Best Vulnerability Management Software for GitHub
View:
Compare the Top Vulnerability Management Software that integrates with GitHub as of June 2025
Sort By:
This a list of Vulnerability Management software that integrates with GitHub. Use the filters on the left to add additional filters for products that have integrations with GitHub. View the products that work with GitHub in the table below.
What is Vulnerability Management Software for GitHub?
Vulnerability management software is software that identifies, assesses, and prioritizes security vulnerabilities within an organization's IT infrastructure. These tools continuously scan systems, networks, and applications for potential weaknesses that could be exploited by attackers. They provide detailed reports on discovered vulnerabilities, along with recommendations for remediation or mitigation strategies. Vulnerability management software often integrates with other security tools, such as patch management and threat intelligence platforms, to enhance overall security posture. By helping organizations proactively manage vulnerabilities, these tools reduce the risk of cyberattacks and data breaches, ensuring a more secure IT environment. Compare and read user reviews of the best Vulnerability Management software for GitHub currently available using the table below. This list is updated regularly.
-
1
Aikido Security
Aikido Security
Secure your stack with Aikido's code-to-cloud security platform. Find and fix vulnerabilities fast & automatically. Aikido's all-in-one approach combines multiple important scanning capabilities. SAST, DAST, SCA, CSPM, IaC, Container scanning and more - making it a true ASPM platform.Starting Price: Free -
2
Astra Pentest
Astra Security
Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also conducts all tests required to comply with ISO 27001, HIPAA, SOC2, and GDPR. Astra offers an interactive pentest dashboard that the user can use to visualize vulnerability analyses, assign vulnerabilities to team members, and collaborate with security experts. And if the users don’t want to get back to the dashboard every time they want to use the scanner or assign a vulnerability to a team member, they can simply use the integrations with CI/CD platforms, Slack, and Jira.Starting Price: $199 per month -
3
Carbide
Carbide
Carbide is a tech-enabled service that strengthens your company’s information security and privacy management capabilities. Our platform is tailored for companies aiming for a sophisticated security posture, particularly valuable for organizations that must meet rigorous compliance requirements and require hands-on services. With Carbide, you can benefit from continuous cloud monitoring and the educational resources of Carbide Academy. Our platform supports over 100 technical integrations, enabling efficient evidence collection and meeting of security framework controls necessary for passing audits.Starting Price: $7,500 annually -
4
Visual Expert
Novalys
Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking changes. Automatically scan your code to detect and fix security vulnerabilities, bugs and maintenance Issues. Implement continuous code inspection Understand the inner workings of your code with call graphs, code diagrams, CRUD Matrix and Object Dependency Matrix (ODM). Automatically generate an HTML Source Code documentation. Explore your code exploration with hyperlinks Compare applications, databases or pieces of code. Improve maintainability. Clean up code. Comply with dev standards. Analyze and Improve DB code performance: Find slow objects and SQL queries, Optimize a slow object, a Chain of calls a slow SQL, Get a query Execution Plan. And much more.Starting Price: $495 per year -
5
Invicti
Invicti Security
Application security is noisy and overly complicated. The good news: you can relieve that unnecessary noise and dramatically reduce your risk of attacks with Invicti. Keeping up with security is more manageable with accurate, automated testing that scales as your needs shift and grow. That's where Invicti shines. With a leading dynamic application security testing solution (DAST), Invicti helps teams automate security tasks and save hundreds of hours each month by identifying the vulnerabilities that really matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss. With asset discovery, it's easier to discover all web assets — even ones that are lost, forgotten, or created by rogue departments. Through tried-and-true methods, Invicti helps DevSecOps teams get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively. -
6
Crashtest Security
Crashtest Security
Crashtest Security is a SaaS-based security vulnerability scanner allowing agile development teams to ensure continuous security before even hitting Production. Our state-of-the-art dynamic application security testing (DAST) solution integrates seamlessly with your dev environment and protects multi-page and JavaScript apps, as well as microservices and APIs. Set up Crashtest Security Suite in minutes, get advanced crawling options, and automate your security. Whether you want to see vulnerabilities within the OWASP Top 10 or you want to go for deep scans, Crashtest Security is here to help you stay on top of your security and protect your code and customers.Starting Price: €35 per month -
