aicoolies logo

# devsecops

11 tools tagged

Showing 11 of 11 tools

ZeroPath logo

ZeroPath

AI-native SAST with automated PR security reviews

ZeroPath is an AI-native SAST and AppSec platform recognized as an RSAC 2026 finalist that provides automated pull request security reviews with contextual feedback and natural-language fix suggestions. It catches secrets, IaC misconfigurations, and logic flaws in code changes, competing directly with established code review tools but with a security-first AI-native architecture.

paid
Amplify Security logo

Amplify Security

AI security triage for small engineering teams

Amplify Security is an AI-native security tool designed for small-to-mid engineering teams that automates the triage of security alerts and integrates directly into GitHub and GitLab workflows. It specifically addresses alert fatigue by using AI to prioritize high-risk findings over low-severity noise, offering a free tier for small teams that makes developer-first security accessible without enterprise budgets.

freemium
Fluid Attacks logo

Fluid Attacks

Continuous security scanning with AI and human expertise

Fluid Attacks integrates continuous vulnerability scanning into the SDLC by combining AI automation with human security expertise to verify critical flaws. The hybrid approach ensures that automated findings are validated by security researchers before reaching developers, reducing false positive noise while maintaining coverage across SAST, DAST, SCA, and infrastructure-as-code security scanning.

freemium
ZeroThreat logo

ZeroThreat

AI-automated pentesting with zero false positives

ZeroThreat is an automated penetration testing platform that uses AI to conduct comprehensive security audits, claiming to identify 500+ vulnerability types with zero false positives. It automates the traditionally expensive and manual red-teaming process, providing continuous security assessment for web applications with detailed remediation guidance and compliance-ready reporting.

paid
DefectDojo logo

DefectDojo

Open-source vulnerability management aggregator

DefectDojo is an open-source vulnerability management platform with 4.7K+ GitHub stars that aggregates findings from 200+ security tools into a single view for ranking, triaging, and tracking remediation. It serves as the operating system for security teams by normalizing data from SAST, DAST, container scanners, and dependency checkers into a unified workflow with deduplication and metrics.

open-sourceOpen Source
CodeThreat logo

CodeThreat

AI-powered SAST for PR-time security analysis

CodeThreat provides pull request-time security analysis covering SAST, dependency vulnerability checks, and infrastructure-as-code risk review. Highly rated for its seamless GitHub integration, it catches security issues introduced by both human and AI-generated code before they reach production, with particular strength in identifying vulnerabilities from rapid vibe coding workflows.

freemium
Corgea logo

Corgea

AI-native AppSec that finds and fixes vulnerabilities

Corgea is an AI-native application security platform that uses LLMs to scan, triage, and automatically fix security vulnerabilities in code. Unlike traditional SAST tools that only detect issues, Corgea focuses on the remediation phase by generating context-aware fixes for vulnerabilities, significantly reducing the time engineering teams spend on security backlog while providing contextual PR reviews and IDE integrations.

paidOpen Source
AccuKnox logo

AccuKnox

Zero Trust runtime security for Kubernetes and AI

AccuKnox provides Zero Trust runtime threat prevention for Kubernetes and cloud workloads with an AI-powered prompt firewall to prevent LLM injection attacks. Built on the open-source KubeArmor project, it manages Kubernetes identities via policy-as-code, enforces runtime security policies, and provides real-time workload protection for AI-native infrastructure environments.

open-sourceOpen Source
CodeAnt AI logo

CodeAnt AI

All-in-one AI code review, security, and quality

CodeAnt AI combines AI code review, SAST, secret detection, IaC security, policy enforcement, compliance dashboards, and agentic pentesting in one platform for engineering teams that want code quality and security checks before production.

paidOpen Source
Corridor logo

Corridor

AI-native security for coding agents

Corridor is an AI-native security platform that intercepts vulnerabilities at the code generation layer, providing real-time guardrails and automated PR security reviews for teams using AI coding agents like Cursor, Claude Code, and GitHub Copilot. Founded by former CISA Secure by Design lead Jack Cable and backed by $25M Series A from Felicis at a $200M valuation, Corridor embeds proactive security context into developer workflows via MCP server integration.

freemiumOpen Source
Aikido Security logo

Aikido Security

Unified code-to-cloud security platform for developers

Aikido Security is an all-in-one AppSec platform unifying SAST, DAST, SCA, CSPM, secrets detection, container scanning, IaC analysis, and runtime protection in a single developer-friendly dashboard. Cuts false positive noise by 95% through reachability analysis that evaluates vulnerabilities in actual deployment context. Features AI AutoFix for one-click remediation, CI/CD gating, and AI-powered pentesting agents. Trusted by 50,000+ organizations. Supports 50+ programming languages.

freemium