{"payload":{"featured":[],"recommended":[],"recently_added":[],"search_results":{"results":[{"type":"marketplace_listing","id":"18118","state":"unverified","name":"Pangea","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":false,"slug":"pangea-cyber","owner_login":"pangeacyber","resource_path":"/marketplace/pangea-cyber","installation_count":9,"full_description":"For any application today, upwards of 20% of the code is security related functionality. Pangea provides a composable\nsecurity framework of 19 security services like authentication and secure audit logging that you can easily add to your\ncode so you don t have to build them yourself. The Pangea Github Copilot Extension, available under @pangea-cyber,\nallows you to ask Pangea questions about security features and will guide users on how to add Pangea security features\nto any application.\n","short_description":"The essential security features you need in API-based services that can be implemented easily with just a few lines of code","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/18118?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":18118,"state":6,"name":"Pangea","slug":"pangea-cyber","short_description":"The essential security features you need in API-based services that can be implemented easily with just a few lines of code","full_description":"For any application today, upwards of 20% of the code is security related functionality.  Pangea provides a composable security framework of 19 security services like authentication and secure audit logging that you can easily add to your code so you don't have to build them yourself. The Pangea Github Copilot Extension, available under @pangea-cyber, allows you to ask Pangea questions about security features and will guide users on how to add Pangea security features to any application.","extended_description":"With Pangea's comprehensive platform of essential API-based security services, you can eliminate the burden of building, scaling and managing complex security code.\n\nPrerequisites and Set-up\n- User has a free [Pangea account](https://pangea.cloud/docs/getting-started/create-account/).\n- User is part of a GitHub organization that has a Copilot license\n- User can install extensions\n\nInstallation, Sign-in & Auth\n1. Install the @pangea-cyber extension\n2. In Copilot chat, use @pangea-cyber to ask questions about security features\n3. Using your Pangea account and the extension's responses, implement security features in your application\n\nExample Use-cases\n- Learn how Pangea services can assist in developing secure applications.\n- Get pointers on what Pangea service to use to solve a given problem.\n\nExample prompts\n- @pangea-cyber how can I add logins to my website?\n- @pangea-cyber how can I redact sensitive info from text?\n- @pangea-cyber I need to be HIPAA compliant. How can I do that?","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://pangea.cloud/privacy-policy/","tos_url":"https://pangea.cloud/terms-of-use/","company_url":"https://pangea.cloud/","status_url":"https://status.pangea.cloud/","support_url":"info@pangea.cloud","documentation_url":"https://pangea.cloud/docs/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4618,"technical_email":"kenan.yildirim@pangea.cloud","marketing_email":"michael.weinberger@pangea.cloud","finance_email":"tim.driscoll@pangea.cloud","direct_billing_enabled":false,"by_github":false,"security_email":"baruch.mettler@pangea.cloud","listable_type":"Integration","listable_id":878395,"copilot_app":true}}},{"type":"marketplace_listing","id":"17890","state":"unverified","name":"Sudoviz","free":true,"primary_category":"Security","secondary_category":"AI Assisted","is_verified_owner":false,"slug":"sudoviz","owner_login":"sudoviz","resource_path":"/marketplace/sudoviz","installation_count":3,"full_description":"Sudoviz: Security   Analytics\n\n  - Detect Vulnerabilities: Remediate code issues 100x faster.\n  - Security Visibility: Manage risk across applications.\n  - Data Analysis: Visibility in development environments.\n  - Secure Strategy: Avoid cyber risks.\n\nFeatures:\n\n  - Scans: Comprehensive stack analysis.\n  - Analytics: Insights from vulnerability metrics.\n  - Workflow: Manage issues via Jira.\n  - AI Remediation: Enhance code security.\n","short_description":"Secure your software stack with next gen AI","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17890?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17890,"state":6,"name":"Sudoviz","slug":"sudoviz","short_description":"Secure your software stack with next gen AI","full_description":"# Sudoviz: Security & Analytics\n- **Detect Vulnerabilities**: Remediate code issues 100x faster.\n- **Security Visibility**: Manage risk across applications.\n- **Data Analysis**: Visibility in development environments.\n- **Secure Strategy**: Avoid cyber risks.\n\n### Features:\n- **Scans**: Comprehensive stack analysis.\n- **Analytics**: Insights from vulnerability metrics.\n- **Workflow**: Manage issues via Jira.\n- **AI Remediation**: Enhance code security.\n","extended_description":"# Sudoviz: Enhanced Security & Analytics Solutions\n\n## Core Features:\n\n- **Rapid Vulnerability Detection**: Accelerate issue identification and remediation by 100 times.\n- **Comprehensive Security Oversight**: Oversee and mitigate risks throughout your entire software portfolio.\n- **Persistent Data Analysis**: Maintain continuous oversight across essential development zones.\n- **Proactive Risk Management**: Navigate away from hidden cyber threats and vulnerabilities.\n\n### Detailed Functionality:\n\n- **Vulnerability Scans**: Initiate thorough examinations of your software stack, identifying and analyzing potential security risks.\n- **Results Analysis**: Explore vulnerabilities using an intuitive dashboard to make strategic security decisions.\n- **Workflow Optimization**: Streamline issue management with integrated Jira ticket creation for effective collaboration.\n- **AI-Assisted Solutions**: Utilize AI for precise false positive analysis and to recommend robust security measures.","primary_category_id":6,"secondary_category_id":39,"privacy_policy_url":"https://www.sudoviz.com/","tos_url":"https://www.sudoviz.com/","company_url":"https://www.sudoviz.com/","status_url":"https://www.sudoviz.com/","support_url":"https://www.sudoviz.com/contact","documentation_url":"https://www.sudoviz.com/","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"support@sudoviz.com","marketing_email":"support@sudoviz.com","finance_email":"support@sudoviz.com","direct_billing_enabled":false,"by_github":false,"security_email":"support@sudoviz.com","listable_type":"Integration","listable_id":880429,"copilot_app":false}}},{"type":"marketplace_listing","id":"17864","state":"unverified","name":"Golang Code Scanner","free":true,"primary_category":"Code quality","secondary_category":"Security","is_verified_owner":true,"slug":"golang-code-scanner","owner_login":"Armur-Ai","resource_path":"/marketplace/golang-code-scanner","installation_count":3,"full_description":"Golang Code Scanner\n\nThe Golang Code Scanner is a app designed to enhance the security of your Golang codebase by scanning for\nvulnerabilities. It automatically analyzes your Golang code whenever you push changes to the master branch or create a\npull request targeting the master or main branch. Upon detecting vulnerabilities, it adds a comment to the created pull\nrequest, thereby facilitating timely resolution of security issues.\n","short_description":"Automated vulnerability Scanner","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17864?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17864,"state":6,"name":"Golang Code Scanner","slug":"golang-code-scanner","short_description":"Automated vulnerability Scanner","full_description":"# Golang Code Scanner\n\nThe **Golang Code Scanner** is a app designed to enhance the security of your Golang codebase by scanning for vulnerabilities. It automatically analyzes your Golang code whenever you push changes to the `master` branch or create a pull request targeting the `master` or  `main` branch. Upon detecting vulnerabilities, it adds a comment to the created pull request, thereby facilitating timely resolution of security issues.