93 Integrations with SonarQube Server
View a list of SonarQube Server integrations and software that integrates with SonarQube Server below. Compare the best SonarQube Server integrations as well as features, ratings, user reviews, and pricing of software that integrates with SonarQube Server. Here are the current SonarQube Server integrations in 2026:
-
1
Cortex
Cortex
Cortex is the Engineering Operations Platform that enables organizations to continuously improve their operational maturity and reduce developer friction. With centralized visibility, clear ownership, automated Scorecards, and golden paths, we help engineering organizations operate as one. Our customers – from startups to Fortune 100 enterprises – create a culture of engineering excellence, reducing incidents by 30% and improving MTTR by 50%, all while making it easier for developers to focus on building. • Within minutes, determine who owns each service with Cortex’s AI service ownership model across thousands of repositories. • Standardize golden paths using Workflows, enabling teams to scaffold new services & provision infrastructure in minutes. • Consistently uphold best practices and standards across your organization with automated Scorecards and targeted Initiatives. • Make informed, impactful actions based on real-time insights. -
2
Parasoft
Parasoft
Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and compliant software by integrating everything from deep code analysis and unit testing to UI and API testing, plus service virtualization and complete code coverage, into the delivery pipeline. A powerful unified C and C++ test automation solution for static analysis, unit testing and structural code coverage, Parasoft C/C++test helps satisfy compliance with industry functional safety and security requirements for embedded software systems.Starting Price: $35/user/mo -
3
Docker
Docker
Docker takes away repetitive, mundane configuration tasks and is used throughout the development lifecycle for fast, easy and portable application development, desktop and cloud. Docker’s comprehensive end-to-end platform includes UIs, CLIs, APIs and security that are engineered to work together across the entire application delivery lifecycle. Get a head start on your coding by leveraging Docker images to efficiently develop your own unique applications on Windows and Mac. Create your multi-container application using Docker Compose. Integrate with your favorite tools throughout your development pipeline, Docker works with all development tools you use including VS Code, CircleCI and GitHub. Package applications as portable container images to run in any environment consistently from on-premises Kubernetes to AWS ECS, Azure ACI, Google GKE and more. Leverage Docker Trusted Content, including Docker Official Images and images from Docker Verified Publishers.Starting Price: $7 per month -
4
Kubernetes
Kubernetes
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community. Designed on the same principles that allows Google to run billions of containers a week, Kubernetes can scale without increasing your ops team. Whether testing locally or running a global enterprise, Kubernetes flexibility grows with you to deliver your applications consistently and easily no matter how complex your need is. Kubernetes is open source giving you the freedom to take advantage of on-premises, hybrid, or public cloud infrastructure, letting you effortlessly move workloads to where it matters to you.Starting Price: Free -
5
Jenkins
Jenkins
The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. As an extensible automation server, Jenkins can be used as a simple CI server or turned into the continuous delivery hub for any project. Jenkins is a self-contained Java-based program, ready to run out-of-the-box, with packages for Windows, Linux, macOS and other Unix-like operating systems. Jenkins can be easily set up and configured via its web interface, which includes on-the-fly error checks and built-in help. With hundreds of plugins in the Update Center, Jenkins integrates with practically every tool in the continuous integration and continuous delivery toolchain. Jenkins can be extended via its plugin architecture, providing nearly infinite possibilities for what Jenkins can do. Jenkins can easily distribute work across multiple machines, helping drive builds, tests and deployments across multiple platforms faster. -
6
Oobeya
Oobeya
Oobeya is an engineering intelligence platform that helps software development teams accelerate their value delivery performance. Oobeya works with code repositories, issue tracking, testing, application performance monitoring (APM), and incident management tools to measure engineering metrics, like cycle time, lead time, sprint planning accuracy, pull request metrics, and value stream metrics (VSM), and DevOps DORA metrics. Oobeya's goal is to help software engineering teams to make a shift from an intuition-driven approach to a data-driven approach by plugging into the SDLC toolset. Oobeya connects to Git repositories like GitHub, GitLab, Bitbucket, Azure DevOps, issue tracking systems like Jira and Azure Boards, and CI/CD platforms like Github Actions, GitLab CI, Azure Pipelines, and Jenkins.Starting Price: $12 per dev / month -
7
AWS CloudFormation
Amazon
