ProGet Alternatives

Give your teams a single source of truth for every component they use. Optimize build performance and reliability by caching proxies of remote repositories. Deliver universal coverage for all major package types and formats. Install on an unlimited amount of servers for an unlimited amount of users. Store and distribute Maven/Java, npm, NuGet, Helm, Docker, P2, OBR, APT, GO, R, Conan components and more. Manage components from dev through delivery, binaries, containers, assemblies, and finished goods. Awesome support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy. Streamline productivity by sharing components internally. Gain insight into component security, license, and quality issues. Build off-line with remote package availability. Integrate with industry-leading build tools. Nexus Repository Pro capabilities for your binaries and build artifacts across the entire software supply chain.

The Industry Standard Universal Binary Repository Manager. Supports all major package types (over 27 and growing) such as Maven, npm, Python, NuGet, Gradle, Go, and Helm including Kubernetes and Docker as well as integration with leading CI servers and DevOps tools that you already use. Additional functionalities include: - High Availability that scales to infinity with active/active clustering of your DevOps environment and scales as business grows - On-Prem, Cloud, Hybrid, or Multi-Cloud Solution - De Facto Kubernetes Registry managing application packages, operating system’s component dependencies, open source libraries, Docker containers, and Helm charts with full visibility of all dependencies. Compatible with a growing list of Kubernetes cluster providers.

Manage binaries and build artifacts across your software supply chain. Single source of truth for all of your components, binaries, and build artifacts. Efficiently distribute parts and containers to developers. Deployed at more than 100,000 organizations globally. Store and distribute Maven/Java, npm, NuGet, Helm, Docker, P2, OBR, APT, GO, R, Conan components and more. Manage components from dev through delivery: binaries, containers, assemblies, and finished goods. Advanced support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy. Compatible with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more. Deliver innovation 24x7x365 with high availability. A single source of truth for components used across your entire software development lifecycle including QA, staging, and operations. Easily integrate with existing user and access provisioning systems including LDAP, Atlassian Crowd, and more.

Protect your software supply chain with the ActiveState Platform. The only turn-key software supply chain that automates and secures importing, building & consuming open source. Available now for Python, Perl & Tcl. Our secure supply chain starts with modern package management that’s 100% compatible with the packages you use, highly-automated, and includes key enterprise features. Automated builds from source code, including linked C libraries. Per-package and per-version vulnerability flagging ensures you can automatically build/rebuild secure environments. A complete Bill of Materials (BOM) including provenance, licensing & all dependencies, including transient, OS & shared dependencies. Built-in virtual environments simplify development, debugging, testing and multi-project work. Web UI, API & CLI for Windows/Linux, with full macOS support soon. Spend less time wrestling with packages, dependencies, and vulnerabilities and more time focused on doing what you do best, coding!

Yarn is a package manager which doubles down as project manager. Whether you work on one-shot projects or large monorepos, as a hobbyist or an enterprise user, we've got you covered. Split your project into sub-components kept within a single repository. Yarn guarantees that an install that works now will continue to work the same way in the future. Yarn cannot solve all your problems, but it can be the foundation for others to do it. We believe in challenging the status quo. What should the ideal developer experience be like? Yarn is an independent open-source project tied to no company. Your support makes us thrive. Yarn already knows everything there is to know about your dependency tree, it even installs it on the disk for you. So, why is it up to Node to find where your packages are? Instead, it should be the package manager's job to inform the interpreter about the location of the packages on the disk and manage any dependencies between packages and even versions of packages.

Modular and compliant. The ultimate toolkit for building private applications is finally here. World-class infrastructure built for you and your team. From IDE to blockchain and everything in between. Develop with Leo. Write your app using our programming language, with ease. Iterate blazingly fast. Use our platform to compile and test, frustration-free. Deploy to the blockchain. Launch your shiny new app in less time than ever. Discover what we're building for developers like you. Write applications in a breeze with packages from our community on Aleo Package Manager. For the first time, make no compromise between convenience and user privacy. Deploy and share your application on Aleo easily for life. Aleo has put together a solid compiler team to build a very ambitious circuit compiler language. The core aim of this endeavor is to allow developers to make use of zero-knowledge proofs in their applications in as simple a manner as possible.