\n","extended_description":"# Features\n\n- **Automated Vulnerability Detection**: The app automatically scans Golang code for vulnerabilities.\n- **Integration with Pull Requests**: Vulnerability findings are reported as comments on pull requests, streamlining the review process.\n\n","primary_category_id":12,"secondary_category_id":6,"privacy_policy_url":"https://www.armur.ai/privacy-policy","tos_url":"","company_url":"https://www.armur.ai","status_url":"","support_url":"https://www.armur.ai/contact","documentation_url":"","pricing_url":null,"bgcolor":"000000","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4543,"technical_email":"akhil@armur.ai","marketing_email":"shane@armur.ai","finance_email":"paul@armur.ai","direct_billing_enabled":false,"by_github":false,"security_email":"admin@armur.ai","listable_type":"Integration","listable_id":874187,"copilot_app":false}}},{"type":"marketplace_listing","id":"17829","state":"unverified","name":"Minder by Stacklok","free":true,"primary_category":"Security","secondary_category":"Code quality","is_verified_owner":false,"slug":"minder-by-stacklok","owner_login":"stacklok","resource_path":"/marketplace/minder-by-stacklok","installation_count":61,"full_description":"Minder by Stacklok is an open source and extensible platform that helps OSS maintainers and project owners consistently\nprotect their code repos, build pipelines, and artifacts from malicious attacks.\n","short_description":"An open source, extensible platform that helps you enforce security policies and settings across your GitHub organization","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17829?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17829,"state":6,"name":"Minder by Stacklok","slug":"minder-by-stacklok","short_description":"An open source, extensible platform that helps you enforce security policies and settings across your GitHub organization","full_description":"Minder by Stacklok is an open source and extensible platform that helps OSS maintainers and project owners consistently protect their code repos, build pipelines, and artifacts from malicious attacks.","extended_description":"# Minder Features\n\n### Repository configuration and security\n\nMost development teams have multiple repos—averaging 6x the number of developers. Minder helps you simplify configuration and management of security policies and settings across multiple project repos.\n\n### Proactive security enforcement\n\nContinuously enforce security best practices like secret scanning, branch protections, artifact signing and more by setting granular policies to alert or auto-remediate.\n\n### Artifact attestation\n\nMake sure your artifacts are tamper-proof by setting a policy to verify that all artifacts are signed using Sigstore, and display signature and verification status for those artifacts.\n\n### Dependency and license management\n\nManage your dependency security posture and supported licenses by helping developers make better choices and enforcing controls. Minder integrates with [Trusty](https://stacklok.com/trusty) to enable policy-driven management based on dependency risk level.","primary_category_id":6,"secondary_category_id":12,"privacy_policy_url":"https://www.iubenda.com/privacy-policy/85152077","tos_url":"","company_url":"https://stacklok.com/","status_url":"https://status.stacklok.com/","support_url":"https://docs.stacklok.com/minder/about/faq#how-do-i-get-support-for-minder","documentation_url":"https://docs.stacklok.com/minder/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"info@stacklok.com","marketing_email":"marketing@stacklock.com","finance_email":"accountspayable@stacklok.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@stacklok.com","listable_type":"Integration","listable_id":863270,"copilot_app":false}}},{"type":"marketplace_listing","id":"17634","state":"unverified","name":"Puaro Security","free":true,"primary_category":"Security","secondary_category":"Continuous integration","is_verified_owner":true,"slug":"puaro-security","owner_login":"puaro-app","resource_path":"/marketplace/puaro-security","installation_count":3,"full_description":"Puaro Security provides a simple-to-use platform to detect and eliminate secrets in your code\n","short_description":"Secure your code today","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17634?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17634,"state":6,"name":"Puaro Security","slug":"puaro-security","short_description":"Secure your code today","full_description":"Puaro Security provides a simple-to-use platform to detect and eliminate secrets in your code","extended_description":"- Integrate Puaro easily into your source control system as part of CI/CD pipelines, ensure continuous scanning of your code, without the need to configure or maintain Puaro on your side.\n- Gets a detailed view of secrets found in your code at the PR level and enjoy comprehensive analytics to review security performance metrics.\n\n[Schedule a demo and learn more](https://puaro.io/contact-us)!","primary_category_id":6,"secondary_category_id":2,"privacy_policy_url":"https://puaro.io/legal/privacy","tos_url":"https://puaro.io/legal/terms-of-use","company_url":"https://puaro.io","status_url":"","support_url":"https://puaro.io","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"info@puaro.io","marketing_email":"info@puaro.io","finance_email":"info@puaro.io","direct_billing_enabled":false,"by_github":false,"security_email":"info@puaro.io","listable_type":"Integration","listable_id":856884,"copilot_app":false}}},{"type":"marketplace_listing","id":"17615","state":"unverified","name":"Back Git Up","free":true,"primary_category":"Backup Utilities","secondary_category":"Security","is_verified_owner":true,"slug":"back-git-up-backups-for-github","owner_login":"backgitup","resource_path":"/marketplace/back-git-up-backups-for-github","installation_count":4,"full_description":"🎉 We ve launched! Celebrate with us. Back Git Up is completely free for the first 50 users! 🎉\n\nThe Backup app for GitHub. Back Git Up specialises in one thing, backing up your repositories.\n\n  - Automatic daily, hourly or live backups of your source code\n  - On-demand backups with a click of a button\n  - Backups encrypted at rest in Google Cloud Storage with AES-256 encryption\n  - Read-only access to your repositories.\n","short_description":"Protect your code from malicious actors and accidental deletion","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17615?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17615,"state":6,"name":"Back Git Up","slug":"back-git-up-backups-for-github","short_description":"Protect your code from malicious actors and accidental deletion","full_description":"###\n### 🎉 We've launched! Celebrate with us. Back Git Up is completely free for the first 50 users! 🎉\n\n**The Backup app for GitHub.** [Back Git Up](https://backgitup.com) specialises in one thing, backing up your repositories.\n\n* Automatic daily, hourly or live backups of your source code\n* On-demand backups with a click of a button\n* Backups encrypted at rest in Google Cloud Storage with AES-256 encryption\n* Read-only access to your repositories.","extended_description":"**Protect your business right now**\nDon't roll your own back up scripts. Install Back Git Up and get your code protected in minutes.\n\n**Define our roadmap**\nWe're new, we're small and we're agile. Support small, independent developers. Help us build the product you want.\n\n**Coming soon**\n\n* Bring your own cloud and store your backups on your infrastructure\n* Select your data residency\n\n**How does pricing work?