AWS CloudFormation is a infrastructure provisioning and management tool that provides you the ability to create resource templates that specifies a set of AWS resources to provision. The templates allow you to version control your infrastructure, and also easily replicate your infrastructure stack quickly and with repeatability. Define an Amazon Virtual Private Cloud (VPC) subnet or provisioning services like AWS OpsWorks or Amazon Elastic Container Service (ECS) with ease. Run anything from a single Amazon Elastic Compute Cloud (EC2) instance to a complex multi-region application. Automate, test, and deploy infrastructure templates with continuous integration and delivery (CI/CD) automation. AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code. Speed up cloud provisioning with infrastructure as code.Starting Price: $0.0009 per handler operation -
8
Nucleus
Nucleus
Nucleus is redefining the vulnerability management software category as the single source of record for all assets, vulnerabilities, and associated data. We unlock the value you’re not getting from existing tools and place you squarely on the path to program maturity by unifying the people, processes, and technology involved in vulnerability management. With Nucleus, you receive unmatched visibility into your program and a suite of tools with functionality that simply can’t be replicated in any other way. Nucleus is the single shift-left tool that unifies development and security operations. It unlocks the value you’re not getting out of your existing tools and puts you on the path to unifying the people, processes, and technology involved in addressing vulnerabilities and code weaknesses. With Nucleus, you’ll get unmatched pipeline integration, tracking, triage, automation and reporting capabilities and a suite of tools with functionality.Starting Price: $10 per user per year -
9
Java
Oracle
The Java™ Programming Language is a general-purpose, concurrent, strongly typed, class-based object-oriented language. It is normally compiled to the bytecode instruction set and binary format defined in the Java Virtual Machine Specification. In the Java programming language, all source code is first written in plain text files ending with the .java extension. Those source files are then compiled into .class files by the javac compiler. A .class file does not contain code that is native to your processor; it instead contains bytecodes — the machine language of the Java Virtual Machine1 (Java VM). The java launcher tool then runs your application with an instance of the Java Virtual Machine.Starting Price: Free -
10
Claude Code
Anthropic
Claude Code is an AI-powered coding agent designed to work directly inside your existing development environment. It goes beyond simple autocomplete by understanding entire codebases and helping developers build, debug, refactor, and ship features faster. Developers can interact with Claude Code from the terminal, IDEs, Slack, or the web, making it easy to stay in flow without switching tools. By describing tasks in natural language, users can let Claude handle code exploration, modifications, and explanations. Claude Code can analyze project structure, dependencies, and architecture to onboard developers quickly. It integrates with common command-line tools, version control systems, and testing workflows. This makes it a powerful companion for both individual developers and teams working on complex software projects.Starting Price: $20/month -
11
Python
Python
The core of extensible programming is defining functions. Python allows mandatory and optional arguments, keyword arguments, and even arbitrary argument lists. Whether you're new to programming or an experienced developer, it's easy to learn and use Python. Python can be easy to pick up whether you're a first-time programmer or you're experienced with other languages. The following pages are a useful first step to get on your way to writing programs with Python! The community hosts conferences and meetups to collaborate on code, and much more. Python's documentation will help you along the way, and the mailing lists will keep you in touch. The Python Package Index (PyPI) hosts thousands of third-party modules for Python. Both Python's standard library and the community-contributed modules allow for endless possibilities.Starting Price: Free -
12
OpenAI Codex
OpenAI
Codex is an AI-powered coding agent from OpenAI designed to help developers build, manage, and ship software more efficiently across the entire development lifecycle. It acts as an intelligent pair programmer that can understand codebases, generate features, and deliver production-ready pull requests. Codex can safely execute commands in sandboxed environments while assisting with debugging, refactoring, and testing. A key advancement is its computer use capability, allowing it to operate your computer by seeing, clicking, and typing across applications. This enables Codex to interact with tools that don’t have APIs, making it useful for tasks like frontend testing and app navigation. The platform also includes an in-app browser and integrations with various developer tools for a more unified workflow. Codex supports automation by handling ongoing tasks such as monitoring, issue triage, and follow-ups. -
13
CodeScene
CodeScene
CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality. We enable software development teams to make confident, data-driven decisions that fuel performance and developer productivity. Supporting 28+ programming languages, CodeScene also offers an automated integration with GitHub, BitBucket, Azure DevOps or GitLab pull requests to incorporate the analysis results into existing delivery workflows. Automate your code reviews, get early warnings and recommendations about complex code before merging it to the main branch and set quality gates to trigger in case your code health declines.Starting Price: €18 per active author/month -
14
Opsera
Opsera
You choose your tools, we take care of the rest. Put together the perfect CI/CD stack that fits your organization’s goals with zero vendor lock-in. Eliminate manual scripts and stop building toolchain automation. Free your engineers to focus on your core business. Pipeline workflows follow a declarative model so you focus on what is required — not how it’s accomplished — including: software builds, security scans, unit testing, and deployments. With Blueprints, diagnose any failures from within Opsera using a console output of every step of your pipeline execution. Comprehensive software delivery analytics across your CI/CD process in a unified view — including Lead Time, Change Failure Rate, Deployment Frequency, and Time to Restore. Contextualized logs for faster resolution and improved auditing and compliance.Starting Price: $3.60 per user , Min 300 devs -
15
JupiterOne
JupiterOne
JupiterOne is a cyber asset analysis platform every modern security team needs to collect and transform asset data into actionable insights to secure their attack surface. JupiterOne was created to make security as simple as asking a question and getting the right answer back, with context, to make the right decision. With JupiterOne, organizations are able to see all asset data in a single place, improve confidence in choosing their priorities and optimize the deployment of their existing security infrastructure.Starting Price: $2000 per month -
16
Faros AI
Faros AI
Faros AI connects the dots between your engineering data sources – ticketing, source control, CI/CD, and more – giving unprecedented visibility and insight into your engineering processes. Be amazed at what you can achieve with Faros AI. With Faros AI, engineering leaders can scale their operations in a more data-informed way — using data to identify bottlenecks, measure progress towards organizational goals, better support teams with the right resources, and accurately assess the impact of interventions over time. DORA Metrics come standard in Faros AI, and the platform is extensible to allow organizations to build their own custom dashboards and metrics so they can get deep insights into their engineering operations and take intelligent action in a data-driven manner. Leading organizations including Box, Coursera, GoFundMe, Astronomer, Salesforce, etc. trust Faros AI as their engops platform of choice. -
17
ThreadFix
Denim Group
ThreadFix 3.0 provides a comprehensive view of your risk from applications and their supporting infrastructure. Skip the spreadsheets and PDFs forever. From Application Security Managers to CISOs, ThreadFix helps increase efficiency across teams and provides powerful reporting to upper management. Explore the powerful benefits of ThreadFix, the industry leading application vulnerability management platform. Automatically consolidate, de-duplicate, and correlate vulnerabilities in applications to the infrastructure assets that support them using results from commercial and open source application and network scanning tools. Knowing which vulnerabilities exist is important, but it’s just a start. With ThreadFix, you will quickly spot vulnerability trends and make smart remediation decisions based on data in a centralized view. When vulnerabilities are discovered, it can be tough to go back and fix them.Starting Price: $2000 per month -
18
Plandek
Plandek
Plandek is an intelligent analytics platform that empowers software engineering teams and leaders to deliver value faster and more predictably. Celebrated by Gartner and Forrester as a 'leading global vendor', Plandek mines data from delivery teams’ toolsets and gives them the opportunity to optimise their delivery process using both intelligent insights and predictive analytics. Co-founded in 2017 by Dan Lee (founder of Globrix) and Charlie Ponsonby (founder of Simplifydigital), Plandek is based in London and currently services the UK, Europe, the Middle East and North America.Starting Price: $1900 per month -
19
Merico
Merico
Old analytics measure surface level signals. Merico directly analyzes the code, measuring what matters with deep program analysis. Engineering performance is challenging to measure. Few companies try, most that do use inaccurate and misleading signals, while missing hidden opportunities for recognition, improvement, and advancement. Until now, analytics and evaluation tools have focused on superficial metrics to assess quality and productivity. Developers know this isn't the right way. This is why we built Merico. With commit-level analysis, your team get the insights they need directly from the codebase. With Merico the information is immune to the inaccuracies that can be generated from measuring processes. With a direct relationship to the code, developers can improve, prioritize, and evolve with specifity. With Merico, teams can create clear shared goals, while tracking progress, productivity, and quality with practical benchmarks.Starting Price: $2.50 per month -