Add fully integrated package management to your continuous integration/continuous delivery (CI/CD) pipelines with a single click. Create and share Maven, npm, NuGet, and Python package feeds from public and private sources with teams of any size. Create and share Maven, npm, NuGet, and Python package feeds from public and private sources. Easily share code across small teams and large enterprises. Get universal artifact management for Maven, npm, NuGet, and Python. Share packages, and use built-in CI/CD, versioning, and testing. Share code effortlessly by storing Maven, npm, NuGet, and Python packages together. And there's no need to store binaries in Git, simply store them using Universal Packages. Keep every public source package you use, including packages from npmjs and nuget.org, safe in your feed where only you can delete it, and where it's backed by the enterprise-grade Azure SLA.

Rails Assets is the frictionless proxy between Bundler and Bower. It automatically converts the packaged components into gems that are easily droppable into your asset pipeline and stay up to date. First, make sure you use bundler >= 1.8.4. Add Rails Assets as a new gem source, then reference any Bower components that you need as gems. In development, if you have issues with SSL certificates and security is not a priority, you can use the alternate endpoint instead. During bundle install, if Bundler requests a package like this, Rails Assets’ daemon automatically will fetch the component from Bower’s registry, analyze its manifest file, bower.json, repackage the component as a valid Ruby gem and serve it to your application. Dependencies are handled the same way recursively. Gems created by Rails Assets work great with any Sprockets-based application. It works with Sinatra too!

Don’t risk an installation error and poor customer experience. InstallAnywhere is the leading multi-platform solution for developers creating installers for physical, virtual, and cloud environments. InstallAnywhere makes it easy for developers to create professional installation software that performs the same, no matter what the platform. You’ll be able to create reliable installations for on-premises platforms like Windows, Linux, Apple, Solaris, AIX, HP-UX, and IBM, and then deploy them physically, virtually, or to the cloud (you can even package it up into a Docker container) all from a single project file. Whether for standalone instances or integrated into your current systems, with InstallAnywhere, you’ll be able to adapt to industry changes quickly, get to market faster and deliver an engaging customer experience. Reduce software development time and go to market faster. Impress end-users with customized installations. Simplify Virtualization and cloud-based deployments.

GitLab is a complete DevOps platform. With GitLab, you get a complete CI/CD toolchain out-of-the-box. One interface. One conversation. One permission model. GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate. GitLab helps teams accelerate software delivery from weeks to minutes, reduce development costs, and reduce the risk of application vulnerabilities while increasing developer productivity. Source code management enables coordination, sharing and collaboration across the entire software development team. Track and merge branches, audit changes and enable concurrent work, to accelerate software delivery. Review code, discuss changes, share knowledge, and identify defects in code among distributed teams via asynchronous review and commenting. Automate, track and report code reviews.

The Secure Universal Package Manager. Continuously govern and audit all packages in your DevOps lifecycle. Thousands of teams worldwide trust MyGet with their package management and governance. Accelerate your software team with cloud package management, robust security controls and easy continuous integration build services. MyGet is a Universal Package Manager that integrates with your existing source code ecosystem and enables end-to-end package management. Centralized package management delivers consistency and governance to your DevOps workflow. MyGet real-time software license detection tracks your teams’ package usage and detects dependencies across all of your packages. Customized usage policies ensure your teams are only using approved packages while reporting vulnerabilities and outdated packages early in your software build and release cycles.

Discover, package and test your apps in your browser. Cloud-based application packaging environment, created for application packaging professionals by application packaging professionals. The scalable, low-cost alternative to traditional thick client discovery & packaging tools. Flexible and easy-to-use environment to serve all your software packaging needs. Access everything needed to analyze, document, package, remediate and test Microsoft Win32 applications. Without the need for infrastructure or VPN, a low monthly subscription with nothing to install, maintain or configure. Apptimized Workspace is a comprehensive and instantly available packaging environment in the cloud that takes your packaging process and all related areas to a new efficiency level. Do more with Apptimized Workspace than with any existing toolset, straight out of the box.

