{"payload":{"featured":[],"recommended":[],"recently_added":[],"search_results":{"results":[{"type":"marketplace_listing","id":"18118","state":"unverified","name":"Pangea","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":false,"slug":"pangea-cyber","owner_login":"pangeacyber","resource_path":"/marketplace/pangea-cyber","installation_count":9,"full_description":"For any application today, upwards of 20% of the code is security related functionality. Pangea provides a composable\nsecurity framework of 19 security services like authentication and secure audit logging that you can easily add to your\ncode so you don t have to build them yourself. The Pangea Github Copilot Extension, available under @pangea-cyber,\nallows you to ask Pangea questions about security features and will guide users on how to add Pangea security features\nto any application.\n","short_description":"The essential security features you need in API-based services that can be implemented easily with just a few lines of code","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/18118?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":18118,"state":6,"name":"Pangea","slug":"pangea-cyber","short_description":"The essential security features you need in API-based services that can be implemented easily with just a few lines of code","full_description":"For any application today, upwards of 20% of the code is security related functionality.  Pangea provides a composable security framework of 19 security services like authentication and secure audit logging that you can easily add to your code so you don't have to build them yourself. The Pangea Github Copilot Extension, available under @pangea-cyber, allows you to ask Pangea questions about security features and will guide users on how to add Pangea security features to any application.","extended_description":"With Pangea's comprehensive platform of essential API-based security services, you can eliminate the burden of building, scaling and managing complex security code.\n\nPrerequisites and Set-up\n- User has a free [Pangea account](https://pangea.cloud/docs/getting-started/create-account/).\n- User is part of a GitHub organization that has a Copilot license\n- User can install extensions\n\nInstallation, Sign-in & Auth\n1. Install the @pangea-cyber extension\n2. In Copilot chat, use @pangea-cyber to ask questions about security features\n3. Using your Pangea account and the extension's responses, implement security features in your application\n\nExample Use-cases\n- Learn how Pangea services can assist in developing secure applications.\n- Get pointers on what Pangea service to use to solve a given problem.\n\nExample prompts\n- @pangea-cyber how can I add logins to my website?\n- @pangea-cyber how can I redact sensitive info from text?\n- @pangea-cyber I need to be HIPAA compliant. How can I do that?","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://pangea.cloud/privacy-policy/","tos_url":"https://pangea.cloud/terms-of-use/","company_url":"https://pangea.cloud/","status_url":"https://status.pangea.cloud/","support_url":"info@pangea.cloud","documentation_url":"https://pangea.cloud/docs/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4618,"technical_email":"kenan.yildirim@pangea.cloud","marketing_email":"michael.weinberger@pangea.cloud","finance_email":"tim.driscoll@pangea.cloud","direct_billing_enabled":false,"by_github":false,"security_email":"baruch.mettler@pangea.cloud","listable_type":"Integration","listable_id":878395,"copilot_app":true}}},{"type":"marketplace_listing","id":"16019","state":"unverified","name":"Pixeebot | Automated code fixes.","free":true,"primary_category":"AI Assisted","secondary_category":"Security","is_verified_owner":true,"slug":"pixeebot-automated-code-fixes","owner_login":"pixee","resource_path":"/marketplace/pixeebot-automated-code-fixes","installation_count":1722,"full_description":"Code security is complex work. Let Pixeebot handle it for you.\n\nPixeebot currently supports Java and Python. Install now to get on the waitlist for future languages. ✨ AI features\nenabled by default. Learn more.\n\nJust as Dependabot keeps your dependencies up to date, Pixeebot helps ensure your code is - and stays - secure. Pixeebot\nimmediately starts monitoring your repository and makes suggestions that are easy for your team to absorb.\n","short_description":"Your Automated Product Security Engineer","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16019?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16019,"state":6,"name":"Pixeebot | Automated code fixes.","slug":"pixeebot-automated-code-fixes","short_description":"Your Automated Product Security Engineer","full_description":"# Code security is complex work. Let Pixeebot handle it for you.\n\n>Pixeebot currently supports **Java** and **Python**. Install now to get on the waitlist for future languages. ✨ AI features enabled by default. [Learn more](https://docs.pixee.ai/faqs/).\n\nJust as Dependabot keeps your dependencies up to date, Pixeebot helps ensure your code is - and stays - secure. Pixeebot immediately starts monitoring your repository and makes suggestions that are easy for your team to absorb.","extended_description":"### Pixeebot is not a code scanner, and it’s not going to send you reports. It just hardens your code and fixes stuff.\nNo findings to review, just PRs to accept+merge!\n\n### Harden code continuously\nEvery week, Pixeebot sends a pull request to your default branch with suggested security improvements. Even summon Pixeebot with **@pixeebot next** if you’re ready for more.\n\n### Fix vulnerabilities\nPixeebot also reviews results from your SAST code scanners and auto-remediates whenever possible. All you have to do is approve!\n\n### Uplevel security with PR tune-ups\nEach new pull request your team creates gets automatic feedback from Pixeebot, whether it’s confirmation that everything looks good, or a PR with suggestions. No reports, just actual code fixes you can merge in one step.\n\n### We keep up to date on security best practices, so you don’t have to\nOur security experts stay on top of the latest research to make sure you’re protected from all the latest security threats.","primary_category_id":39,"secondary_category_id":6,"privacy_policy_url":"https://pixee.ai/privacy","tos_url":"https://pixee.ai/terms","company_url":"https://pixee.ai","status_url":"https://docs.pixee.ai/status","support_url":"https://docs.pixee.ai","documentation_url":"https://docs.pixee.ai","pricing_url":null,"bgcolor":"fbfafb","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4069,"technical_email":"david@pixee.ai","marketing_email":"surag@pixee.ai","finance_email":"surag@pixee.ai","direct_billing_enabled":false,"by_github":false,"security_email":"david@pixee.ai","listable_type":"Integration","listable_id":193111,"copilot_app":false}}},{"type":"marketplace_listing","id":"17459","state":"unverified","name":"mit10s-app","free":true,"primary_category":"Security","secondary_category":"Code quality","is_verified_owner":false,"slug":"mit10s","owner_login":"mit10s","resource_path":"/marketplace/mit10s","installation_count":1,"full_description":"Revolutionize your API security with mit10s. A powerful vulnerability scanner leveraging Artificial Intelligence to\nscrutinize your code and generate an exhaustive report of potential vulnerabilities, the severity of threats, and\nactionable steps to fix them. Integrate code security checks directly into your software development lifecycle with our\ncompanion GitHub app. Improve the security of your code with the touch of a button.