7
Astra Security
Astra Security
Astra Security is the go-to security suite for web & mobile apps, network, cloud infrastructures, API and more. With Astra Website Protection, you don't have to worry about any malware, credit card hack, SQLi, XSS, SEO spam, comments spam, brute force & 100+ types of internet threats. Astra Website Protection offers Website/Web Application Firewall and Malware Scanner. This means you can get rid of multiple security solutions & let Astra take care of it all.Starting Price: $25/month -
8
Debricked
Debricked
Debricked's tool enables for increased use of Open Source while keeping associated risks at bay, making it possible to keep a high development speed while still staying secure. The service runs on state of the art machine learning, allowing the data quality to be outstanding as well as instantly updated. High precision (over 90% in supported languages) in combination with flawless UX and scalable automation features makes Debricked one of a kind and the way to go for open source management. Recently, debricked released their new platform by the name of Open Source Select where open source projects can be compared, evaluated and monitored to ensure high quality and community health.Starting Price: Free -
9
Snyk
Snyk
Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.Starting Price: $0 -
10
Nucleus
Nucleus
Nucleus is redefining the vulnerability management software category as the single source of record for all assets, vulnerabilities, and associated data. We unlock the value you’re not getting from existing tools and place you squarely on the path to program maturity by unifying the people, processes, and technology involved in vulnerability management. With Nucleus, you receive unmatched visibility into your program and a suite of tools with functionality that simply can’t be replicated in any other way. Nucleus is the single shift-left tool that unifies development and security operations. It unlocks the value you’re not getting out of your existing tools and puts you on the path to unifying the people, processes, and technology involved in addressing vulnerabilities and code weaknesses. With Nucleus, you’ll get unmatched pipeline integration, tracking, triage, automation and reporting capabilities and a suite of tools with functionality.Starting Price: $10 per user per year -
11
Mend.io
Mend.io
Trusted by the world's leading companies, including IBM, Google, and Capital One, Mend.io's enterprise suite of application security tools is designed to help you build and manage a mature, proactive AppSec program. Mend.io understands the different AppSec requirements of developers and security teams. Unlike other AppSec solutions that force everyone to use a single tool, Mend.io helps them work in harmony by giving each team different, but complementary, tools - enabling them to stop chasing vulnerabilities and start proactively managing application risk.Starting Price: $1,000 per developer, per year -
12
Acunetix
Invicti Security
As the market leader in automated web application security testing, Acunetix by Invicti is the go-to security tool for Fortune 500 companies. DevSecOps teams can cut through the noise to uncover unseen risks and mitigate dangerous exploits, detecting and reporting on a wide array of vulnerabilities. With an industry-leading crawler that fully supports HTML5, JavaScript, and Single-page applications, Acunetix enables the auditing of complex, authenticated applications for deeper insight into an organization's risk posture. It's a leader for a reason: the technology behind Acunetix delivers the only product on the market that can automatically detect out-of-band vulnerabilities to enable comprehensive management, prioritization, and control for vulnerability threats by criticality. Plus, it's available both online and as an on-prem solution, integrating with popular issue trackers and WAFs so that DevSecOps teams don't have to slow down when building innovative apps. -
13
Strobes RBVM
Strobes Security
Strobes RBVM simplifies vulnerability management with its all-in-one platform, streamlining the process of identifying, prioritizing, and mitigating vulnerability risks across various attack vectors. Through seamless automation, integration, and comprehensive reporting, organizations can proactively enhance their cybersecurity posture. Integrate multiple security scanners, threat intel, & IT ops tools to aggregate thousands of vulnerabilities but only end up patching the most important ones by using our advanced prioritization techniques. Strobes Risk Based Vulnerability Management software goes beyond the capabilities of a standalone vulnerability scanner by aggregating from multiple sources, correlating with threat intel data and prioritising issues automatically. Being vendor agnostic we currently support 50+ vendors to give you an extensive view of your vulnerability landscape within Strobes itself.Starting Price: $999 -
14
Reshift
Reshift Security
