is a powerful software installation solution for Windows Installer that enables MSIcode scripting for rapid setup development without the high cost and steep learning curve of other setup solutions. InstallAware effortlessly bridges Win32, Win64, and .NET apps to the Windows Store, creating a Universal Windows app from a customizable template and helping your end-users download your apps directly from the Windows Store.Starting Price: $1,254.92 one-time payment -
48
Harness
Harness
Harness is an AI-native software delivery platform that helps engineering teams achieve excellence by automating and streamlining the entire software delivery lifecycle. It enables continuous integration, continuous delivery, and GitOps for multi-cloud, multi-region deployments with increased speed and reliability. Harness simplifies infrastructure as code, database DevOps, and artifact management to improve collaboration and reduce errors. The platform offers AI-powered testing, incident response, chaos engineering, and feature management to enhance quality and resilience. Harness also provides cloud cost management, security testing orchestration, and developer insights to optimize performance and governance. Trusted by leading enterprises, Harness accelerates innovation while reducing manual effort and risk. -
49
Codeberg
Codeberg
Codeberg is a collaboration platform and git hosting for free and open source software, content and projects. Independent and powered by your donations and contributions - consider joining the non-profit association Codeberg e. V. to further support our mission and receive your vote! All services run on servers under our control, no dependencies on external services and no third party cookies, no tracking. While all successful software tools that enabled this development were contributed by the Free and Open Source Software community, commercial for-profit platforms dominate the hosting of the results of our collaborative work. This has led to the paradox that literally millions of volunteers create, collect, and maintain invaluable knowledge, documentation, and software, to feed closed platforms driven by commercial interests, whose program is neither visible nor controllable from outside.Starting Price: Free -
50
sourcehut
sourcehut
SourceHut is a suite of open source tools designed for efficient software development, offering Git and Mercurial hosting, mailing lists, bug tracking, continuous integration, and more. It emphasizes privacy and simplicity, featuring no tracking or advertising, and ensuring all functionalities operate without JavaScript. Users can manage public, private, and "unlisted" repositories with fine-grained access control, including options for users without accounts. SourceHut's continuous integration system supports fully virtualized builds on various Linux distributions and BSDs, allowing for ad-hoc job submissions without pushing to repositories, and provides post-build triggers for email and webhooks. It also includes mailing lists with web-based patch review tools and searchable archives, focused ticket tracking for actionable tasks, and hosted real-time chat services via IRC.Starting Price: Free