\n","short_description":"A comprehensive security tool for your API codebases","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17459?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17459,"state":6,"name":"mit10s-app","slug":"mit10s","short_description":"A comprehensive security tool for your API codebases","full_description":"Revolutionize your API security with `mit10s`. A powerful vulnerability scanner leveraging Artificial Intelligence to scrutinize your code and generate an exhaustive report of potential vulnerabilities, the severity of threats, and actionable steps to fix them. Integrate code security checks directly into your software development lifecycle with our companion GitHub app. Improve the security of your code with the touch of a button.","extended_description":"`mit10s` reliably scans your API codebases and uses AI-based algorithms to identify potential security vulnerabilities. This process produces a detailed report featuring:\n\n- A comprehensive list of potential security vulnerabilities.\n- The severity of each identified threat.\n- The priority level for fixing each vulnerability.\n- Clear, actionable steps to remediate identified vulnerabilities.\n\n'mit10s' comes with this companion GitHub app that integrates seamlessly with your repositories. With this app you can:\n\n- Run 'mit10s' directly on your repository, generating exhaustive security reports.\n- Enhance your PR reviews with automated annotations.\n- Establish checklist rules for PRs, blocking the merging of code not passing 'mit10s' security checks.\n\nBring your security testing to the next level by opting for the `mit10s` GitHub app for a well-integrated, efficient, secure coding experience.","primary_category_id":6,"secondary_category_id":12,"privacy_policy_url":"https://github.com/mit10s/mit10s-github-app/blob/main/privacy-policy.md","tos_url":"https://github.com/mit10s/mit10s-github-app/blob/main/terms-of-service.md","company_url":"https://mit10s.com/","status_url":"https://mit10s.com/","support_url":"https://github.com/mit10s/mit10s-github-app/issues","documentation_url":"https://github.com/mit10s/mit10s-github-app","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"ceo@mit10s.com","marketing_email":"ceo@mit10s.com","finance_email":"ceo@mit10s.com","direct_billing_enabled":false,"by_github":false,"security_email":"ceo@mit10s.com","listable_type":"Integration","listable_id":832495,"copilot_app":false}}},{"type":"marketplace_listing","id":"17864","state":"unverified","name":"Golang Code Scanner","free":true,"primary_category":"Code quality","secondary_category":"Security","is_verified_owner":true,"slug":"golang-code-scanner","owner_login":"Armur-Ai","resource_path":"/marketplace/golang-code-scanner","installation_count":3,"full_description":"Golang Code Scanner\n\nThe Golang Code Scanner is a app designed to enhance the security of your Golang codebase by scanning for\nvulnerabilities. It automatically analyzes your Golang code whenever you push changes to the master branch or create a\npull request targeting the master or main branch. Upon detecting vulnerabilities, it adds a comment to the created pull\nrequest, thereby facilitating timely resolution of security issues.\n","short_description":"Automated vulnerability Scanner","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17864?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17864,"state":6,"name":"Golang Code Scanner","slug":"golang-code-scanner","short_description":"Automated vulnerability Scanner","full_description":"# Golang Code Scanner\n\nThe **Golang Code Scanner** is a app designed to enhance the security of your Golang codebase by scanning for vulnerabilities. It automatically analyzes your Golang code whenever you push changes to the `master` branch or create a pull request targeting the `master` or  `main` branch. Upon detecting vulnerabilities, it adds a comment to the created pull request, thereby facilitating timely resolution of security issues.\n","extended_description":"# Features\n\n- **Automated Vulnerability Detection**: The app automatically scans Golang code for vulnerabilities.\n- **Integration with Pull Requests**: Vulnerability findings are reported as comments on pull requests, streamlining the review process.\n\n","primary_category_id":12,"secondary_category_id":6,"privacy_policy_url":"https://www.armur.ai/privacy-policy","tos_url":"","company_url":"https://www.armur.ai","status_url":"","support_url":"https://www.armur.ai/contact","documentation_url":"","pricing_url":null,"bgcolor":"000000","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4543,"technical_email":"akhil@armur.ai","marketing_email":"shane@armur.ai","finance_email":"paul@armur.ai","direct_billing_enabled":false,"by_github":false,"security_email":"admin@armur.ai","listable_type":"Integration","listable_id":874187,"copilot_app":false}}},{"type":"marketplace_listing","id":"15273","state":"unverified","name":"patched.codes","free":true,"primary_category":"AI Assisted","secondary_category":"Security","is_verified_owner":false,"slug":"patched-codes","owner_login":"patched-codes","resource_path":"/marketplace/patched-codes","installation_count":53,"full_description":"Deterministically automate PR reviews, bug fixing, security patching, and more using customizable prompts and your\npreferred LLMs.\n","short_description":"Open Source Agentic AI Workflows for DevOps","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/15273?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":15273,"state":6,"name":"patched.codes","slug":"patched-codes","short_description":"Open Source Agentic AI Workflows for DevOps","full_description":"Deterministically automate PR reviews, bug fixing, security patching, and more using customizable prompts and your preferred LLMs.","extended_description":"**Developer LESS, not developer FIRST.**\nAutomate chores and tasks so you there is less on your plate.\n\n**Stay in the Zone**\nNo IDE pop-ups that disrupt developer flows.\n\n**Privacy Pioritized**\nMinimum code access, pseudonymized for privacy.