20
flex
flex
Improving work efficiency and employee experience through the digital transformation of HR. With flex, the company's HR is renewed. Fast-growing companies use flex. Companies that use flex grow quickly. View carefully selected data from over 20 items at a glance on the Insights dashboard. Conveniently manage HR information scattered here and there in flex. From autonomous time and attendance management with automatic work records to strict time and attendance management with IP setting and commute button. No more cumbersome annual leave. From granting to extinction to the promotion of annual leave use, everything is easy. Conveniently, anywhere with mobile app and Slack integration. Experience the automatic payroll settlement system linked to work records and personnel information. Now, there is no mistake in salary calculation. There is no need for separate issuance or transmission.Starting Price: $5.87 per month -
21
Kaholo
Kaholo
Scriptless CI/CD Automation for On-Demand Developer Portals Kaholo is a low-code IT workflow automation tool that empowers Developers to quickly self-serve environments and automate their workflows while giving Operators full visibility and control over compliance, security, and cloud costs. Key Capabilities: - Drag and drop low-code CI/CD pipelines - 150+ pre-built plugins that interact with external resources that anyone can use without proprietary knowledge, or custom-build your own - Orchestrate your existing CI/CD toolset to avoid the inefficient route of rip and replace - Extensive access permissions allow developers to safely work with and execute pipelines autonomously - Automate provisioning, testing, security scans, builds, deployments with various rollout strategies, rollbacks, cleanups, updates, troubleshooting, remediations, migrations, and more. - Integrations with all cloud providers as well on-prem environmentsStarting Price: $99 per month -
22
configure8
configure8
configure8 is an internal developer portal that helps helps your developers move faster and build better software with self-serve access to the knowledge and functionality they need. Our solution features a universal catalog that easily organizes all of the sociotechnical knowledge about your team and applications, services, environments, and resources. Customize the data model to integrate any tool and present custom views and calculations. Easy to set-up and maintain, and delivers value. configure8 uses knowledge in the universal catalog to power Scorecards and Self-Serve Actions. Scorecards by configure8 feature the largest library of pre-built checks and the ability to scorecard any custom data as well as create standards tripwires. Self-Serve Actions feature dynamic forms that are contextually aware to minimize developer cognitive load for day 2 operations. We even offer starter templates + custom actions. Deploy on-prem or use our SaaS hosted version. White glove supportStarting Price: $19/month per user -
23
CSS
CSS
CSS, short for Cascading Style Sheets, is a style sheet language used by web developers to structure the HTML and other elements of a website. CSS is one of the most widely used languages on the web. For style sheets to work, it is important that your markup be free of errors. A convenient way to automatically fix markup errors is to use the HTML Tidy utility. This also tidies the markup making it easier to read and easier to edit. I recommend you regularly run Tidy over any markup you are editing. Tidy is very effective at cleaning up markup created by authoring tools with sloppy habits. Each style property starts with the property's name, then a colon and lastly the value for this property. When there is more than one style property in the list, you need to use a semicolon between each of them to delimit one property from the next.Starting Price: Free -
24
PHP
PHP
Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world. The PHP development team announces the immediate availability of PHP 8.0.20. When using the PHP.net website, there is even no need to get to a search box to access the content you would like to see quickly. You can use short PHP.net URLs to access pages directly.Starting Price: Free -
25
Visual Basic
Microsoft
Visual Basic is an object-oriented programming language developed by Microsoft. Using Visual Basic makes it fast and easy to create type-safe .NET apps. Visual Basic focuses on supplying more of the features of the Visual Basic Runtime (microsoft.visualbasic.dll) to .NET Core and is the first version of Visual Basic focused on .NET Core. Many portions of the Visual Basic Runtime depend on WinForms and these will be added in a later version of Visual Basic. .NET is a free, open-source development platform for building many kinds of apps. With .NET, your code and project files look and feel the same no matter which type of app you're building. You have access to the same runtime, API, and language capabilities with each app. A Visual Basic program is built up from standard building blocks. A solution comprises one or more projects. A project in turn can contain one or more assemblies. Each assembly is compiled from one or more source files.Starting Price: Free -