The ultimate tool to help Node.js developers secure their custom code. Developers are 4x more likely to fix issues before code is checked in. Reshift makes shifting security left seamless with security bug detection and remediation at compile time. A security tool that works with your developers, without slowing them down. Reshift integrates with the developers’ IDE so security issues are found in real-time and fixed before the code is merged. New to security? Reshift makes it easy to build code security into your pipeline for the first time. A tool built for growing software companies looking to level up their security. Not a security expert? Reshift is made for SMB’s, making it easy to set up with no need for security expertise. Improve code security, while learning about secure code.Reshift provides rich content and best practices, so developers learn about security while writing code.Starting Price: $99 per month -
15
Phoenix Security
Phoenix Security
Phoenix Security enables security, developers, and businesses to all talk the same language. We help security professionals focus on the vulnerabilities that matter most across cloud, infrastructure, and application security. Laser focuses on the 10% of vulnerabilities that matter today, and reduces risk faster with prioritized contextualized vulnerabilities. Threat intelligence automatically in the risk improves efficiency enabling fast reaction. Threat intelligence automatically in the risk improves efficiency enabling fast reaction. Aggregate, correlate and contextualize multiple security tools and data sources, providing your business with unprecedented visibility. Break down the silos between application security, operational security, and the business.Starting Price: $3,782.98 per month -
16
Seal Security
Seal Security
Redefine open source vulnerability and patch management with Seal Security. Easy integration directly into your existing SDLC, and workflows. Standalone security patches for immediate resolution of critical security issues. Predictable remediation and optimal resource allocation, with centralized control and reduced R&D dependency. Streamline your open source vulnerability remediation without introducing the risk of breaking changes. Say goodbye to alert fatigue and start patching with Seal Security. Pass every product security scan with confidence. Seal Security provides immediate remediation for open source vulnerabilities. By meeting your customers' SLAs and offering a vulnerability-free product, you can ensure customer trust and fortify your market standing. Seal Security seamlessly integrates with various coding languages, patch management systems, and open source platforms through powerful APIs and CLI.Starting Price: Free -
17
Boman.ai
Boman.ai
Boman.ai can be integrated in your CI/CD pipeline with few commands and minimum configuration. No planning or expertise is needed. Boman.ai brings SAST, DAST, SCA, and secret scans all packaged in one integration. It can support multiple development languages. Boman.ai minimizes your application security expenses by utilizing open-source scanners. You don’t need to buy expensive application security tools. Boman.ai is powered by AI/ML that removes false positives and correlates results to help you in prioritization and fixes. The SaaS platform presents a dashboard for all your scan results in one place. Correlate the results and get insights for better application security. Manage vulnerabilities reported by the scanner. The platform helps to prioritize, triage, and remediate vulnerabilities. -
18
Kondukto
Kondukto
The Kondukto platform’s flexible design allows you to create custom workflows for responding to risks quickly and efficiently. Take advantage of more than 25 built-in open-source tools ready to run SAST, DAST, SCA, and Container Image scans within minutes without a need for installation, maintenance, or updates. Protect your corporate memory from changes in employees, scanners, or DevOps tools. All security data, statistics, and activities in one place for you to own. Avoid vendor lock or loss of historical data when you need to change an AppSec tool. Verify fixes automatically to ensure better collaboration and less distraction. Boost efficiency by eliminating redundant conversations between AppSec and development teams.Starting Price: $12,000 per annually -
19
VulnDB
VulnDB
Risk-based security publishes vulnerability intelligence reports that provide a quick view into vulnerability trends, using charts and graphs to summarize the most recently reported vulnerabilities. VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS portal, or a RESTful API that allows easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search and be alerted on the latest vulnerabilities, both in end-user software and the 3rd party libraries or dependencies. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership. Vulnerability source information, extensive references, links to proof of concept code, and solutions. -
20
ArmorCode
ArmorCode