**\nWe price per organization. All billing is handled through GitHub.","primary_category_id":41,"secondary_category_id":6,"privacy_policy_url":"https://www.backgitup.com/privacy","tos_url":"https://www.backgitup.com/terms","company_url":"","status_url":"","support_url":"https://backgitup.com","documentation_url":"","pricing_url":null,"bgcolor":"16a34a","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"nick@backgitup.com","marketing_email":"nick@backgitup.com","finance_email":"nick@backgitup.com","direct_billing_enabled":false,"by_github":false,"security_email":"nick@backgitup.com","listable_type":"Integration","listable_id":852732,"copilot_app":false}}},{"type":"marketplace_listing","id":"17513","state":"unverified","name":"Tillion Guardian","free":true,"primary_category":"AI Assisted","secondary_category":"Code Scanning Ready","is_verified_owner":true,"slug":"tillion-guardian","owner_login":"tillionio","resource_path":"/marketplace/tillion-guardian","installation_count":9,"full_description":"Tillion AI Guardian rapidly detects conflicts between your org data policies and code, to ensure ongoing compliance. It\nautomatically scans your codebase to identify data usage and recipients of data, then compares it to your policies and\nflags issues.\n","short_description":"Your AI Data Guardian","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17513?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17513,"state":6,"name":"Tillion Guardian","slug":"tillion-guardian","short_description":"Your AI Data Guardian","full_description":"Tillion AI Guardian rapidly detects conflicts between your org data policies and code, to ensure ongoing compliance. It automatically scans your codebase to identify data usage and recipients of data, then compares it to your policies and flags issues.","extended_description":"### Free up time previously spent on recurring compliance tasks\n\nTillion AI Guardian automates the policy audit and evidence collection process. Data usage and recipients of data are continuously tracked, and a trail of code file paths is generated for reference.\n\n### Get more work done\n\nTillion AI Guardian brings your org policies into the code and automatically links data usage to its corresponding policy items. It lets you easily understand what’s allowed or not, so you can focus on building fast without breaking policy.\n\n### Improve code quality\n\nTillion AI Guardian regularly measures how compliant your code is against your org policies, giving you the visibility and context you need to prioritize and resolve data usage issues.","primary_category_id":39,"secondary_category_id":42,"privacy_policy_url":"https://www.tillion.ai/legal/privacy-policy","tos_url":"https://www.tillion.ai/legal/terms-of-use","company_url":"https://www.tillion.ai/","status_url":"https://status.tillion.ai/","support_url":"https://trust.tillion.ai/","documentation_url":"","pricing_url":null,"bgcolor":"000000","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"barak@tillion.ai","marketing_email":"info@tillion.ai","finance_email":"finance@tillion.ai","direct_billing_enabled":false,"by_github":false,"security_email":"cybersecurity@tillion.ai","listable_type":"Integration","listable_id":308293,"copilot_app":false}}},{"type":"marketplace_listing","id":"17459","state":"unverified","name":"mit10s-app","free":true,"primary_category":"Security","secondary_category":"Code quality","is_verified_owner":false,"slug":"mit10s","owner_login":"mit10s","resource_path":"/marketplace/mit10s","installation_count":1,"full_description":"Revolutionize your API security with mit10s. A powerful vulnerability scanner leveraging Artificial Intelligence to\nscrutinize your code and generate an exhaustive report of potential vulnerabilities, the severity of threats, and\nactionable steps to fix them. Integrate code security checks directly into your software development lifecycle with our\ncompanion GitHub app. Improve the security of your code with the touch of a button.\n","short_description":"A comprehensive security tool for your API codebases","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17459?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17459,"state":6,"name":"mit10s-app","slug":"mit10s","short_description":"A comprehensive security tool for your API codebases","full_description":"Revolutionize your API security with `mit10s`. A powerful vulnerability scanner leveraging Artificial Intelligence to scrutinize your code and generate an exhaustive report of potential vulnerabilities, the severity of threats, and actionable steps to fix them. Integrate code security checks directly into your software development lifecycle with our companion GitHub app. Improve the security of your code with the touch of a button.","extended_description":"`mit10s` reliably scans your API codebases and uses AI-based algorithms to identify potential security vulnerabilities. This process produces a detailed report featuring:\n\n- A comprehensive list of potential security vulnerabilities.\n- The severity of each identified threat.\n- The priority level for fixing each vulnerability.\n- Clear, actionable steps to remediate identified vulnerabilities.\n\n'mit10s' comes with this companion GitHub app that integrates seamlessly with your repositories. With this app you can:\n\n- Run 'mit10s' directly on your repository, generating exhaustive security reports.\n- Enhance your PR reviews with automated annotations.\n- Establish checklist rules for PRs, blocking the merging of code not passing 'mit10s' security checks.\n\nBring your security testing to the next level by opting for the `mit10s` GitHub app for a well-integrated, efficient, secure coding experience.","primary_category_id":6,"secondary_category_id":12,"privacy_policy_url":"https://github.com/mit10s/mit10s-github-app/blob/main/privacy-policy.md","tos_url":"https://github.com/mit10s/mit10s-github-app/blob/main/terms-of-service.md","company_url":"https://mit10s.com/","status_url":"https://mit10s.com/","support_url":"https://github.com/mit10s/mit10s-github-app/issues","documentation_url":"https://github.com/mit10s/mit10s-github-app","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"ceo@mit10s.com","marketing_email":"ceo@mit10s.com","finance_email":"ceo@mit10s.com","direct_billing_enabled":false,"by_github":false,"security_email":"ceo@mit10s.com","listable_type":"Integration","listable_id":832495,"copilot_app":false}}},{"type":"marketplace_listing","id":"17133","state":"unverified","name":"OpenSCA SaaS OAuth","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":false,"slug":"opensca-saas-oauth","owner_login":"XmirrorSecurity","resource_path":"/marketplace/opensca-saas-oauth","installation_count":3,"full_description":"OpenSCA is the open source realization of SCA (Software Composition Analysis) technology. As the open source version of\nXmirror SCA, it has been endowed with the core abilities of mixed-source application security detection. Aiming at\nguarding open source security, it is competent to dig out the hiding vulnerabilities and compliance risks in all\ncomponents by dependency analysis, characteristic analysis, reference identification and compliance analysis.\n","short_description":"OpenSCA is an open source solution to check your software for supply chain security risks","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17133?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17133,"state":6,"name":"OpenSCA SaaS OAuth","slug":"opensca-saas-oauth","short_description":"OpenSCA is an open source solution to check your software for supply chain security risks","full_description":"OpenSCA is the open source realization of SCA (Software Composition Analysis) technology. As the open source version of Xmirror SCA, it has been endowed with the core abilities of mixed-source application security detection. Aiming at guarding open source security, it is competent to dig out the hiding vulnerabilities and compliance risks in all components by dependency analysis, characteristic analysis, reference identification and compliance analysis.","extended_description":"Unlike traditional commercial SCA tools, OpenSCA has offered an open source solution to the management of open source risks which is full of potential. Being both complete in ability and easy to use, it supports various scenarios including online/offline, IDE/CMD/SaaS, etc. while allows customized configuration such as local vulnerability databse and private repos. Generally speaking, OpenSCA is intended for outputting transparent component assets & risk list for companies, organizations and individual developers in a flexible way.