\n\n**Not another AI Company**\nMultiple code-checks for fully-vetted patches.","primary_category_id":39,"secondary_category_id":6,"privacy_policy_url":"https://patched.codes/privacy","tos_url":"https://patched.codes/terms","company_url":"https://patched.codes","status_url":"","support_url":"https://patched.codes/support","documentation_url":"https://docs.patched.codes/introduction","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"tech@patched.codes","marketing_email":"contact@patched.codes","finance_email":"contact@patched.codes","direct_billing_enabled":false,"by_github":false,"security_email":"tech@patched.codes","listable_type":"Integration","listable_id":298395,"copilot_app":false}}},{"type":"marketplace_listing","id":"12891","state":"unverified","name":"Precaution","free":false,"primary_category":"Security","secondary_category":"Code review","is_verified_owner":true,"slug":"precaution","owner_login":"securesauce","resource_path":"/marketplace/precaution","installation_count":61,"full_description":"Precaution is a static application security testing (SAST) tool designed to tightly integrate into your GitHub\ndevelopment workflow. Each time a pull request is opened, Precaution runs its static analyzers on the code changes to\ndetect potential security vulnerabilities. Every effort is made to be as accurate as possible to avoid noisy false\npositives.\n","short_description":"Find and fix potential security vulnerabilities in your code","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/12891?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":12891,"state":6,"name":"Precaution","slug":"precaution","short_description":"Find and fix potential security vulnerabilities in your code","full_description":"Precaution is a static application security testing (SAST) tool designed to tightly integrate into your GitHub development workflow. Each time a pull request is opened, Precaution runs its static analyzers on the code changes to detect potential security vulnerabilities. Every effort is made to be as accurate as possible to avoid noisy false positives.","extended_description":"Precaution finds issues such as injection, weak hashes, clear text transmission of data, timing attacks, weak encryption, deserialization of untrusted data,improper certificate validation, and more.","primary_category_id":6,"secondary_category_id":10,"privacy_policy_url":"https://www.securesauce.dev/privacy","tos_url":"https://www.securesauce.dev/terms","company_url":"https://www.securesauce.dev/","status_url":"https://securesauce.github.io/status/","support_url":"support@securesauce.dev","documentation_url":"https://docs.securesauce.dev/","pricing_url":null,"bgcolor":"e4f2f5","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":3946,"technical_email":"technical@securesauce.dev","marketing_email":"marketing@securesauce.dev","finance_email":"finance@securesauce.dev","direct_billing_enabled":false,"by_github":false,"security_email":"security@securesauce.dev","listable_type":"Integration","listable_id":20394,"copilot_app":false}}},{"type":"marketplace_listing","id":"17890","state":"unverified","name":"Sudoviz","free":true,"primary_category":"Security","secondary_category":"AI Assisted","is_verified_owner":false,"slug":"sudoviz","owner_login":"sudoviz","resource_path":"/marketplace/sudoviz","installation_count":3,"full_description":"Sudoviz: Security   Analytics\n\n  - Detect Vulnerabilities: Remediate code issues 100x faster.\n  - Security Visibility: Manage risk across applications.\n  - Data Analysis: Visibility in development environments.\n  - Secure Strategy: Avoid cyber risks.\n\nFeatures:\n\n  - Scans: Comprehensive stack analysis.\n  - Analytics: Insights from vulnerability metrics.\n  - Workflow: Manage issues via Jira.\n  - AI Remediation: Enhance code security.\n","short_description":"Secure your software stack with next gen AI","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17890?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17890,"state":6,"name":"Sudoviz","slug":"sudoviz","short_description":"Secure your software stack with next gen AI","full_description":"# Sudoviz: Security & Analytics\n- **Detect Vulnerabilities**: Remediate code issues 100x faster.\n- **Security Visibility**: Manage risk across applications.\n- **Data Analysis**: Visibility in development environments.\n- **Secure Strategy**: Avoid cyber risks.\n\n### Features:\n- **Scans**: Comprehensive stack analysis.\n- **Analytics**: Insights from vulnerability metrics.\n- **Workflow**: Manage issues via Jira.\n- **AI Remediation**: Enhance code security.\n","extended_description":"# Sudoviz: Enhanced Security & Analytics Solutions\n\n## Core Features:\n\n- **Rapid Vulnerability Detection**: Accelerate issue identification and remediation by 100 times.\n- **Comprehensive Security Oversight**: Oversee and mitigate risks throughout your entire software portfolio.\n- **Persistent Data Analysis**: Maintain continuous oversight across essential development zones.\n- **Proactive Risk Management**: Navigate away from hidden cyber threats and vulnerabilities.\n\n### Detailed Functionality:\n\n- **Vulnerability Scans**: Initiate thorough examinations of your software stack, identifying and analyzing potential security risks.\n- **Results Analysis**: Explore vulnerabilities using an intuitive dashboard to make strategic security decisions.\n- **Workflow Optimization**: Streamline issue management with integrated Jira ticket creation for effective collaboration.\n- **AI-Assisted Solutions**: Utilize AI for precise false positive analysis and to recommend robust security measures.","primary_category_id":6,"secondary_category_id":39,"privacy_policy_url":"https://www.sudoviz.com/","tos_url":"https://www.sudoviz.com/","company_url":"https://www.sudoviz.com/","status_url":"https://www.sudoviz.com/","support_url":"https://www.sudoviz.com/contact","documentation_url":"https://www.sudoviz.com/","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"support@sudoviz.com","marketing_email":"support@sudoviz.com","finance_email":"support@sudoviz.com","direct_billing_enabled":false,"by_github":false,"security_email":"support@sudoviz.com","listable_type":"Integration","listable_id":880429,"copilot_app":false}}},{"type":"marketplace_listing","id":"14937","state":"unverified","name":"InfieldAI","free":false,"primary_category":"Dependency management","secondary_category":"Security","is_verified_owner":false,"slug":"infieldai","owner_login":"infieldai","resource_path":"/marketplace/infieldai","installation_count":73,"full_description":"Drowning in open upgrade PRs?\n\nWe researched, parsed, and validated thousands of open source changelogs so you can upgrade quickly and safely.\n","short_description":"Upgrade dependencies safely and easily with Infield-verified changelogs","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/14937?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":14937,"state":6,"name":"InfieldAI","slug":"infieldai","short_description":"Upgrade dependencies safely and easily with Infield-verified changelogs","full_description":"### Drowning in open upgrade PRs? \nWe researched, parsed, and validated thousands of open source changelogs so you can upgrade quickly and safely.\n\n\n\n","extended_description":"### Upgrade safely\nWe've parsed the changelog, categorized the changes, and evaluated each change's potential to break your app. \n\n### Increase Visibility\nSort and filter your dependencies to see which ones are stale, abandoned, or high risk. \n\n### Minimize Toil\nMake your upgrade work more efficient with Infield's automatic changelog research and impact analysis.