With GitHub Packages, you can safely publish and consume packages within your organization or with the entire world. Use industry and community-standard package managers with native tooling commands. Then authenticate and publish directly to GitHub. Understand and safely install package contents. Get packages directly from the community on GitHub, and use only what’s been approved for your organization. Store your packages in the same secure environment as your source code, all protected by your GitHub credentials. With a full API and webhooks support, you can extend your workflows to work with GitHub Packages. GitHub Packages is built with the latest edge caching via a global CDN to deliver great performance, no matter where your builds run. Use Actions to automatically publish new package versions to GitHub Packages. Run your CI/CD with Actions, and install packages and images hosted on GitHub Packages or your preferred registry of record.

Fast, reliable, and secure software starts here. A unified, developer-friendly interface for all of your artifacts written in any language, delivered to any infrastructure. Ship securely and quickly knowing your packages are handled by packagecloud. Consistent package repositories, at enterprise scale and startup speed. A single API and CLI for every environment and package type. Works seamlessly and harmoniously with the systems you already use. Manage all of your packages and deploy to any environment, from one beautiful interface, on-premise or in the cloud. Packagecloud supports the most popular package types, from Java to Python to Ruby and Node, and more. Built for teams with collaboration and access control features. Packagecloud just works. Upload any supported package type via a single, consistent API and deploy with ease. We run thousands of tests to ensure correct and consistent behavior even in the face of bugs in the packaging systems themselves.

CloudRepo provides fully managed, cloud-based, private repositories. With CloudRepo, developers store and access Public and Private, Maven, and Python repositories in the cloud. CloudRepo stores your maven repositories across multiple physical servers reducing the probability of data loss & maven repository downtime due to hardware failure. We help reduce time and resources spent running unsecured & vulnerable maven repositories, which allows everyone to focus on developing more. Your team has completed all this developing to ultimately distribute your repositories. Use the Software Distribution feature to make sure your repositories get in the right hands.

Fully automated DevOps platform for distributing trusted software releases from code to production. Onboard DevOps projects with users, resources and permissions for faster deployment frequency. Fearlessly update with proactive identification of open source vulnerabilities and license compliance violations. Achieve zero downtime across your DevOps pipeline with High Availability and active/active clustering for your enterprise. Control your DevOps environment with out-of-the-box native and ecosystem integrations. Enterprise ready with choice of on-prem, cloud, multi-cloud or hybrid deployments that scale as you grow. Ensure speed, reliability and security of IoT software updates and device management at scale. Create new DevOps projects in minutes and easily onboard team members, resources and storage quotas to get coding faster.

Your code repository software is where you store your source code. This might be a Mercurial, Git, or SVN repository. Helix TeamHub can host your source code repository, whether it’s Mercurial, Git, or SVN. You can add multiple repositories in one project — or create a separate project for each repository. Helix TeamHub can host more than your code repositories. You can manage and maintain all of your software assets in one spot. This includes build artifacts (Maven, Ivy) and Docker container registries. It also includes private file sharing through WebDAV repositories for your other binary files. You can use Helix TeamHub on its own or alongside Helix Core to maintain a single source of truth across development teams via Helix4Git. For example, you can keep large binary files in Helix Core, then combine those files with Git assets from Helix TeamHub in a hybrid workspace to achieve high build performance.

Web sites are made of lots of things, frameworks, libraries, assets, and utilities. Bower manages all these things for you. Keeping track of all these packages and making sure they are up to date (or set to the specific versions you need) is tricky. Bower to the rescue! Bower can manage components that contain HTML, CSS, JavaScript, fonts, or even image files. Bower doesn’t concatenate or minify code or do anything else, it just installs the right versions of the packages you need and their dependencies. To get started, Bower works by fetching and installing packages from all over, taking care of hunting, finding, downloading, and saving the stuff you’re looking for. Bower keeps track of these packages in a manifest file, bower.json. How you use packages is up to you. Bower provides hooks to facilitate using packages in your tools and workflows. Bower is optimized for the front-end. If multiple packages depend on a package, jQuery, for example, Bower will download jQuery just once.

Chocolatey has the largest online registry of Windows packages. Chocolatey packages encapsulate everything required to manage a particular piece of software into one deployment artifact by wrapping installers, executables, zips, and/or scripts into a compiled package file. Package submissions go through a rigorous moderation review process, including automatic virus scanning. The community repository has a strict policy on malicious and pirated software. Many organizations face the ongoing challenge of deploying and supporting various versions of software. Chocolatey allows organizations to automate and simplify the management of their complex Windows environments. Our customers have experienced a massive reduction in effort, improved speed of deployment, high reliability, and comprehensive reporting. Reduce complexity, save yourself time, and get up to speed on the latest technologies and approaches.