\n\nBased on OpenSCA, we've built up a global community covering industries of telecom, internet, IoV, finance, energy and so on. We sincerely hope that our project can be a stage for communication and innovation of open source stakeholders.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://opensca.xmirror.cn","tos_url":"","company_url":"https://www.xmirror.cn","status_url":"","support_url":"https://github.com/XmirrorSecurity/OpenSCA-cli/issues","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"opensca@anpro-tech.com","marketing_email":"opensca@anpro-tech.com","finance_email":"opensca@anpro-tech.com","direct_billing_enabled":false,"by_github":false,"security_email":"opensca@anpro-tech.com","listable_type":"Integration","listable_id":793629,"copilot_app":false}}},{"type":"marketplace_listing","id":"17028","state":"unverified","name":"Paraxial.io","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":false,"slug":"paraxial-io","owner_login":"paraxialio","resource_path":"/marketplace/paraxial-io","installation_count":22,"full_description":"Paraxial.io secures Elixir and Phoenix applications. Check your code for security problems in CI/CD, get a full\ninventory of where your Elixir apps are running, and stop attacks at runtime.\n","short_description":"Detect security problems in your code. Get actionable security feedback and prevent new vulnerabilities","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17028?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17028,"state":6,"name":"Paraxial.io","slug":"paraxial-io","short_description":"Detect security problems in your code. Get actionable security feedback and prevent new vulnerabilities","full_description":"Paraxial.io secures Elixir and Phoenix applications. Check your code for security problems in CI/CD, get a full inventory of where your Elixir apps are running, and stop attacks at runtime. ","extended_description":"## Secure Code and Dependencies \n\nNew vulnerabilities can be introduced through a code change or new dependency. Paraxial.io automatically checks both, ensuring your application is secure. \n\n## Automated Code Review\n\nThe Paraxial.io Github App checks all new code changes for security problems, and provides detailed feedback on how to fix reported issues. \n\n## Feedback In Your PR\n\nYou do not have to go digging through CI logs to determine what security issue caused the build to fail. Get immediate, actionable feedback right in your PR.\n\n## Secure and Compliant \n\nParaxial.io checks for severe security issues (RCE, SQL injection) that result in data breaches. It also ensures a record of each scan is kept on the backend for compliance audits. (ex: SOC 2 Type I & II)\n\n\n\n\n","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://paraxial.io/privacy","tos_url":"https://paraxial.io/terms","company_url":"https://paraxial.io/","status_url":"","support_url":"https://paraxial.io/","documentation_url":"https://hexdocs.pm/paraxial/getting_started.html","pricing_url":null,"bgcolor":"000","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"michael@paraxial.io","marketing_email":"michael@paraxial.io","finance_email":"michael@paraxial.io","direct_billing_enabled":false,"by_github":false,"security_email":"michael@paraxial.io","listable_type":"Integration","listable_id":717041,"copilot_app":false}}},{"type":"marketplace_listing","id":"16907","state":"unverified","name":"DC-Automate-GitHub","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":true,"slug":"dc-automate-github","owner_login":"flussoai","resource_path":"/marketplace/dc-automate-github","installation_count":4,"full_description":"Cross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your\ndevelopment partners.\n","short_description":"Automated cross-organization repo sharing, tracking and analytics","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16907?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16907,"state":6,"name":"DC-Automate-GitHub","slug":"dc-automate-github","short_description":"Automated cross-organization repo sharing, tracking and analytics","full_description":"Cross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your development partners.","extended_description":"## Establish Trustworthy Collaboration with your Development Partners\nCross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your development partners.\n\n## Sharing with DC Automate - Fast, Simple and Safe\nDC Automate removes the administrative overhead of managing outside collaborators, simply nominate the organization you want to share your repos with and the maximum number of users and let DC Automate handle the rest.\n\n## Create Great Dev Experiences\nDevelopers never need to log a support request again, the target organization just needs to choose the GitHub Teams that require access. Onboarding a new dev is as easy as adding or removing them from the Team, which is automatically mirrored in the source organization.\n\n## Engagement and Activity\nLeaders can view activity logs, track dev engagement and measure effectiveness","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://dc.datacoalitions.com/policies/dca/github/privacy","tos_url":"https://dc.datacoalitions.com/policies/dca/github/tos","company_url":"https://flusso.world","status_url":"https://dc.datacoalitions.com/status","support_url":"https://dc.datacoalitions.com/support","documentation_url":"https://dc.datacoalitions.com/docs/dca/github","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4329,"technical_email":"technical@flusso.world","marketing_email":"marketing@flusso.world","finance_email":"finance@flusso.world","direct_billing_enabled":false,"by_github":false,"security_email":"security@flusso.world","listable_type":"Integration","listable_id":380919,"copilot_app":false}}},{"type":"marketplace_listing","id":"16822","state":"unverified","name":"SAML.to","free":true,"primary_category":"Security","secondary_category":"Utilities","is_verified_owner":true,"slug":"saml-to","owner_login":"saml-to","resource_path":"/marketplace/saml-to","installation_count":42,"full_description":"SAML.to GitHub Application\n\nYou can use SAML.to to easily access your AWS Account (and any other providers that support SAML authentication!) on\nLaptops or in GitHub Actions.\n\nWith SAML.to:\n\n  - 🆔 Users can access AWS using their GitHub Identity\n  - 💻 Users can login to services via the Web or a Developer-friendly CLI\n  - 🔏 Access Control is managed with using YAML file in a GitHub Repository of your choice\n","short_description":"Developer Friendly AWS Role Assumption","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16822?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16822,"state":6,"name":"SAML.to","slug":"saml-to","short_description":"Developer Friendly AWS Role Assumption","full_description":"# SAML.to GitHub Application\n\nYou can use SAML.to to easily access your [AWS](https://aws.amazon.com) Account (and any other providers that support SAML authentication!) on Laptops or in GitHub Actions.\n\nWith SAML.to:\n - 🆔 Users can access AWS using their GitHub Identity\n - 💻 Users can login to services via the Web or a [Developer-friendly CLI](https://github.com/saml-to/cli)\n - 🔏 Access Control is managed with using YAML file in a GitHub Repository of your choice\n","extended_description":"### Replace Okta, JumpCloud, AWS SSO, or home-grown scripts to assume AWS roles.\n\n - Declarative Access Control Lists\n - Auditable Access Control\n - Command Line Interface\n\nFor more information, visit [SAML.to](https://saml.to).\n\n#### Command Line Interface\nUse the `saml-to` CLI assume roles on developer systems.\n\n```shell\nsaml-to login github\n\n$(saml-to assume [a-role-name-or-arn] --headless)\n\naws ec2 reboot-instances ...\n```\n\n#### GitHub Actions\nUse the `assume-aws-role-action` to assume roles during CI/CD.