\n\nQuestions? Reach out to InfieldAI founders directly at [founders@infield.ai](founders@infield.ai).","primary_category_id":11,"secondary_category_id":6,"privacy_policy_url":"https://www.infield.ai/privacy","tos_url":"https://www.infield.ai/terms","company_url":"https://www.infield.ai/","status_url":"","support_url":"support@infield.ai","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":3708,"technical_email":"steve@infield.ai","marketing_email":"andrew@infield.ai","finance_email":"allison@infield.ai","direct_billing_enabled":false,"by_github":false,"security_email":"steve@infield.ai","listable_type":"Integration","listable_id":300994,"copilot_app":false}}},{"type":"marketplace_listing","id":"13233","state":"unverified","name":"Threatrix","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"threatrix","owner_login":"threatrix","resource_path":"/marketplace/threatrix","installation_count":38,"full_description":"Graduate To Threatrix\n\nThreatrix is the first-to-market, cost-effective solution, providing continual license compliance and automated\nsecurity, allowing organizations to determine their exposure to open source risks with one solution. Actionable results\ndrive measurable reductions in risk, saving organizations developer time and costly remediation efforts for compliance\nteams.\n\nThreatrix provides hyper-accurate, audit quality results with its first-to-market technology.\n","short_description":"Audit quality, snippet level, open source security and license compliance in build-time with auto-remediation","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/13233?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":13233,"state":6,"name":"Threatrix","slug":"threatrix","short_description":"Audit quality, snippet level, open source security and license compliance in build-time with auto-remediation","full_description":"## Graduate To Threatrix\nThreatrix is the first-to-market, cost-effective solution, providing continual license compliance and automated security, allowing organizations to determine their exposure to open source risks with one solution. Actionable results drive measurable reductions in risk, saving organizations developer time and costly remediation efforts for compliance teams.\n\nThreatrix provides hyper-accurate, audit quality results with its first-to-market technology.","extended_description":"Nearly four years of research and development have culminated in the creation of our core technologies. Threatrix Origin Tracing technology ensures the most accurate open source match results producing immediately actionable data from build time scans.\n\nWith support for more than 400 languages and growing every day, Threatrix encompasses, by far, the broadest coverage of any tool in the market.\n\n### Continuous Security\nThreatrix continuously scans your repositories for security vulnerabilities and creates fix requests for the next or latest security versions of components.\n\n### Continuous Compliance\nThreatrix produces hyper-accurate results in minutes allowing your team to perform continuous triage of license issues to stay ahead of open source risks. VCs are using Threatrix to determine risks with their investments. Failing to comply with all of your open source licenses may kill your next funding round.\n\n","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://threatrix.io/privacy","tos_url":"https://threatrix.io/terms","company_url":"https://threatrix.io/","status_url":"","support_url":"support@threatrix.io","documentation_url":"https://docs.threatrix.io/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"john@threatrix.io","marketing_email":"kristen@threatrix.io","finance_email":"john@threatrix.io","direct_billing_enabled":false,"by_github":false,"security_email":"john@threatrix.io","listable_type":"Integration","listable_id":220916,"copilot_app":false}}},{"type":"marketplace_listing","id":"16139","state":"unverified","name":"EdgeBit Security","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":false,"slug":"edgebit-security","owner_login":"edgebitio","resource_path":"/marketplace/edgebit-security","installation_count":13,"full_description":"Prevent insecure dependencies before they can merge. Track and remediate vulnerabilities in your entire supply chain.\n\nEdgeBit is a real-time SCA tool that uses data about how your app executes in production to filter out irrelevant\nvulnerabilities and dormant code.\n","short_description":"Real-time SCA tool to find issues in your supply chain and rank threats with context from production execution","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16139?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16139,"state":6,"name":"EdgeBit Security","slug":"edgebit-security","short_description":"Real-time SCA tool to find issues in your supply chain and rank threats with context from production execution","full_description":"**Prevent insecure dependencies before they can merge. Track and remediate vulnerabilities in your entire supply chain.**\n\nEdgeBit is a [real-time SCA tool](https://edgebit.io/solutions/vulnerability-management/?utm_source=github) that uses data about how your app executes in production to filter out irrelevant vulnerabilities and dormant code.\n\n","extended_description":" - **Detection in Pull Request**: Identify risks in new dependencies right in a PR\n - **Prioritized CVEs**: Ruthlessly prioritize issues to fix based on real-time context\n - **Supply Chain Inventory**: Track dependency track usage across your software components\n - **Generate SBOMs automatically**: SBOMs for compliance artifacts\n \n Dependencies for software products are exploding in number and with that comes a sprawling supply chain. A supply chain isn't just a build-time check, it's highly dynamic.\n\nEdgeBit watches in real time — we cross-reference your build pipelines here on GitHub and server fleet with multiple data sources to communicate your live inventory and actual risk.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://edgebit.io/legal/privacy/","tos_url":"https://edgebit.io/legal/terms/","company_url":"https://edgebit.io","status_url":"https://status.edgebit.io","support_url":"https://edgebit.io/support/","documentation_url":"https://edgebit.io/docs/0.x/","pricing_url":null,"bgcolor":"fff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"eugene@edgebit.io","marketing_email":"founders@edgebit.io","finance_email":"rob@edgebit.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@edgebit.io","listable_type":"Integration","listable_id":357519,"copilot_app":false}}},{"type":"marketplace_listing","id":"17829","state":"unverified","name":"Minder by Stacklok","free":true,"primary_category":"Security","secondary_category":"Code quality","is_verified_owner":false,"slug":"minder-by-stacklok","owner_login":"stacklok","resource_path":"/marketplace/minder-by-stacklok","installation_count":61,"full_description":"Minder by Stacklok is an open source and extensible platform that helps OSS maintainers and project owners consistently\nprotect their code repos, build pipelines, and artifacts from malicious attacks.\n","short_description":"An open source, extensible platform that helps you enforce security policies and settings across your GitHub organization","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17829?