Package and deploy software & configuration updates in seconds. Follow a 5-step wizard to package Genesys software and configuration into a portable package ready to be shared with colleagues, all from the comfort of a powerful dashboard. Deploy any shared package in a few clicks. Select the location, the package, the Genesys Application you want to update, optionally customize the deployment, and just click 'Go'. The whole process of downloading software, and updating the Genesys configuration is carried out automatically. The deployment didn't go to plan? Not to worry, just one click, and the old software and configuration are restored. The best is always saved for last. The deployment process comes with an automatic Runbook generator. In the blink of an eye, a step-by-step runbook is generated for the approval process, and for that, just in case something goes the wrong backup plan.

We're npm, Inc., the company behind Node package manager, the npm Registry, and npm CLI. We offer those to the community for free, but our day job is building and selling useful tools for developers like you. Get started today for free, or step up to npm Pro to enjoy a premium JavaScript development experience, with features like private packages. Bring the best of open source to you, your team, and your company. Relied upon by more than 11 million developers worldwide, npm is committed to making JavaScript development elegant, productive, and safe. The free npm Registry has become the center of JavaScript code sharing, and with more than one million packages, the largest software registry in the world. Our other tools and services take the Registry, and the work you do around it, to the next level. At npm, Inc., we're proud to dedicate teams of full-time employees to operating the npm Registry, enhancing the CLI, improving JavaScript security, and other projects.

Perforce version control — Helix Core — tracks and manages changes to your source code, digital assets, and large binary files. But it does so much more than that. Helix Core helps development teams move faster, even as they develop more complex products. And it provides a single source of truth across development. Contributors can sync their work into Helix Core from the tools they’re already using. Plus, Helix Core can handle everything. 10s of thousands of users. 10s of millions of daily transactions, 100s of terabytes of data. And 10,000+ concurrent commits. It can even deliver files quickly to remote users without the WAN wait. And it can be used on-premises or in the cloud. Spend less time dealing with tools and processes — and more time delivering value. Helix Core ensures that everyone is efficient. You'll get fast feedback, flexibility, and automation for faster builds. Stop wasting your developers’ time with manual workflows — and let them get back to coding.

Advanced Installer is a Windows installer authoring tool for installing, updating, and configuring your products safely, securely, and reliably. Businesses around the globe, large and small, save hundreds of hours and thousands of dollars by taking advantage of the expert knowledge built into Advanced Installer. User-friendly, completely GUI driven, with no scripts to learn, no databases to edit, and no XML to write. Save time to market. Develop with wizards, import existing IDE projects, and integrate them into automated build tools and source control systems. Hundreds of powerful features are ready to use with just a few mouse clicks. Tons of functionality is configurable for your installers. Fewer incidents due to improper installers. Enjoy reliable installers crafted with great attention to detail. Included updater, launcher, bootstrapper, trialware, serial validation, dialog editor, additional languages, and countless others.

Packagist is the main composer repository. It aggregates public PHP packages installable with Composer. Put a file named composer.json at the root of your project, containing your project dependencies. Packagist is the default Composer package repository. It lets you find packages and lets Composer know where to get the code from. You can use Composer to manage your project or libraries' dependencies. First of all, you must pick a package name. This is a very important step since it can not change and it should be unique enough to avoid conflicts in the future. The package name consists of a vendor name and a project name joined by a/. The vendor name exists to prevent naming conflicts. The composer.json file should reside at the top of your package's git/svn/ repository and is the way you describe your package to both packagist and composer. New versions of your package are automatically fetched from tags you create in your VCS repository.

Gemfury is a hosted repository for your public and private packages, where they are safe and within reach. Install them to any machine in minutes without worrying about running and securing your own repository server. Gemfury works with RubyGems, Python packages, npm modules, and all compatible frameworks and services. Authenticated Repo-URL keeps your private packages safe and secure during deployment. All management and deployment is done over SSL. Do everything you need with just a few terminal commands. We are hackers and love the command line; this one is our favorite. Gemfury is designed for teams. Share your account with coworkers and let them easily access your packages. Gemfury works with RubyGems, Python packages, npm modules, and all compatible frameworks and services. Install and use your code anywhere. Seamless integration and secure installation. Collaborate with your team.