\n\n```yaml\nsteps:\n- uses: saml-to/assume-aws-role-action@v1\n  with:\n    role: a-role-name-or-arn\n- run: aws ecs deploy ...\n```\n\n#### GitHub Codespaces\nUse the `assume-aws-role` to assume roles in Codesapces.\n\n```json\n\"features\": {\n  \"ghcr.io/saml-to/devcontainer-features/assume-aws-role:1\": {\n    \"role\": \"a-role-name-or-arn\"\n  },\n}\n```","primary_category_id":6,"secondary_category_id":29,"privacy_policy_url":"https://saml.to/privacy","tos_url":"https://saml.to/terms","company_url":"https://saml.to","status_url":"","support_url":"https://saml.to/contact","documentation_url":"https://docs.saml.to/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"help@saml.to","marketing_email":"marketing@saml.to","finance_email":"finance@saml.to","direct_billing_enabled":false,"by_github":false,"security_email":"security@saml.to","listable_type":"Integration","listable_id":141473,"copilot_app":false}}},{"type":"marketplace_listing","id":"16736","state":"unverified","name":"DryRun Security","free":true,"primary_category":"Code review","secondary_category":"Security","is_verified_owner":false,"slug":"dryrun-security-app","owner_login":"DryRunSecurity","resource_path":"/marketplace/dryrun-security-app","installation_count":144,"full_description":"Get an AI-powered Security Buddy on Your Next Pull Request\n\nWe’re in beta with a waitlist. Install now and we’ll notify you when we have your spot ready.\n\nDevelopers get stuck with security tools that are too noisy and too slow. We hate that.\n\nWe think:\n\n🦥 Security Code Reviews are too Slow\n\n🎯 Security Context is Missing\n\n🔮 Security Tools are too Confusing\n\nOur drop-in solution adds security context on every pull request, so you don’t have to be a security expert to do the\nright thing.\n","short_description":"Your AI-powered security buddy that uses contextual security analysis to reveal risky code changes","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16736?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16736,"state":6,"name":"DryRun Security","slug":"dryrun-security-app","short_description":"Your AI-powered security buddy that uses contextual security analysis to reveal risky code changes","full_description":"## Get an AI-powered Security Buddy on Your Next Pull Request\n\n> We’re in beta with a waitlist. Install now and we’ll notify you when we have your spot ready.\n\nDevelopers get stuck with security tools that are too noisy and too slow. We hate that. \n\nWe think:\n\n🦥 Security Code Reviews are too Slow\n\n🎯 Security Context is Missing\n\n🔮 Security Tools are too Confusing\n\nOur drop-in solution adds security context on every pull request, so you don’t have to be a security expert to do the right thing.","extended_description":"## Ditch the Noise, Get the Context\n\nUntil now, most security testing takes a generic approach that frustrates developers with repetitive alerts or inaccurate results (hello, we see you false positives).\n\nInstead we evaluate each pull request using Contextual Security Analysis, and it’s the model behind our AI-powered Security Buddy.\n\nYour security buddy checks for:\n\n✅ Authentication and Authorization \n✅ Sensitive Codepaths and Sensitive Functions\n✅ Authorship and Intent\n✅ Code Brittleness\n✅ and more…\n\n## Benefits and Perks\n\n#### Every Code Change Covered\nEvery change and pull request gets analyzed so developers get feedback in near real-time.\n\n#### Every Code Repository Protected\nWith every source code repository in your organization protected, you're limiting exposure to code mishaps and misadventures.\n\n#### Improved Developer Productivity\n\nImproves developer productivity through increasing the velocity of the development pipeline. ","primary_category_id":10,"secondary_category_id":6,"privacy_policy_url":"https://www.dryrun.security/privacy-policy","tos_url":"https://www.dryrun.security/terms-of-service","company_url":"https://dryrun.security","status_url":"","support_url":"https://app.dryrun.security/support","documentation_url":"","pricing_url":null,"bgcolor":"1A1825","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"ken@dryrun.security","marketing_email":"hi@dryrun.security","finance_email":"billing@dryrun.security","direct_billing_enabled":false,"by_github":false,"security_email":"security@dryrun.security","listable_type":"Integration","listable_id":377039,"copilot_app":false}}},{"type":"marketplace_listing","id":"16726","state":"unverified","name":"Seal Security Bot","free":true,"primary_category":"Security","secondary_category":"Open Source management","is_verified_owner":true,"slug":"seal-security-bot","owner_login":"seal-community","resource_path":"/marketplace/seal-security-bot","installation_count":55,"full_description":"Seal helps you secure your application without enduring difficult upgrades. Using Seal Security s standalone security\npatches you can easily mitigate open-source vulnerabilities when a full version upgrade is impractical, thereby\neliminating the tradeoff between security and developer velocity.\n","short_description":"Seal helps you remediate open source vulnerabilities without enduring difficult upgrades","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16726?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16726,"state":6,"name":"Seal Security Bot","slug":"seal-security-bot","short_description":"Seal helps you remediate open source vulnerabilities without enduring difficult upgrades","full_description":"Seal helps you secure your application without enduring difficult upgrades. Using Seal Security's standalone security patches you can easily mitigate open-source vulnerabilities when a full version upgrade is impractical, thereby eliminating the tradeoff between security and developer velocity.","extended_description":"# The app\nOur app analyzes your dependencies and compares them to the OSV database. For each vulnerable package it offers a free ready-to-use tested vulnerability-free version made by our research team. Just register for free to our [artifact server](https://app.sealsecurity.io/?ref=ghm), and enjoy hassle-free security patches.\n\n## For developers\nSometimes a full upgrade just to fix a vulnerability is impractical, due to:\n* Breaking changes\n* Legacy codebases\n* Vulnerable transitive dependencies\n\nSeal offers an alternative. Access hundreds of tested [open source](https://github.com/seal-community/patches) patches and eliminate the hassle.\n\n## For security practitioners\nOS vulnerabilities pose a serious risk. Prioritization is useful but inaccurate, and dev teams are recalcitrant. At [Seal](https://seal.security) we make remediation easy.\n\nWith Seal you can achieve faster MTTR and ensure timely updates without compromising stability.\nScan and see which vulnerabilities you can fix today.","primary_category_id":6,"secondary_category_id":18,"privacy_policy_url":"https://www.seal.security/privacy","tos_url":"https://www.seal.security/terms","company_url":"https://www.seal.security/","status_url":"https://sealsecurity.statuspage.io/","support_url":"https://www.seal.security/","documentation_url":"https://docs.sealsecurity.io/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4242,"technical_email":"github@sealsecurity.io","marketing_email":"marketings@sealsecurity.io","finance_email":"finance@sealsecurity.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@sealsecurity.io","listable_type":"Integration","listable_id":422016,"copilot_app":false}}},{"type":"marketplace_listing","id":"16706","state":"unverified","name":"sbom.sh - Easy creating, vuln scanning and sharing of SBOMs.","free":true,"primary_category":"Code review","secondary_category":"Security","is_verified_owner":false,"slug":"sbom-sh-easy-creating-vuln-scanning-and-sharing-of-sboms","owner_login":"codenotary","resource_path":"/marketplace/sbom-sh-easy-creating-vuln-scanning-and-sharing-of-sboms","installation_count":16,"full_description":"sbom.sh - Streamline Your SBOM Management\n\nA powerful GH Action for easy creation, vuln-scanning, and sharing of Software Bill of Materials (SBOMs). Integrating\nwith Grype, Trivy, and Syft, it supports sbomqs for quality scoring.