26
Swift
Apple
Writing Swift code is interactive and fun, the syntax is concise yet expressive, and Swift includes modern features developers love. Swift code is safe by design and produces software that runs lightning-fast. Swift is the result of the latest research on programming languages, combined with decades of experience building Apple platforms. Named parameters are expressed in a clean syntax that makes APIs in Swift even easier to read and maintain. Even better, you don’t even need to type semi-colons. Inferred types make code cleaner and less prone to mistakes, while modules eliminate headers and provide namespaces. To best support international languages and emoji, Strings are Unicode-correct and use a UTF-8 based encoding to optimize performance for a wide-variety of use cases. You can even write concurrent code with simple, built-in keywords that define asynchronous behavior, making your code more readable and less error-prone.Starting Price: Free -
27
Ruby
Ruby Language
Wondering why Ruby is so popular? Its fans call it a beautiful, artful language. And yet, they say it’s handy and practical. Since its public release in 1995, Ruby has drawn devoted coders worldwide. In 2006, Ruby achieved mass acceptance. With active user groups formed in the world’s major cities and Ruby-related conferences filled to capacity. Ruby-Talk, the primary mailing list for discussion of the Ruby language, climbed to an average of 200 messages per day in 2006. It has dropped in recent years as the size of the community pushed discussion from one central list into many smaller groups. Ruby is ranked among the top 10 on most of the indices that measure the growth and popularity of programming languages worldwide (such as the TIOBE index). Much of the growth is attributed to the popularity of software written in Ruby, particularly the Ruby on Rails web framework.Starting Price: Free -
28
TypeScript
TypeScript
TypeScript adds additional syntax to JavaScript to support a tighter integration with your editor. Catch errors early in your editor. TypeScript code converts to JavaScript, which runs anywhere JavaScript runs: In a browser, on Node.js or Deno and in your apps. TypeScript understands JavaScript and uses type inference to give you great tooling without additional code. TypeScript was used by 78% of the 2020 State of JS respondents, with 93% saying they would use it again. The most common kinds of errors that programmers write can be described as type errors: a certain kind of value was used where a different kind of value was expected. This could be due to simple typos, a failure to understand the API surface of a library, incorrect assumptions about runtime behavior, or other errors.Starting Price: Free -
29
Scala
Scala
Scala combines object-oriented and functional programming in one concise, high-level language. Scala's static types help avoid bugs in complex applications, and its JVM and JavaScript runtimes let you build high-performance systems with easy access to huge ecosystems of libraries. The Scala compiler is smart about static types. Most of the time, you need not tell it the types of your variables. Instead, its powerful type inference will figure them out for you. In Scala, case classes are used to represent structural data types. They implicitly equip the class with meaningful toString, equals and hashCode methods, as well as the ability to be deconstructed with pattern matching. In Scala, functions are values, and can be defined as anonymous functions with a concise syntax.Starting Price: Free -
30
Go
Golang
With a strong ecosystem of tools and APIs on major cloud providers, it is easier than ever to build services with Go. With popular open source packages and a robust standard library, use Go to create fast and elegant CLIs. With enhanced memory performance and support for several IDEs, Go powers fast and scalable web applications. With fast build times, lean syntax, an automatic formatter and doc generator, Go is built to support both DevOps and SRE. Everything there is to know about Go. Get started on a new project or brush up for your existing Go code. An interactive introduction to Go in three sections. Each section concludes with a few exercises so you can practice what you've learned. The Playground allows anyone with a web browser to write Go code that we immediately compile, link, and run on our servers.Starting Price: Free -
31
kcov
kcov
Kcov is a FreeBSD/Linux/OSX code coverage tester for compiled languages, Python and Bash. Kcov was originally a fork of Bcov, but has since evolved to support a large feature set in addition to that of Bcov. Kcov, like Bcov, uses DWARF debugging information for compiled programs to make it possible to collect coverage information without special compiler switches.Starting Price: Free -
32
JaCoCo
EclEmma