Create native MSIX packages, build clean installs, and build installations in the cloud with InstallShield from Revenera. Consistent and reliable installs. Every time. With InstallShield, you’ll adapt to industry changes quickly, get to market faster and deliver an engaging customer experience. Revenera InstallShield (formerly Flexera InstallShield) is the fastest easiest way to build Windows installers and MSIX packages and create installations directly within Microsoft Visual Studio. Configure install conditions to specifically target Windows 11 and Windows Server 2022. Install files to native ARM locations on Windows 10 running on ARM machines. Easily move your build infrastructure to the cloud by connecting to Revenera’s Cloud License Server. Build one-click installers that are more modern than ever and refreshingly simple. Configure pre-requisites to install third-party packages from Microsoft’s Windows Package Manager.

A task-based, software configuration management solution that brings together global, distributed development teams on a unified platform. IBM® Rational® Synergy is a task-based, software configuration management (SCM) solution that brings together global, distributed development teams on a unified platform. It provides capabilities that help software and systems development teams work and collaborate faster and easier. IBM Rational Synergy helps software delivery teams manage the complexity of global collaboration and boosts overall productivity. Software changes and tasks are synchronized in real-time, so dispersed teams can collaborate in a cohesive fashion over the global delivery framework. High-performance WAN access allows distributed teams to carry out operations at LAN-like speeds, reducing the overhead of having multiple servers. The single SCM repository manages all artifacts related to software development, including source code, documents, and more.

Your setups are immune to corrupted Windows Installer stacks on target systems (which would cause your setups to fail through no fault of your own), and best of all, you get to switch between native code and Windows Installer setup engines at runtime, as often as you need! When you use the native code setup engine, InstantInstall Acceleration delivers setups that install an order of magnitude faster compared to all other Windows installers. InstallAware Developer is a powerful software installation solution for Windows Installer that enables MSIcode scripting for rapid setup development without the high cost and steep learning curve of other setup solutions. InstallAware effortlessly bridges Win32, Win64, and .NET apps to the Windows Store, creating a Universal Windows app from a customizable template and helping your end-users download your apps directly from the Windows Store.

Codeberg is a collaboration platform and git hosting for free and open source software, content and projects. Independent and powered by your donations and contributions - consider joining the non-profit association Codeberg e. V. to further support our mission and receive your vote! All services run on servers under our control, no dependencies on external services and no third party cookies, no tracking. While all successful software tools that enabled this development were contributed by the Free and Open Source Software community, commercial for-profit platforms dominate the hosting of the results of our collaborative work. This has led to the paradox that literally millions of volunteers create, collect, and maintain invaluable knowledge, documentation, and software, to feed closed platforms driven by commercial interests, whose program is neither visible nor controllable from outside.

Cloudsmith is a Software-as-a-Service (SaaS) platform that acts as the single source of truth for software everywhere. We help organisations reliably manage the dependencies, deployment and distribution of their software stack in one centralised place, ensuring their software supply chain remains secure. We are here to empower teams to deliver software faster, without restrictions of managing different asset types, while remaining scalable and cost-efficient. From source to delivery — with complete trust, control, and security.

Alkemist:Code, our patented product is a built-in, virtually unbreakable threat immunization code that’s integrated literally at the source, the “build” stage of your pipeline! Prevent attackers from taking control of your software. Stop existing vulnerabilities from spreading across multiple devices. Alkemist actively prevents common techniques attackers typically use to gain control. Supports Linux, Windows, and RTOS-based applications and firmware running on Intel, ARM, and PPC chipsets. Alkemist:Repo allows you to download pre-hardened open-source packages where security protections are already applied. Alkemist:Repo is easy to deploy. Download pre-hardened open source packages from RunSafe’s repository. Protect open-source software and dramatically reduce your attack surface. Every open-source package contains software vulnerabilities, leaving you exposed to cyber-attacks and often consuming resources for scanning, testing, and patching.