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17829,"state":6,"name":"Minder by Stacklok","slug":"minder-by-stacklok","short_description":"An open source, extensible platform that helps you enforce security policies and settings across your GitHub organization","full_description":"Minder by Stacklok is an open source and extensible platform that helps OSS maintainers and project owners consistently protect their code repos, build pipelines, and artifacts from malicious attacks.","extended_description":"# Minder Features\n\n### Repository configuration and security\n\nMost development teams have multiple repos—averaging 6x the number of developers. Minder helps you simplify configuration and management of security policies and settings across multiple project repos.\n\n### Proactive security enforcement\n\nContinuously enforce security best practices like secret scanning, branch protections, artifact signing and more by setting granular policies to alert or auto-remediate.\n\n### Artifact attestation\n\nMake sure your artifacts are tamper-proof by setting a policy to verify that all artifacts are signed using Sigstore, and display signature and verification status for those artifacts.\n\n### Dependency and license management\n\nManage your dependency security posture and supported licenses by helping developers make better choices and enforcing controls. Minder integrates with [Trusty](https://stacklok.com/trusty) to enable policy-driven management based on dependency risk level.","primary_category_id":6,"secondary_category_id":12,"privacy_policy_url":"https://www.iubenda.com/privacy-policy/85152077","tos_url":"","company_url":"https://stacklok.com/","status_url":"https://status.stacklok.com/","support_url":"https://docs.stacklok.com/minder/about/faq#how-do-i-get-support-for-minder","documentation_url":"https://docs.stacklok.com/minder/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"info@stacklok.com","marketing_email":"marketing@stacklock.com","finance_email":"accountspayable@stacklok.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@stacklok.com","listable_type":"Integration","listable_id":863270,"copilot_app":false}}},{"type":"marketplace_listing","id":"17634","state":"unverified","name":"Puaro Security","free":true,"primary_category":"Security","secondary_category":"Continuous integration","is_verified_owner":true,"slug":"puaro-security","owner_login":"puaro-app","resource_path":"/marketplace/puaro-security","installation_count":3,"full_description":"Puaro Security provides a simple-to-use platform to detect and eliminate secrets in your code\n","short_description":"Secure your code today","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17634?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17634,"state":6,"name":"Puaro Security","slug":"puaro-security","short_description":"Secure your code today","full_description":"Puaro Security provides a simple-to-use platform to detect and eliminate secrets in your code","extended_description":"- Integrate Puaro easily into your source control system as part of CI/CD pipelines, ensure continuous scanning of your code, without the need to configure or maintain Puaro on your side.\n- Gets a detailed view of secrets found in your code at the PR level and enjoy comprehensive analytics to review security performance metrics.\n\n[Schedule a demo and learn more](https://puaro.io/contact-us)!","primary_category_id":6,"secondary_category_id":2,"privacy_policy_url":"https://puaro.io/legal/privacy","tos_url":"https://puaro.io/legal/terms-of-use","company_url":"https://puaro.io","status_url":"","support_url":"https://puaro.io","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"info@puaro.io","marketing_email":"info@puaro.io","finance_email":"info@puaro.io","direct_billing_enabled":false,"by_github":false,"security_email":"info@puaro.io","listable_type":"Integration","listable_id":856884,"copilot_app":false}}},{"type":"marketplace_listing","id":"17615","state":"unverified","name":"Back Git Up","free":true,"primary_category":"Backup Utilities","secondary_category":"Security","is_verified_owner":true,"slug":"back-git-up-backups-for-github","owner_login":"backgitup","resource_path":"/marketplace/back-git-up-backups-for-github","installation_count":4,"full_description":"🎉 We ve launched! Celebrate with us. Back Git Up is completely free for the first 50 users! 🎉\n\nThe Backup app for GitHub. Back Git Up specialises in one thing, backing up your repositories.\n\n  - Automatic daily, hourly or live backups of your source code\n  - On-demand backups with a click of a button\n  - Backups encrypted at rest in Google Cloud Storage with AES-256 encryption\n  - Read-only access to your repositories.\n","short_description":"Protect your code from malicious actors and accidental deletion","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17615?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17615,"state":6,"name":"Back Git Up","slug":"back-git-up-backups-for-github","short_description":"Protect your code from malicious actors and accidental deletion","full_description":"###\n### 🎉 We've launched! Celebrate with us. Back Git Up is completely free for the first 50 users! 🎉\n\n**The Backup app for GitHub.** [Back Git Up](https://backgitup.com) specialises in one thing, backing up your repositories.\n\n* Automatic daily, hourly or live backups of your source code\n* On-demand backups with a click of a button\n* Backups encrypted at rest in Google Cloud Storage with AES-256 encryption\n* Read-only access to your repositories.","extended_description":"**Protect your business right now**\nDon't roll your own back up scripts. Install Back Git Up and get your code protected in minutes.\n\n**Define our roadmap**\nWe're new, we're small and we're agile. Support small, independent developers. Help us build the product you want.\n\n**Coming soon**\n\n* Bring your own cloud and store your backups on your infrastructure\n* Select your data residency\n\n**How does pricing work?**\nWe price per organization. All billing is handled through GitHub.","primary_category_id":41,"secondary_category_id":6,"privacy_policy_url":"https://www.backgitup.com/privacy","tos_url":"https://www.backgitup.com/terms","company_url":"","status_url":"","support_url":"https://backgitup.com","documentation_url":"","pricing_url":null,"bgcolor":"16a34a","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"nick@backgitup.com","marketing_email":"nick@backgitup.com","finance_email":"nick@backgitup.com","direct_billing_enabled":false,"by_github":false,"security_email":"nick@backgitup.com","listable_type":"Integration","listable_id":852732,"copilot_app":false}}},{"type":"marketplace_listing","id":"7736","state":"verified","name":"Cloudback: GitHub Backup & Restore","free":false,"primary_category":"Security","secondary_category":"Backup Utilities","is_verified_owner":true,"slug":"cloudback","owner_login":"cloudback","resource_path":"/marketplace/cloudback","installation_count":998,"full_description":"Cloudback secures your GitHub repositories with recurrent data backups\n\n  - SOC2 in progress\n  - Automatic backups\n  - Self-sufficient password-protected ZIP archives with AES-256 encryption\n  - Customer storages: S3, OneDrive, Azure, GCP, Wasabi, Alibaba, etc\n  - Cloudback storages: USA, EU, UK, Asia\n  - Data deduplication\n  - Backup replication\n  - Audit log\n  - Instant email and messenger notifications: Slack, MS Teams, Discord\n  - AWS S3 Object Lock and Tag Support\n  - And more\n","short_description":"Backup repositories, metadata and LFS into AWS, Azure, OneDrive, GCP, etc. Pay per repositories, not seats. SOC2 in progress","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/7736?