Centralize all AppSec findings (SAST, DAST, SCA, etc) and correlate with infrastructure and cloud security vulnerabilities to get a 360o view of you application security posture. Normalize, de-dup and correlate findings to improve risk mitigation efficiency and prioritize the findings that impact the business. A single source of truth for findings and remediations from across tools, teams and applications. AppSecOps is the process of identifying, prioritizing, remediating and preventing Security breaches, vulnerabilities and risks - fully integrated with existing DevSecOps workflows, teams and tools An AppSecOps platform enables security teams to scale their ability to successfully identify, remediate and prevent high-priority application level security, vulnerability, and compliance issues, as well as identify and eliminate coverage gaps. -
21
Bytesafe
Bitfront
Increase your open source security posture with automated best practices, with a unified workflow for security and developer teams. The cloud-native security platform reduces risk and protects revenue, without slowing down developers. The dependency firewall quarantines malicious open source before reaching developers and infrastructure, protecting data, assets, and company reputation. Our policy engine evaluates threat signals such as known vulnerabilities, license information, and customer-defined rules. Having insight into what open-source components are used in applications is crucial to avoid exploitable vulnerabilities. Software Composition Analysis (SCA) and dashboard reporting give stakeholders a holistic overview with immediate insights into the current situation. Discover when new open-source licenses are introduced in the codebase. Automatically track license compliance issues and restrict problematic or unlicensed packages.Starting Price: €1100 per month -
22
ProjectDiscovery
ProjectDiscovery
Use automation, integrations, and continuous scanning to defend your modern tech stack. Build your regression database with alerts and CI/CD tools to prevent vulnerabilities from reappearing. Effortlessly retest vulnerabilities. Save time and resources allowing your team to ship faster. Security should be simple, accessible, and community-driven. Not all vulnerabilities and assets are worth triaging. Focus on the ones that matter to your workflows with context-enriched data. Our AI templating integration reads vulnerability reports and tailors templates to your needs, saving you time and effort on automation. Automate with support from APIs and webhooks. Trigger scans and receive real-time updates on vulnerabilities, assets, and templates. Collaborate across teams by sharing templates, assets, and vulnerabilities. Our enterprise platform has an amazing foundation. -
23
Maverix
Maverix
Maverix blends itself into the existing DevOps process, brings all required integrations with software engineering and application security tools, and manages the application security testing process end to end. AI-based automation for security issues management including detection, grouping, prioritization, filtration, synchronization, control of fixes, and support of mitigation rules. Best-in-class DevSecOps data warehouse for full visibility into application security improvements over time and team efficiency. Security issues can be easily tracked, triaged, and prioritized – all from a single user interface for the security team, with integrations to third-party products. Gain full visibility into application production readiness and application security improvements over time. -
24
Dazz
Dazz
Unified remediation for code, clouds, applications, and infrastructure. We help security and dev teams accelerate remediation and reduce exposure with one remediation solution for everything developed and run in their environments. Dazz connects security tools and pipelines, correlates insights from code to cloud, and shrinks alert backlog into root causes, so your team can remediate smarter and faster. Shrink your risk window from weeks to hours. Prioritize the vulnerabilities that matter most. Say goodbye to chasing and triaging alerts manually, and hello to automation that reduces exposure. We help security teams triage and prioritize critical fixes with context. Developers get insight into root causes and backlog relief. With less friction, your teams truly could become BFFs. -
25
Opus Security
Opus Security
Prioritize what really matters based on risk, contextual analysis, and event de-duplication. Manage the full remediation lifecycle and eliminate manual effort from the remediation process by introducing automation throughout. Drive cross-organizational initiatives with ease. Consolidate all your issues across posture management and vulnerability tools. Drastically reduce the number of issues by identifying common root causes, and get clear visibility and in-depth reporting. Effectively collaborate with distributed teams within their own tools. Deliver a personalized, relevant experience for every engineer. Provide actionable remediation guidance and practical code suggestions. Easily adapt to your own organizational structure. A centralized, unified platform designed to drive effective remediation across any attack surface, any tool, and any stakeholder. Easily integrating with existing posture management and vulnerability tools, Opus provides much-needed visibility. -
26
HackerOne
HackerOne
HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Qualcomm, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.
- Previous
- You're on page 1
- Next