The Azure Storage platform is Microsoft's cloud storage solution for modern data storage scenarios. Azure Storage offers highly available, massively scalable, durable, and secure storage for a variety of data objects in the cloud. Azure Storage data objects are accessible from anywhere in the world over HTTP or HTTPS via a REST API. Azure Storage also offers client libraries for developers building applications or services with .NET, Java, Python, JavaScript, C++, and Go. Developers and IT professionals can use Azure PowerShell and Azure CLI to write scripts for data management or configuration tasks. The Azure portal and Azure Storage Explorer provide user-interface tools for interacting with Azure Storage. Durable and highly available. Redundancy ensures that your data is safe in the event of transient hardware failures. You can also opt to replicate data across data centers or geographical regions for additional protection from local catastrophes or natural disasters.

NuGet is the package manager for .NET. The NuGet client tools provide the ability to produce and consume packages. The NuGet Gallery is the central package repository used by all package authors and consumers. New to NuGet? Start with a walkthrough showing how NuGet powers your .NET development. Browse the thousands of packages that developers like you have created and shared with the .NET community. Want to make your first NuGet package and share it with the community? Start with our walkthrough! The command-line tool, nuget.exe, builds and runs under Mono 3.2+ and can create packages in Mono. Although nuget.exe works fully on Windows, there are known issues with Linux and OS X. The primary source for learning about a package is its listing page on NuGet (or another private feed). Each package page on NuGet includes a description of the package, its version history, and usage statistics.

Phylum defends applications at the perimeter of the open-source ecosystem and the tools used to build software. Its automated analysis engine scans third-party code as soon as it’s published into the open-source ecosystem to vet software packages, identify risks, inform users and block attacks. Think of Phylum like a firewall for open-source code. Phylum’s database of open-source software supply chain risks is the most comprehensive and scalable offering available, and can be deployed throughout the development lifecycle depending on an organization’s infrastructure and appsec program maturity: in front of artifact repository managers, directly with package managers or in CI/CD pipelines. The Phylum policy library allows users to toggle on the blocking of critical vulnerabilities, attacks like typosquats, obfuscated code and dependency confusion, copyleft licenses, and more. Users can also leverage OPA to create custom policies.

Increase your open source security posture with automated best practices, with a unified workflow for security and developer teams. The cloud-native security platform reduces risk and protects revenue, without slowing down developers. The dependency firewall quarantines malicious open source before reaching developers and infrastructure, protecting data, assets, and company reputation. Our policy engine evaluates threat signals such as known vulnerabilities, license information, and customer-defined rules. Having insight into what open-source components are used in applications is crucial to avoid exploitable vulnerabilities. Software Composition Analysis (SCA) and dashboard reporting give stakeholders a holistic overview with immediate insights into the current situation. Discover when new open-source licenses are introduced in the codebase. Automatically track license compliance issues and restrict problematic or unlicensed packages.

Oracle Cloud Infrastructure Container Registry is an open standards-based, Oracle-managed Docker registry service for securely storing and sharing container images. Engineers can easily push and pull Docker images with the familiar Docker Command Line Interface (CLI) and API. To support container lifecycles, Registry works with Container Engine for Kubernetes, Identity and Access Management (IAM), Visual Builder Studio, and third-party developer and DevOps tools. Work with Docker images and container repositories using familiar Docker CLI commands and Docker HTTP API V2. Oracle takes care of operating and patching the service, so that developers can focus on building and deploying containerized applications. Built using object storage, Container Registry provides data durability and high service availability with automatic replication across fault domains. Oracle does not charge separately for the service. Users pay only for the associated storage and network resources they consume.

Ensure the security of your code and open sources. Identify externally reachable data flows and vulnerabilities for effective risk mitigation. By identifying genuine attack paths to reachable code, we enable you to fix only the code and open-source software that is truly in use and reachable. Avoid unnecessary overloading of development teams with irrelevant vulnerabilities. Prioritize risk mitigation efforts more effectively, ensuring a focused and efficient security approach. Reduce the noise CSPM, CNAPP, and other runtime tools create by removing unreachable packages before running your applications. Meticulously analyze your software components and dependencies, identifying any known vulnerabilities or outdated libraries that could pose a threat. Backslash analyzes both direct and transitive packages, ensuring 100% reachability coverage. It outperforms existing tools that solely focus on direct packages, accounting for only 11% of packages.