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":7736,"state":3,"name":"Cloudback: GitHub Backup & Restore","slug":"cloudback","short_description":"Backup repositories, metadata and LFS into AWS, Azure, OneDrive, GCP, etc. Pay per repositories, not seats. SOC2 in progress","full_description":"Cloudback secures your GitHub repositories with recurrent data backups\n- SOC2 in progress\n- Automatic backups\n- Self-sufficient password-protected ZIP archives with AES-256 encryption\n- Customer storages: S3, OneDrive, Azure, GCP, Wasabi, Alibaba, etc\n- Cloudback storages: USA, EU, UK, Asia\n- Data deduplication\n- Backup replication\n- Audit log\n- Instant email and messenger notifications: Slack, MS Teams, Discord\n- AWS S3 Object Lock and Tag Support\n- And [more](https://cloudback.it/pricing#all)","extended_description":"## Features\nWe offer the most comprehensive backup on the market. Cloudback lets you store all the information you need to restore the entire repository in the event of a disaster. Back up the GitHub repository code, issues, labels, comments, milestones, etc. \n\n### Customer-managed storages\n - Microsoft Azure Blob Storage\n - Microsoft OneDrive\n - Amazon S3\n - Google Cloud Storage\n - Alibaba Cloud Object Storage\n - OpenStack Swift\n\n### Customer-managed encryption keys\n- Coming soon\n \n### Cloudback-managed storages\n - US, EU, UK, Sidney, Singapore\n\n### Data deduplication \n- Reduce storage costs while using your own storage. [Learn more](https://cloudback.it/docs/deduplication).\n\n### Backup replication\n- Leverage composite storages to replicate backups across multiple locations.\n\n### Fair pricing\n- Pay per repository, not seats. \n- All features included, no matter the plan.\n\n### And more\n- Learn more about Cloudback features in our [docs](https://cloudback.it/docs/what-is-cloudback).","primary_category_id":6,"secondary_category_id":41,"privacy_policy_url":"https://cloudback.it/docs/privacy","tos_url":"https://cloudback.it/docs/terms","company_url":"https://cloudback.it/","status_url":"","support_url":"https://cloudback.it/contact","documentation_url":"https://cloudback.it/docs/what-is-cloudback","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1921,"technical_email":"team@cloudback.it","marketing_email":"team@cloudback.it","finance_email":"team@cloudback.it","direct_billing_enabled":false,"by_github":false,"security_email":"team@cloudback.it","listable_type":"Integration","listable_id":74074,"copilot_app":false}}},{"type":"marketplace_listing","id":"17513","state":"unverified","name":"Tillion Guardian","free":true,"primary_category":"AI Assisted","secondary_category":"Code Scanning Ready","is_verified_owner":true,"slug":"tillion-guardian","owner_login":"tillionio","resource_path":"/marketplace/tillion-guardian","installation_count":9,"full_description":"Tillion AI Guardian rapidly detects conflicts between your org data policies and code, to ensure ongoing compliance. It\nautomatically scans your codebase to identify data usage and recipients of data, then compares it to your policies and\nflags issues.\n","short_description":"Your AI Data Guardian","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17513?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17513,"state":6,"name":"Tillion Guardian","slug":"tillion-guardian","short_description":"Your AI Data Guardian","full_description":"Tillion AI Guardian rapidly detects conflicts between your org data policies and code, to ensure ongoing compliance. It automatically scans your codebase to identify data usage and recipients of data, then compares it to your policies and flags issues.","extended_description":"### Free up time previously spent on recurring compliance tasks\n\nTillion AI Guardian automates the policy audit and evidence collection process. Data usage and recipients of data are continuously tracked, and a trail of code file paths is generated for reference.\n\n### Get more work done\n\nTillion AI Guardian brings your org policies into the code and automatically links data usage to its corresponding policy items. It lets you easily understand what’s allowed or not, so you can focus on building fast without breaking policy.\n\n### Improve code quality\n\nTillion AI Guardian regularly measures how compliant your code is against your org policies, giving you the visibility and context you need to prioritize and resolve data usage issues.","primary_category_id":39,"secondary_category_id":42,"privacy_policy_url":"https://www.tillion.ai/legal/privacy-policy","tos_url":"https://www.tillion.ai/legal/terms-of-use","company_url":"https://www.tillion.ai/","status_url":"https://status.tillion.ai/","support_url":"https://trust.tillion.ai/","documentation_url":"","pricing_url":null,"bgcolor":"000000","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"barak@tillion.ai","marketing_email":"info@tillion.ai","finance_email":"finance@tillion.ai","direct_billing_enabled":false,"by_github":false,"security_email":"cybersecurity@tillion.ai","listable_type":"Integration","listable_id":308293,"copilot_app":false}}},{"type":"marketplace_listing","id":"16907","state":"unverified","name":"DC-Automate-GitHub","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":true,"slug":"dc-automate-github","owner_login":"flussoai","resource_path":"/marketplace/dc-automate-github","installation_count":4,"full_description":"Cross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your\ndevelopment partners.\n","short_description":"Automated cross-organization repo sharing, tracking and analytics","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16907?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16907,"state":6,"name":"DC-Automate-GitHub","slug":"dc-automate-github","short_description":"Automated cross-organization repo sharing, tracking and analytics","full_description":"Cross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your development partners.","extended_description":"## Establish Trustworthy Collaboration with your Development Partners\nCross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your development partners.\n\n## Sharing with DC Automate - Fast, Simple and Safe\nDC Automate removes the administrative overhead of managing outside collaborators, simply nominate the organization you want to share your repos with and the maximum number of users and let DC Automate handle the rest.\n\n## Create Great Dev Experiences\nDevelopers never need to log a support request again, the target organization just needs to choose the GitHub Teams that require access. Onboarding a new dev is as easy as adding or removing them from the Team, which is automatically mirrored in the source organization.