\n\nFeatures\n\n  - Automated SBOM Creation\n  - Integrated Scanning with Top Tools\n  - SBOM Quality Check\n  - Track URLs in Build Logs\n  - Dashboard Visualizations\n\nEnhance your workflow, improve security, and gain valuable insights.\n","short_description":"sbom.sh - Simplify SBOM Management and sharing incl. vuln-scanning with GitHub Actions","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16706?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16706,"state":6,"name":"sbom.sh - Easy creating, vuln scanning and sharing of SBOMs.","slug":"sbom-sh-easy-creating-vuln-scanning-and-sharing-of-sboms","short_description":"sbom.sh - Simplify SBOM Management and sharing incl. vuln-scanning with GitHub Actions","full_description":"# sbom.sh - Streamline Your SBOM Management\n\nA powerful GH Action for easy creation, vuln-scanning, and sharing of **Software Bill of Materials (SBOMs)**. Integrating with **Grype**, **Trivy**, and **Syft**, it supports **sbomqs** for quality scoring.\n\n## Features\n- **Automated SBOM Creation**\n- **Integrated Scanning with Top Tools**\n- **SBOM Quality Check**\n- **Track URLs in Build Logs**\n- **Dashboard Visualizations**\n\nEnhance your workflow, improve security, and gain valuable insights.\n","extended_description":"## Key Features\n- **Easy SBOM Creation**: Generate SBOMs effortlessly as part of your CI/CD pipeline.\n- **Vulnerability Scanning Integration**: Works with Grype, Trivy, and Syft for comprehensive vulnerability analysis.\n- **Quality Scoring with sbomqs**: Evaluate SBOM quality scores for better insights.\n- **Track Unique URLs**: Maintain a clear audit trail by tracking URLs generated during the build process.\n- **User-Friendly Dashboard**: Visualize SBOM data easily for analysis and decision-making.\n\n## Benefits\n- **Enhanced Security**: Identify potential vulnerabilities early in the development cycle.\n- **Compliance Ready**: Ensure adherence to security standards.\n- **Efficiency**: Automate SBOM management within your existing workflow.\n- **Transparency**: Offer clear insights into software components and dependencies.\n\nSuitable for projects of all sizes.\n","primary_category_id":10,"secondary_category_id":6,"privacy_policy_url":"https://codenotary.com/privacy-policy","tos_url":"https://codenotary.com/terms-of-service","company_url":"https://codenotary.com","status_url":"","support_url":"https://codenotary.freshdesk.com/support/home","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":"https://sbom.sh","how_it_works":null,"hero_card_background_image_id":4227,"technical_email":"dennis@codenotary.com","marketing_email":"dennis@codenotary.com","finance_email":"dennis@codenotary.com","direct_billing_enabled":false,"by_github":false,"security_email":"dennis@codenotary.com","listable_type":"OauthApplication","listable_id":2378229,"copilot_app":false}}},{"type":"marketplace_listing","id":"16695","state":"unverified","name":"Veracode Workflow App","free":true,"primary_category":"Security","secondary_category":"Code review","is_verified_owner":false,"slug":"veracode-workflow-app","owner_login":"veracode","resource_path":"/marketplace/veracode-workflow-app","installation_count":232,"full_description":"Automate scans easily – and at scale - by leveraging our Veracode app and using a single workflow to control your\nsecurity program across your organization!\n\nFeatures at-a-glance\n\n  - Automate scans from one place across thousands of repositories\n  - Static, SCA, and Container scans on developer activity from a single “Master” workflow\n  - Zero configuration for Developers - scans run automatically without having to add workflows to individual repo’s\n  - Broad language support\n","short_description":"Automate scans at scale by using our Veracode app to orchestrate scans across your entire portfolio","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16695?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16695,"state":6,"name":"Veracode Workflow App","slug":"veracode-workflow-app","short_description":"Automate scans at scale by using our Veracode app to orchestrate scans across your entire portfolio","full_description":"Automate scans easily – and at scale - by leveraging our Veracode app and using a single workflow to control your security program across your organization! \n\n### Features at-a-glance\n- Automate scans from one place across thousands of repositories\n- Static, SCA, and Container scans on developer activity from a single “Master” workflow\n- Zero configuration for Developers - scans run automatically without having to add workflows to individual repo’s\n- Broad language support\n","extended_description":"### Scan all your repo’s fast!\nScan your repo’s without having to worry about having workflow files scattered across your org\n\n- **1:** Install the app \n- **2:** Veracode automatically forks a template workflow repo into your org if you install the app on all repo's\n    - Or fork the official [Veracode workflow repo](https://github.com/veracode/github-actions-integration) yourself into your root folder and name it `veracode`\n- **3:** Add your credentials to this SINGLE repo\n- **DONE!** Developers get their code scanned automatically and results are viewed as GitHub Checks!\n\n### Scan automatically – set it and forget it!\nAfter installing the app and having the Veracode workflow repo sitting in your org, here’s what happens:\n- Anytime a developer pushes code – a static, SCA, and container scan runs\n- Anytime a developer merges code to your default branch – results are saved to the platform\n- All these can be configured with a few keypresses to match your own security program!","primary_category_id":6,"secondary_category_id":10,"privacy_policy_url":"https://www.veracode.com/legal-privacy/privacy-statement","tos_url":"","company_url":"https://www.veracode.com/","status_url":"","support_url":"https://www.veracode.com/resources/customers/technical-support","documentation_url":"https://docs.veracode.com/r/GitHub_Workflow_Integration_for_Repo_Scanning","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4225,"technical_email":"mtawadrous@veracode.com","marketing_email":"evelarde@Veracode.com","finance_email":"mtawadrous@veracode.com","direct_billing_enabled":false,"by_github":false,"security_email":"oboyle@Veracode.com","listable_type":"Integration","listable_id":484771,"copilot_app":false}}},{"type":"marketplace_listing","id":"16598","state":"unverified","name":"Open Buckets","free":true,"primary_category":"AI Assisted","secondary_category":"Security","is_verified_owner":false,"slug":"open-buckets","owner_login":"openbuckets","resource_path":"/marketplace/open-buckets","installation_count":22,"full_description":"OpenBuckets.io is a sophisticated security tool engineered to enhance the protection of cloud storage buckets,\nspecializing in platforms such as Amazon S3 and Azure Blob Storage. It meticulously scans and identifies potential\nvulnerabilities, ensuring that data is impermeable to unauthorized access and security breaches.\n","short_description":"OpenBuckets.io is a security tool for identifying vulnerabilities in cloud storage buckets across various platform","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16598?