JaCoCo is a free code coverage library for Java, which has been created by the EclEmma team based on the lessons learned from using and integrating existing libraries for many years. The master branch of JaCoCo is automatically built and published. Due to the test-driven development approach, every build is considered fully functional. See the change history for the latest features and bug fixes. SonarQube code quality metrics of the current JaCoCo implementation are available on SonarCloud.io. Integrate JaCoCo technology with your tools. Use JaCoCo tools out of the box. Improve the implementation and add new features. There are several open-source coverage technologies for Java available. While implementing the Eclipse plug-in EclEmma the observation was that none of them are really designed for integration. Most of them are specifically fit to a particular tool (Ant tasks, command line, IDE plug-in) and do not offer a documented API that allows embedding in different contexts.Starting Price: Free -
33
Phoenix Security
Phoenix Security
Phoenix Security enables security, developers, and businesses to all talk the same language. We help security professionals focus on the vulnerabilities that matter most across cloud, infrastructure, and application security. Laser focuses on the 10% of vulnerabilities that matter today, and reduces risk faster with prioritized contextualized vulnerabilities. Threat intelligence automatically in the risk improves efficiency enabling fast reaction. Threat intelligence automatically in the risk improves efficiency enabling fast reaction. Aggregate, correlate and contextualize multiple security tools and data sources, providing your business with unprecedented visibility. Break down the silos between application security, operational security, and the business.Starting Price: $3,782.98 per month -
34
Betterscan.io
Betterscan.io
Reduce MTTD & MTTR with full coverage within minutes of using. Full DevSecOps toolchain across your all environments, implementing and collecting evidence as part of your continuous security. Unified and de-duplicated across all the layers we orchestrate. One line to add several thousand checks + AI. It was built with security in mind, and we have avoided common security mistakes and pitfalls. Understands modern technologies. All are callable via REST API. Integrateable with CI/CD systems, lightweight and fast. You can self-host it for 100% code control and transparency, or run source available binary only in your own CI/CD. Use a source-available solution for complete control and transparency. Trivial setup, no software installation, compatible with many programming languages. Detects more than several thousand code and infrastructure issues and counting. You can review the issues, mark them as false positives, and collaborate on issues.Starting Price: €499 one-time payment -
35
Parny
Parny
Get AI recommendations for your alerts. It can generate recommendations for your alert based on the persona selected. Ask Parny AI has three personas, DevOps engineer, senior developer and database administrator. Our personas are trained to provide the best recommendations for your alerts. You can easily add your team members to the on-call team member list. Always alert the right person at the right time. Share on-call responsibility across your team with on-call schedules and automatic escalations. We support engineering teams to be more proactive, resolve incidents faster and deliver a seamless operations experience. Get custom analytics for your organization, teams, services and users. Always be up to date with your performance and improve your organization's efficiency.Starting Price: $7 per month -
36
Apache DevLake
Apache Software Foundation
Apache DevLake (Incubating) ingests, analyzes, and visualizes the fragmented data from DevOps tools to distill insights for engineering excellence. Your data lives in many silos and tools. DevLake brings them all together to give you a complete view of your Software Development Life Cycle (SDLC). From DORA to scrum retros, DevLake implements metrics effortlessly with prebuilt dashboards supporting common frameworks and goals. DevLake fits teams of all shapes and sizes, and can be readily extended to support new data sources, metrics, and dashboards, with a flexible framework for data collection and transformation. Select, transform and set up a schedule for the data you wish to sync from your prefered data sources in the config UI. View pre-built dashboards of a variety of use cases and learn engineering insights from the metrics. Customize your own metrics or dashboards with SQL to extend your usage of DevLake.Starting Price: Free -
37
Trivy
Aqua Security
Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues. Trivy supports the most popular programming languages, operating systems, and platforms. Trivy is available in the most common distribution channels. Trivy is integrated with many popular platforms and applications. Trivy is integrated into many popular tools and applications so that you can easily add security to your workflow. Find vulnerabilities, misconfigurations, secrets, and SBOM in containers, Kubernetes, code repositories, clouds, and more.Starting Price: Free -
38
Docker Scout
Docker
Container images consist of layers and software packages, which are susceptible to vulnerabilities. These vulnerabilities can compromise the security of containers and applications. Docker Scout is a solution for proactively enhancing your software supply chain security. By analyzing your images, Docker Scout compiles an inventory of components, also known as a Software Bill of Materials (SBOM). The SBOM is matched against a continuously updated vulnerability database to pinpoint security weaknesses. Docker Scout is a standalone service and platform that you can interact with using Docker Desktop, Docker Hub, the Docker CLI, and the Docker Scout Dashboard. Docker Scout also facilitates integrations with third-party systems, such as container registries and CI platforms. Reveal and dig into the composition of your images. Ensure that your artifacts align with supply chain best practices.Starting Price: $5 per month -