\n\n## Engagement and Activity\nLeaders can view activity logs, track dev engagement and measure effectiveness","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://dc.datacoalitions.com/policies/dca/github/privacy","tos_url":"https://dc.datacoalitions.com/policies/dca/github/tos","company_url":"https://flusso.world","status_url":"https://dc.datacoalitions.com/status","support_url":"https://dc.datacoalitions.com/support","documentation_url":"https://dc.datacoalitions.com/docs/dca/github","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4329,"technical_email":"technical@flusso.world","marketing_email":"marketing@flusso.world","finance_email":"finance@flusso.world","direct_billing_enabled":false,"by_github":false,"security_email":"security@flusso.world","listable_type":"Integration","listable_id":380919,"copilot_app":false}}},{"type":"marketplace_listing","id":"15916","state":"unverified","name":"Panoptica GitHub","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":false,"slug":"panoptica-github","owner_login":"cisco-panoptica","resource_path":"/marketplace/panoptica-github","installation_count":156,"full_description":"Panoptica s GitHub app enables easy integration of the Panoptica platform to your GitHub organizations and repositories\nproviding IaC, Secret, SAST and SCM Posture scanning to detect, prioritize and prevent security issues.\n","short_description":"Scan IaC in your repository to detect security issues, prioritize risks, and prevent risky configurations before deployment","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/15916?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":15916,"state":6,"name":"Panoptica GitHub","slug":"panoptica-github","short_description":"Scan IaC in your repository to detect security issues, prioritize risks, and prevent risky configurations before deployment","full_description":"Panoptica's GitHub app enables easy integration of the Panoptica platform to your GitHub organizations and repositories providing IaC, Secret, SAST and SCM Posture scanning to detect, prioritize and prevent security issues.","extended_description":"# Panoptica for GitHub\n\nOur tool is engineered to fortify your repositories and organization's security, connecting directly with the Panoptica platform for a unified security management experience and enabling your team true shift security left.\n\n## Panoptica Platform Key Features\n\n- IaC Scanning - Scan IaC templates for potential security issues and misconfigurations.\n- Secret Leak Scanning - Detect exposed credentials within your repositories.\n- Static Application Security Testing (SAST) - Identify vulnerabilities in your source code.\n- Posture Scanning - Evaluate and identify misconfigurations in your GitHub repositories and organizations to maintain robust security standards.\n- Aggregated Security Insights - Obtain an aggregated view of security findings across your different repositories, aiding in comprehensive security analysis and decision-making.","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://www.panoptica.app/cisco-online-privacy-statement","tos_url":"https://www.panoptica.app/terms-and-conditions","company_url":"https://www.cisco.com","status_url":"","support_url":"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html","documentation_url":"https://docs.panoptica.app/v2.0/docs","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"sales@panoptica.app","marketing_email":"sales@panoptica.app","finance_email":"sales@panoptica.app","direct_billing_enabled":false,"by_github":false,"security_email":"sales@panoptica.app","listable_type":"Integration","listable_id":374303,"copilot_app":false}}},{"type":"marketplace_listing","id":"3768","state":"unverified","name":"Debricked","free":false,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"debricked","owner_login":"debricked","resource_path":"/marketplace/debricked","installation_count":2373,"full_description":"Debricked s tool allows you to discover known vulnerabilities in your open source-libraries in an early stage of your\ndevelopment process. Identify, fix and prevent open source vulnerabilities automatically with enforceable pipeline\nrules. Spend less time on manual security research and fixes; let Debricked do the work for you.\n\nDebricked is free for all open source projects!\n","short_description":"Automatically identify, fix and prevent vulnerabilities in your open source dependencies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/3768?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":3768,"state":6,"name":"Debricked","slug":"debricked","short_description":"Automatically identify, fix and prevent vulnerabilities in your open source dependencies","full_description":"Debricked's tool allows you to discover known vulnerabilities in your open source-libraries in an early stage of your development process. **Identify**, **fix** and **prevent** open source vulnerabilities automatically with enforceable pipeline rules. Spend less time on manual security research and fixes; let Debricked do the work for you. \n\n**Debricked is free for all open source projects!**  \n\n\n\n\n\n","extended_description":"Debricked makes it easy to maintain a good state of security in your project. \n\nThe tool allows you to:\n\n- Detect vulnerabilities in your direct and indirect dependencies\n- Integrate seamlessly with other systems used in your everyday workflow\n- Prioritise with the help of our own score, debAI, and make informed decisions \n- Fix vulnerabilities using our suggestions and advise as well as pull requests\n- Prevent dependencies with severe vulnerabilities from entry using automated rules\n- Prevent using dependencies with incompatible licenses\n\nWe support a [wide range of languages and package managers](https://debricked.com/documentation/language-support/), and more are being added as we go!\n\n","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://debricked.com/privacy-policy/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","tos_url":"https://debricked.com/terms-and-conditions/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","company_url":"https://debricked.com/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","status_url":"","support_url":"https://debricked.com/contact/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","documentation_url":"https://debricked.com/documentation/1.0/integrations/ci-build-systems/github?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","pricing_url":null,"bgcolor":"0d1840","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2763,"technical_email":"oscar.reimer@debricked.com","marketing_email":"joanna.qvarnstrom@debricked.com","finance_email":"daniel.wisenhoff@debricked.com","direct_billing_enabled":false,"by_github":false,"security_email":"martin.hell@debricked.com","listable_type":"Integration","listable_id":24490,"copilot_app":false}}},{"type":"marketplace_listing","id":"17133","state":"unverified","name":"OpenSCA SaaS OAuth","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":false,"slug":"opensca-saas-oauth","owner_login":"XmirrorSecurity","resource_path":"/marketplace/opensca-saas-oauth","installation_count":3,"full_description":"OpenSCA is the open source realization of SCA (Software Composition Analysis) technology. As the open source version of\nXmirror SCA, it has been endowed with the core abilities of mixed-source application security detection. Aiming at\nguarding open source security, it is competent to dig out the hiding vulnerabilities and compliance risks in all\ncomponents by dependency analysis, characteristic analysis, reference identification and compliance analysis.