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16598,"state":6,"name":"Open Buckets","slug":"open-buckets","short_description":"OpenBuckets.io is a security tool for identifying vulnerabilities in cloud storage buckets across various platform","full_description":"OpenBuckets.io is a sophisticated security tool engineered to enhance the [protection of cloud storage buckets](https://openbuckets.io), specializing in platforms such as Amazon S3 and Azure Blob Storage. It meticulously scans and identifies potential vulnerabilities, ensuring that data is impermeable to unauthorized access and security breaches.","extended_description":"OpenBuckets.io stands as a bastion in safeguarding sensitive information, optimizing security protocols to shield against the ever-evolving landscape of cyber threats. \n\nUtilize OpenBuckets.io to fortify your cloud storage defenses, ensuring the integrity and confidentiality of your data. Its innovative approach in unearthing and mitigating risks makes it an indispensable asset in bolstering cloud storage security. \n\nOpenBuckets.io transcends conventional security measures, offering a robust and dynamic solution to secure data in the realm of cloud storage.","primary_category_id":6,"secondary_category_id":39,"privacy_policy_url":"https://openbuckets.io/privacy-policy","tos_url":"https://openbuckets.io/terms-and-conditions","company_url":"https://openbuckets.io","status_url":"https://openbuckets.io","support_url":"https://openbuckets.io/support","documentation_url":"https://openbuckets.io/api-docs","pricing_url":null,"bgcolor":"1a243d","light_text":false,"learn_more_url":null,"installation_url":"https://openbuckets.io","how_it_works":null,"hero_card_background_image_id":4201,"technical_email":"support@openbuckets.io","marketing_email":"support@openbuckets.io","finance_email":"support@openbuckets.io","direct_billing_enabled":false,"by_github":false,"security_email":"support@openbuckets.io","listable_type":"OauthApplication","listable_id":2370988,"copilot_app":false}}},{"type":"marketplace_listing","id":"16235","state":"unverified","name":"Sentinelus","free":true,"primary_category":"Code review","secondary_category":"Security","is_verified_owner":false,"slug":"sentinelus","owner_login":"sentinelus","resource_path":"/marketplace/sentinelus","installation_count":3,"full_description":"Ready-made Github integration for your Golang project which helps to improve both its quality and reliability. We\nperform an automatic code review based on static code analysis which includes detection of the following issues: SQL\ninjections, leakage of sensitive data, inappropriate error handling, logical errors leading to panic.\n","short_description":"The ready-made integration for your github project that will help you improve the quality and reliability of your","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16235?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16235,"state":6,"name":"Sentinelus","slug":"sentinelus","short_description":"The ready-made integration for your github project that will help you improve the quality and reliability of your","full_description":"Ready-made Github integration for your Golang project which helps to improve both its quality and reliability. We perform an automatic code review based on static code analysis which includes detection of the following issues: SQL injections, leakage of sensitive data, inappropriate error handling, logical errors leading to panic.","extended_description":"- SQL injections - working with SQL in inappropriate way is one of the most common developer's mistakes.\n- Leakage of sensitive data - do not allow your passwords and tokens leak into the source code, especially if it is in public access.\n- Inappropriate error handling - always check returning errors since ignoring them could be dangerous.\n- Logical errors leading to panic - dereferencing a nil pointer or casting interface to wrong type leads to panic which is not what you probably want.","primary_category_id":10,"secondary_category_id":6,"privacy_policy_url":"https://sentinelus.io/","tos_url":"","company_url":"https://sentinelus.io/","status_url":"","support_url":"https://sentinelus.io/","documentation_url":"","pricing_url":null,"bgcolor":"000000","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"support@sentinelus.io","marketing_email":"pr@sentinelus.io","finance_email":"finance@sentinelus.io","direct_billing_enabled":false,"by_github":false,"security_email":"support@sentinelus.io","listable_type":"Integration","listable_id":385813,"copilot_app":false}}},{"type":"marketplace_listing","id":"16191","state":"unverified","name":"HCP Vault Secrets","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":false,"slug":"hcp-vault-secrets","owner_login":"hashicorp","resource_path":"/marketplace/hcp-vault-secrets","installation_count":519,"full_description":"HCP Vault Secrets is a SaaS offering of HashiCorp Vault. It enables users to get secrets management up and running\nquickly by finding secrets, managing secrets lifecycle, and making secrets available to the various environments in the\ndevelopment workflow.\n\nGitHub Sync Demo\n","short_description":"Centralize secrets and access them when and where you need across development, Github Actions, and production environments","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16191?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16191,"state":6,"name":"HCP Vault Secrets","slug":"hcp-vault-secrets","short_description":"Centralize secrets and access them when and where you need across development, Github Actions, and production environments","full_description":"HCP Vault Secrets is a SaaS offering of HashiCorp Vault. It enables users to get secrets management up and running quickly by finding secrets, managing secrets lifecycle, and making secrets available to the various environments in the development workflow.\n\n[GitHub Sync Demo](https://www.datocms-assets.com/2885/1692031641-gh_sync_gif.mp4)","extended_description":"Centralize your secrets and access them when and where you need them across development, GitHub Actions, and production environments. \n\nHCP Vault Secrets enables development teams to centralize their secrets management and set up a unified view of their secrets and applications in minutes, while still maintaining their development workflows with their existing cloud secrets managers, CI systems, and deployment services. HCP Vault Secrets is focused solely on secrets management, allowing users to focus on strengthening their secrets management security posture without compromising on development agility. \n\nIt addresses common challenges DevOps teams face around secrets sprawl, development agility, operational overhead, and security automation. With key features enabling users to: \n\n- Centrally manage secrets\n- Sync secrets wherever developers need them\n- Seamlessly audit secret activity\n- Secure local development easily\n","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://www.hashicorp.com/privacy","tos_url":"","company_url":"https://cloud.hashicorp.com","status_url":"https://status.hashicorp.com","support_url":"https://support.hashicorp.com/hc/en-us","documentation_url":"https://developer.hashicorp.com/hcp/docs/vault-secrets/integrations/github-actions","pricing_url":null,"bgcolor":"0C0C0E","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"team-vault-cloud-secrets@hashicorp.com","marketing_email":"hcp-vault-secrets@hashicorp.com","finance_email":"hcp-vault-secrets@hashicorp.com","direct_billing_enabled":false,"by_github":false,"security_email":"team-vault-cloud-secrets@hashicorp.com","listable_type":"Integration","listable_id":334775,"copilot_app":false}}},{"type":"marketplace_listing","id":"16139","state":"unverified","name":"EdgeBit Security","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":false,"slug":"edgebit-security","owner_login":"edgebitio","resource_path":"/marketplace/edgebit-security","installation_count":13,"full_description":"Prevent insecure dependencies before they can merge. Track and remediate vulnerabilities in your entire supply chain.\n\nEdgeBit is a real-time SCA tool that uses data about how your app executes in production to filter out irrelevant\nvulnerabilities and dormant code.\n","short_description":"Real-time SCA tool to find issues in your supply chain and rank threats with context from production execution","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16139?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16139,"state":6,"name":"EdgeBit Security","slug":"edgebit-security","short_description":"Real-time SCA tool to find issues in your supply chain and rank threats with context from production execution","full_description":"**Prevent insecure dependencies before they can merge. Track and remediate vulnerabilities in your entire supply chain.