Automatically eliminate unused software components and deploy smaller, faster, more secure workloads. RapidFort drastically reduces vulnerability and patch management queues so that developers can focus on building. By eliminating unused container components, RapidFort enhances production workload security and saves developers from unnecessarily patching and maintaining unused code. RapidFort profiles containers to understand what components are needed to run. Run your containers as normal in any environment, dev, test, or prod. Use any container deployment, including Kubernetes, Docker Compose, Amazon EKS, and AWS Fargate. RapidFort then identifies which packages you must keep, enabling you to remove unused packages. Typical improvements are in the 60% to 90% range. RapidFort also provides the option to build and customize remediation profiles, allowing you to pick and choose what to retain or remove.

This module is currently not in development. We are no longer accepting any pull requests to this repository. OneGet is in a stable state and is expected to receive only high-priority bug fixes from Microsoft in the future. If you have a question or are seeing an unexpected behavior from this module please open up an issue in this repository. PackageManagement is supported in Windows, Linux and MacOS now. We periodically make binary drops to PowerShellCore, meaning PackageManagement is a part of PowerShell Core releases.

Boman.ai can be integrated in your CI/CD pipeline with few commands and minimum configuration. No planning or expertise is needed. Boman.ai brings SAST, DAST, SCA, and secret scans all packaged in one integration. It can support multiple development languages. Boman.ai minimizes your application security expenses by utilizing open-source scanners. You don’t need to buy expensive application security tools. Boman.ai is powered by AI/ML that removes false positives and correlates results to help you in prioritization and fixes. The SaaS platform presents a dashboard for all your scan results in one place. Correlate the results and get insights for better application security. Manage vulnerabilities reported by the scanner. The platform helps to prioritize, triage, and remediate vulnerabilities.

Tripwire® IP360 gives users complete visibility into their networks, both on-premises and in the cloud, including all devices and their associated operating systems, applications, and vulnerabilities. You can't manage what you can't see. Discover and profile every device and software component on your network across your hybrid environment, including on-premises, cloud, and container-based assets. Locate previously undetected assets using both agentless and agent-based scans. Well-known vulnerabilities are behind the majority of breaches. You can prevent most breaches by fixing vulnerabilities before they’re exploited using a VM solution that reaches every part of your environment. Tripwire IP360’s open APIs let you integrate vulnerability management with help desk and asset management solutions.

Enterprise vulnerability management software. Vulnerability Manager Plus is an integrated threat and vulnerability management software that delivers comprehensive vulnerability scanning, assessment, and remediation across all endpoints in your network from a centralized console. Scan and discover exposed areas of all your local and remote office endpoints as well as roaming devices. Leverage attacker-based analytics, and prioritize areas that are more likely to be exploited by an attacker. Mitigate the exploitation of security loopholes that exist in your network and prevent further loopholes from developing. Assess and prioritize vulnerabilities based on exploitability, severity, age, affected system count, as well as the availability of the fix. Download, test, and deploy patches automatically to Windows, Mac, Linux, and over 250 third-party applications with an integral patching module—at no additional cost.

Know what actions to take in seconds. Accelerate remediation activities for the most important vulnerability exposure points across your attack surface, infrastructure, applications, and development frameworks. Full-stack visibility of application risk exposure from development to production. Unify all application scan data (SAST, DAST, OSS, and Container) to locate code exposures and prioritize remediation. The easiest tool to explore authoritative vulnerability threat intelligence. Access research from the highest fidelity of sources and industry-leading exploit writers. Make fact-based decisions using continuous updates to vulnerability risk and impact. Actionable Vulnerability Security Research and Information to help you stay informed about the changing risks and exposure that vulnerabilities pose to all organizations. Clarity in minutes without needing to learn security details.

Develop more efficiently with Functions, an event-driven serverless compute platform that can also solve complex orchestration problems. Build and debug locally without additional setup, deploy and operate at scale in the cloud, and integrate services using triggers and bindings. End-to-end development experience with integrated tools and built-in DevOps capabilities. Integrated programming model to respond to events and seamlessly connect to other services. Implement a variety of functions and scenarios, such as web apps and APIs with .NET, Node.js, or Java; machine learning workflows with Python; and cloud automation with PowerShell. Get a complete serverless application development experience—from building and debugging locally to deploying and monitoring in the cloud.