39
OverOps
OverOps
OverOps instantly pinpoints at runtime why critical issues break backend Java and .NET applications, eliminating the detective-work of searching logs to reproduce critical errors. Unlike logs, static testing, and APM, that require foresight, OverOps analyzes code at runtime. OverOps requires no code changes, integrates into your existing CI/CD tooling, and does so continuously, from pre-prod through production.Starting Price: $250/user/month -
40
SonarQube Cloud
SonarSource
Maximize your throughput and only release clean code SonarQube Cloud (formerly SonarCloud) automatically analyzes branches and decorates pull requests. Catch tricky bugs to prevent undefined behavior from impacting end-users. Fix vulnerabilities that compromise your app, and learn AppSec along the way with Security Hotspots. With just a few clicks you're up and running right where your code lives. Immediate access to the latest features and enhancements. Project dashboards keep teams and stakeholders informed on code quality and releasability. Display project badges and show your communities you're all about awesome. Code Quality and Code Security is a concern for your entire stack, from front-end to back-end. That’s why we cover 24 languages including Python, Java, C++, and many others. Transparency makes sense and that's why the trend is growing. Come join the fun, it's entirely free for open-source projects! -
41
Terraform
HashiCorp
Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. Write infrastructure as code using declarative configuration files. HashiCorp Configuration Language (HCL) allows for concise descriptions of resources using blocks, arguments, and expressions. Run terraform plan to check whether the execution plan for a configuration matches your expectations before provisioning or changing infrastructure. Apply changes to hundreds of cloud providers with terraform apply to reach the desired state of the configuration. Define infrastructure as code to manage the full lifecycle — create new resources, manage existing ones, and destroy those no longer needed. -
42
OpenText Static Application Security Testing (SAST) identifies and remediates security vulnerabilities in source code early in the software development lifecycle. It supports extensive language coverage and integrates seamlessly with popular CI/CD tools such as Jenkins, Azure DevOps, Jira, and Visual Studio. The platform uses advanced static code analysis and AI-driven insights to prioritize risks and reduce false positives, enabling developers to focus on fixing critical vulnerabilities efficiently. With its customizable code analysis and rule sets, it helps reduce development time by catching issues early. OpenText SAST complies with industry standards like OWASP and offers flexible deployment options including SaaS, private cloud, and on-premises. This comprehensive approach enhances application security without sacrificing development speed or accuracy.
-
43
SD Elements
Security Compass
SD Elements (SDE) helps AppSec teams keep up with rising development demands by defining the exact security requirements a project needs early, often cutting review time by 30–50%. As a Security by Design platform, it identifies risks during planning and architecture—when fixes are fastest—and turns them into clear, standards-mapped requirements developers can use. SDE evaluates architecture, data sensitivity, and regulatory needs to generate the right controls with concise implementation guidance. This allows small AppSec teams to support security across 100+ applications without adding headcount while ensuring consistent, standardized requirements across teams and products. The platform integrates with Jira, CI/CD pipelines, and other dev tools so security tasks align with delivery workflows. Directors gain visibility into requirement coverage, security posture, and audit readiness, making it easier to reduce risk, track progress, and report to leadership. -
44
BMC AMI Ops Automation for Capping. Automate workload capping to avoid risk and optimize costs. BMC AMI Ops Automation for Capping (formerly Intelligent Capping for zEnterprise) applies automated intelligence to manage business-critical MSU capacity settings to avoid operational risk, optimize costs, and meet the needs of digital demand. Automatically manage capping limits to prioritize workloads and optimize mainframe software license costs which can consume 30-50% of the IT budget. Dynamically automate defined capacity MSU settings to optimize your monthly software costs by 10% or more. Mitigate business risk by analyzing, simulating, and automatically managing changes to defined capacity settings based on workload profile. Align capacity to business demand by ensuring MSUs are allocated to highest priority workloads. Patented technology drives capping adjustments, ensuring the most business-critical services are unaffected.