**\n\nEdgeBit is a [real-time SCA tool](https://edgebit.io/solutions/vulnerability-management/?utm_source=github) that uses data about how your app executes in production to filter out irrelevant vulnerabilities and dormant code.\n\n","extended_description":" - **Detection in Pull Request**: Identify risks in new dependencies right in a PR\n - **Prioritized CVEs**: Ruthlessly prioritize issues to fix based on real-time context\n - **Supply Chain Inventory**: Track dependency track usage across your software components\n - **Generate SBOMs automatically**: SBOMs for compliance artifacts\n \n Dependencies for software products are exploding in number and with that comes a sprawling supply chain. A supply chain isn't just a build-time check, it's highly dynamic.\n\nEdgeBit watches in real time — we cross-reference your build pipelines here on GitHub and server fleet with multiple data sources to communicate your live inventory and actual risk.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://edgebit.io/legal/privacy/","tos_url":"https://edgebit.io/legal/terms/","company_url":"https://edgebit.io","status_url":"https://status.edgebit.io","support_url":"https://edgebit.io/support/","documentation_url":"https://edgebit.io/docs/0.x/","pricing_url":null,"bgcolor":"fff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"eugene@edgebit.io","marketing_email":"founders@edgebit.io","finance_email":"rob@edgebit.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@edgebit.io","listable_type":"Integration","listable_id":357519,"copilot_app":false}}}],"total":122,"total_pages":7},"categories":{"apps":[{"name":"API management","slug":"api-management","description_html":"<p>Structure your API infrastructure to enable various internet gateways to interact with your service.</p>\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"<p>Utilities providing periodic backups of your GitHub data</p>\n"},{"name":"Chat","slug":"chat","description_html":"<p>Bring GitHub into your conversations.</p>\n"},{"name":"Code quality","slug":"code-quality","description_html":"<p>Automate your code review with style, quality, security, and test‑coverage checks when you need them.</p>\n"},{"name":"Code review","slug":"code-review","description_html":"<p>Ensure your code meets quality standards and ship with confidence.</p>\n"},{"name":"Container CI","slug":"container-ci","description_html":"<p>Continuous integration for container applications.</p>\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"<p>Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.</p>\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"<p>Secure and manage your third-party dependencies.</p>\n"},{"name":"Deployment","slug":"deployment","description_html":"<p>Streamline your code deployment so you can focus on your product.</p>\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"<p>Enables custom protection rules to gate deployments with third-party services</p>\n"},{"name":"Game CI","slug":"game-ci","description_html":"<p>Tools for building a CI pipeline for game development</p>\n"},{"name":"IDEs","slug":"ides","description_html":"<p>Find the right interface to build, debug, and deploy your source code.</p>\n"},{"name":"Learning","slug":"learning","description_html":"<p>Get the skills you need to level up.</p>\n"},{"name":"Localization","slug":"localization","description_html":"<p>Extend your software's reach. Localize and translate continuously from GitHub.</p>\n"},{"name":"Mobile","slug":"mobile","description_html":"<p>Improve your workflow for the small screen.</p>\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"<p>Continuous integration for Mobile applications</p>\n"},{"name":"Monitoring","slug":"monitoring","description_html":"<p>Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.</p>\n"},{"name":"Project management","slug":"project-management","description_html":"<p>Organize, manage, and track your project with tools that build on top of issues and pull requests.</p>\n"},{"name":"Publishing","slug":"publishing","description_html":"<p>Get your site ready for production so you can get the word out.</p>\n"},{"name":"Recently added","slug":"recently-added","description_html":"<p>The latest tools that help you and your team build software better, together.</p>\n"},{"name":"Security","slug":"security","description_html":"<p>Find, fix, and prevent security vulnerabilities before they can be exploited.</p>\n"},{"name":"Support","slug":"support","description_html":"<p>Get your team and customers the help they need.</p>\n"},{"name":"Testing","slug":"testing","description_html":"<p>Eliminate bugs and ship with more confidence by adding these tools to your workflow.</p>\n"},{"name":"Utilities","slug":"utilities","description_html":"<p>Auxiliary tools to enhance your experience on GitHub</p>\n"}],"actions":[{"name":"API management","slug":"api-management","description_html":"<p>Structure your API infrastructure to enable various internet gateways to interact with your service.</p>\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"<p>Utilities providing periodic backups of your GitHub data</p>\n"},{"name":"Chat","slug":"chat","description_html":"<p>Bring GitHub into your conversations.</p>\n"},{"name":"Code quality","slug":"code-quality","description_html":"<p>Automate your code review with style, quality, security, and test‑coverage checks when you need them.</p>\n"},{"name":"Code review","slug":"code-review","description_html":"<p>Ensure your code meets quality standards and ship with confidence.</p>\n"},{"name":"Container CI","slug":"container-ci","description_html":"<p>Continuous integration for container applications.</p>\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"<p>Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.</p>\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"<p>Secure and manage your third-party dependencies.</p>\n"},{"name":"Deployment","slug":"deployment","description_html":"<p>Streamline your code deployment so you can focus on your product.</p>\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"<p>Enables custom protection rules to gate deployments with third-party services</p>\n"},{"name":"Game CI","slug":"game-ci","description_html":"<p>Tools for building a CI pipeline for game development</p>\n"},{"name":"GitHub Sponsors","slug":"github-sponsors","description_html":"<p>Tools to manage your <a href=\"https://github.com/sponsors\">GitHub Sponsors</a> community</p>\n"},{"name":"IDEs","slug":"ides","description_html":"<p>Find the right interface to build, debug, and deploy your source code.</p>\n"},{"name":"Learning","slug":"learning","description_html":"<p>Get the skills you need to level up.</p>\n"},{"name":"Localization","slug":"localization","description_html":"<p>Extend your software's reach. Localize and translate continuously from GitHub.</p>\n"},{"name":"Mobile","slug":"mobile","description_html":"<p>Improve your workflow for the small screen.</p>\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"<p>Continuous integration for Mobile applications</p>\n"},{"name":"Monitoring","slug":"monitoring","description_html":"<p>Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.</p>\n"},{"name":"Project management","slug":"project-management","description_html":"<p>Organize, manage, and track your project with tools that build on top of issues and pull requests.</p>\n"},{"name":"Publishing","slug":"publishing","description_html":"<p>Get your site ready for production so you can get the word out.</p>\n"},{"name":"Security","slug":"security","description_html":"<p>Find, fix, and prevent security vulnerabilities before they can be exploited.</p>\n"},{"name":"Support","slug":"support","description_html":"<p>Get your team and customers the help they need.</p>\n"},{"name":"Testing","slug":"testing","description_html":"<p>Eliminate bugs and ship with more confidence by adding these tools to your workflow.</p>\n"},{"name":"Utilities","slug":"utilities","description_html":"<p>Auxiliary tools to enhance your experience on GitHub</p>\n"}]}},"title":"Marketplace"}