A Kubernetes open-source platform providing developers and DevOps an end-to-end security solution, including risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning. Kubescape scans K8s clusters, Kubernetes manifest files (YAML files, and HELM charts), code repositories, container registries and images, detecting misconfigurations according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CK®), finding software vulnerabilities, and showing RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline. It calculates risk scores instantly and shows risk trends over time. Kubescape has became one of the fastest-growing Kubernetes security compliance tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins precious time, effort, and resources.

Support for GitHub, GitHub Enterprise, Bitbucket, GitLab, Azure Repos, Kiln, Gitea, and custom repos. Configure builds in versioned YAML or UI. Isolated, clean build environment for every build. Built-in deployment and NuGet server. Branch and PR builds to support your development workflow. Professional support and vibrant community. We provide continuous integration tools for Windows developers. The service is offered for free to open-source projects, we offer subscriptions for private projects and AppVeyor Enterprise installations on customer premises. Build, test, and deploy your apps faster, on any platform. Start in minutes, works with any source control, fast build VMs with admin/sudo access. Multi-stage deployments and Windows, Linux, and macOS support. Install in minutes on Windows, Linux, or Mac. Run unlimited pipelines locally, in Docker, or in any cloud. Free for unlimited users, projects, jobs, clouds, and agents.

Stop targeted attacks with Airlock Allowlisting and Execution Control. Airlock has been purpose-built to perform application allowlisting at scale, making allowlisting simple in complex and changing enterprise environments. Creating, deploying, and managing application allowlists with Airlock is fast, enabling organizations to become secure and compliant, sooner. Airlock supports execution control of all binary files (executables / dll’s) including scripts (PowerShell, VBScript, MSI, JavaScript, Batch Files & HTML executables) Airlock partners with ReversingLabs to help determine which files are safe to add to the allowlist. This service will also automatically identify any malicious and suspicious files inside your environment. Airlock does not compromise on security through efficiency. Airlock enforces allowlisting in compliance with all requirements in multiple security standards. Airlock delivers an easy-to-use, secure, and effective execution control solution for businesses.

Connect to Azure using an authenticated, browser-based shell experience that’s hosted in the cloud and accessible from virtually anywhere. Azure Cloud Shell is assigned per unique user account and automatically authenticated with each session. Azure Cloud Shell gives you the flexibility of choosing the shell experience that best suits the way you work. Both Bash and PowerShell experiences are available. Microsoft routinely maintains and updates Cloud Shell, which comes equipped with commonly used CLI tools including Linux shell interpreters, PowerShell modules, Azure tools, text editors, source control, build tools, container tools, database tools, and more. Cloud Shell also includes language support for several popular programming languages such as Node.js, .NET, and Python. Use common tools and programming languages in a shell that's updated and maintained by Microsoft.

Solr is highly reliable, scalable and fault tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, centralized configuration and more. Solr powers the search and navigation features of many of the world's largest internet sites. Solr enables powerful matching capabilities including phrases, wildcards, joins, grouping and much more across any data type. Solr is proven at extremely large scales the world over. Solr uses the tools you use to make application building a snap. Solr ships with a built-in, responsive administrative user interface to make it easy to control your Solr instances. Need more insight into your instances? Solr publishes loads of metric data via JMX. Built on the battle-tested Apache Zookeeper, Solr makes it easy to scale up and down. Solr bakes in replication, distribution, rebalancing and fault tolerance out of the box.

ScanFactory is an Attack Surface Management & Continuous Automated Vulnerability Assessment Platform that provides realtime security monitoring across all external assets of a company by enumerating & scanning its entire network infrastructure utilizing 15+ most trusted community-backed security tools & extensive database of exploits. Its vulnerability scanner stealthily performs a deep & continuous reconnaissance to map your entire external attack surface & are extended with handpicked top-rated premium plugins, custom wordlists & plethora of vulnerability signatures. Its dashboard can be used to discover & review all vulnerabilities sorted by CVSS & has enough information to understand, replicate & remediate the issue. It also has capability to export alerts to Jira, TeamCity, Slack & WhatsApp.