-
45
OpsLevel
OpsLevel
OpsLevel is the fastest, most flexible Internal Developer Portal, giving your teams complete visibility and control over services, teams, and tech stacks—all in one place. Unlike rigid, DIY solutions, OpsLevel automates catalog creation and maintenance so your developers can spend less time managing metadata and more time shipping great software. With built-in AI-powered insights, automation, and customizable workflows, OpsLevel helps engineering leaders enforce standards, drive migrations, and improve reliability—without friction. From onboarding to incident response, from self-service to security, OpsLevel brings everything together so your teams can move faster with confidence. -
46
BMC Compuware Topaz Connect bridges the IT systems that manage mainframe applications with the modern tooling used to manage non-mainframe applications, eliminating siloes that can disrupt innovation. By connecting the mainframe to disparate platforms in the enterprise, companies can track processes for mainframe applications in the same manner as they do for other hardware and software platforms. Eliminates siloes created by lack of integrated tooling, enabling faster delivery of business value. Maximizes enterprise IT automation by reducing disparate manual processes. Leverages existing IT service management (ITSM) investments. Includes the mainframe in DevOps processes. Enhances process efficiencies. Enables mainframe-inexperienced programmers to manage mainframe code. Connect BMC Compuware ISPW and ITSM solutions such as BMC Helix and Tivoli. Communicate specifics of an ITSM code change to BMC Compuware ISPW.
-
47
BMC middleware management software provides real-time monitoring and administration for messaging-oriented middleware environments including IBM® MQ, Integration Bus (IIB), App Connect Enterprise (ACE), Apache ActiveMQ, and DataPower and TIBCO Enterprise Message Service (EMS). Automate alerts and gain insight into a wide array of middleware technologies with a single, intuitive solution. MainView Middleware Monitor securely provides real-time monitoring and automatic notification of potential problems to ensure an optimally performing middleware layer. Analyze historical data to identify patterns, predict trends, and solve reoccurring problems. Maximize application availability and mitigate risk with proactive problem detection and automated resolutions. Improve productivity and efficiency for managing, administering, and troubleshooting with flexible dashboards for infrastructure and application views.
-
48
Flosum
Flosum
A fully native release management and version control system for Salesforce that simply works. Bring together people, processes, and technology to optimize, visualize, and govern business value flow through your entire Salesforce ecosystem. An all-in-one solution for requirements management, version control, deployments and regression testing. Designed with a “clicks not code” approach to achieve the goals that Salesforce developers require, allowing changes to components limited by Git-based solutions, keeping orgs in sync, and executing deployments quicker than ever before. Built to work in the most sophisticated DevOps environments, including integration with Git, Jira, Azure DevOps, Selenium, and many other tools that our clients require. Finish your deployments in minutes, not hours or days. Our click-not-code functionality for DevOps covers all operations seamlessly. We give developers full-scale power tools they need, in the ways they’ve always wanted. -
49
SonarQube for IDE
SonarSource
Easy to use, no configuration needed — just install from your favorite IDE marketplace and continue to code while SonarQube for IDE (formerly SonarLint) does its job. Your current linting tools may come with overhead – specialized tools for languages or longer setup and config time. With SonarQube for IDE, you can settle on a single solution to address your Code Quality and Code Security issues. We have you covered with hundreds of unique, language-specific rules to catch Bugs, Code Smells, and Security Vulnerabilities right in the IDE, as you code. From dangerous regex patterns to non-compliant coding standards, SonarQube for IDE is your true confidante in delivering error-free code. With an intelligent tool by your side, your mistakes are only visible to you so you can understand them, quickly remediate them, and learn along the way. -
50
Coco Code Coverage
Qt Group
Coco by Qt is an end-to-end code coverage and test analysis tool built for teams developing desktop, embedded, and safety-critical software. It supports multiple languages—including C, C++, C#, QML, and Tcl—and provides detailed insight into code coverage across unit, integration, and system testing. Coco helps engineering and QA teams identify untested paths, redundant test cases, and hidden logic branches to improve software reliability and performance. Designed for compliance-driven industries, it generates audit-ready reports aligned with international standards like ISO 26262, DO-178C, and IEC 62304. Seamlessly integrating with CI/CD pipelines and IDEs such as Visual Studio, Eclipse, and Qt Creator, Coco streamlines test validation across toolchains and environments. With precision, automation, and compliance at its core, Coco enables faster releases without compromising quality or safety.