\n","short_description":"OpenSCA is an open source solution to check your software for supply chain security risks","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17133?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17133,"state":6,"name":"OpenSCA SaaS OAuth","slug":"opensca-saas-oauth","short_description":"OpenSCA is an open source solution to check your software for supply chain security risks","full_description":"OpenSCA is the open source realization of SCA (Software Composition Analysis) technology. As the open source version of Xmirror SCA, it has been endowed with the core abilities of mixed-source application security detection. Aiming at guarding open source security, it is competent to dig out the hiding vulnerabilities and compliance risks in all components by dependency analysis, characteristic analysis, reference identification and compliance analysis.","extended_description":"Unlike traditional commercial SCA tools, OpenSCA has offered an open source solution to the management of open source risks which is full of potential. Being both complete in ability and easy to use, it supports various scenarios including online/offline, IDE/CMD/SaaS, etc. while allows customized configuration such as local vulnerability databse and private repos. Generally speaking, OpenSCA is intended for outputting transparent component assets & risk list for companies, organizations and individual developers in a flexible way.\n\nBased on OpenSCA, we've built up a global community covering industries of telecom, internet, IoV, finance, energy and so on. We sincerely hope that our project can be a stage for communication and innovation of open source stakeholders.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://opensca.xmirror.cn","tos_url":"","company_url":"https://www.xmirror.cn","status_url":"","support_url":"https://github.com/XmirrorSecurity/OpenSCA-cli/issues","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"opensca@anpro-tech.com","marketing_email":"opensca@anpro-tech.com","finance_email":"opensca@anpro-tech.com","direct_billing_enabled":false,"by_github":false,"security_email":"opensca@anpro-tech.com","listable_type":"Integration","listable_id":793629,"copilot_app":false}}},{"type":"marketplace_listing","id":"7654","state":"unverified","name":"Qwiet AI","free":true,"primary_category":"Code quality","secondary_category":"Security","is_verified_owner":false,"slug":"shiftleft-ng-sast","owner_login":"ShiftLeftSecurity","resource_path":"/marketplace/shiftleft-ng-sast","installation_count":489,"full_description":"ShiftLeft NextGen Static Analysis (NG SAST) is a modern code analysis solution, purpose-built to support developer\nworkflows. NG SAST helps find, fix, and prevent OWASP Top 10 vulnerabilities and cloud-centric vulnerabilities such as\nbusiness logic flaws, data leakage, and insider threats.\n","short_description":"The AI-powered AppSec platform","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/7654?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":7654,"state":6,"name":"Qwiet AI","slug":"shiftleft-ng-sast","short_description":"The AI-powered AppSec platform","full_description":"ShiftLeft NextGen Static Analysis (NG SAST) is a modern code analysis solution, purpose-built to support developer workflows. NG SAST helps find, fix, and prevent OWASP Top 10 vulnerabilities and cloud-centric vulnerabilities such as business logic flaws, data leakage, and insider threats.","extended_description":"- Developer Friendly SAST\n\n   NG SAST was designed with developer-friendly workflows as a first principle. In order to maximize developer efficiency, the NG SAST workflow inserts into pull requests and enables developers to find and fix vulnerabilities without ever leaving their development environment.\n\n- The Most Accurate SAST, Proven by the OWASP Benchmark\n\n   NG SAST is the most accurate static code analysis solution. NG SAST’s 75% score on the OWASP benchmark is more than 2X the next highest competitor and nearly 3X the commercial average.\n\n- Up To 40X Faster\n\n   Up to 40X faster than traditional code analysis tools, NG SAST enables developers to secure every pull request without slowing it down. Unlike traditional tools that analyze source code graphs consecutively, NG SAST leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs.","primary_category_id":12,"secondary_category_id":6,"privacy_policy_url":"https://qwiet.ai/privacy-policy/","tos_url":"https://qwiet.ai/terms-of-service/","company_url":"https://qwiet.ai","status_url":"https://status.shiftleft.io","support_url":"https://go.qwiet.ai/contact_qwiet","documentation_url":"https://docs.shiftleft.io","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":"https://www.shiftleft.io/api/v4/private/integrations/github/install","how_it_works":null,"hero_card_background_image_id":4374,"technical_email":"support@qwiet.ai","marketing_email":"marketing@qwiet.ai","finance_email":"finance@qwiet.ai","direct_billing_enabled":false,"by_github":false,"security_email":"support@qwiet.ai","listable_type":"OauthApplication","listable_id":1313852,"copilot_app":false}}}],"total":37,"total_pages":2},"categories":{"apps":[{"name":"API management","slug":"api-management","description_html":"<p>Structure your API infrastructure to enable various internet gateways to interact with your service.</p>\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"<p>Utilities providing periodic backups of your GitHub data</p>\n"},{"name":"Chat","slug":"chat","description_html":"<p>Bring GitHub into your conversations.</p>\n"},{"name":"Code quality","slug":"code-quality","description_html":"<p>Automate your code review with style, quality, security, and test‑coverage checks when you need them.</p>\n"},{"name":"Code review","slug":"code-review","description_html":"<p>Ensure your code meets quality standards and ship with confidence.</p>\n"},{"name":"Container CI","slug":"container-ci","description_html":"<p>Continuous integration for container applications.</p>\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"<p>Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.</p>\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"<p>Secure and manage your third-party dependencies.</p>\n"},{"name":"Deployment","slug":"deployment","description_html":"<p>Streamline your code deployment so you can focus on your product.</p>\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"<p>Enables custom protection rules to gate deployments with third-party services</p>\n"},{"name":"Game CI","slug":"game-ci","description_html":"<p>Tools for building a CI pipeline for game development</p>\n"},{"name":"IDEs","slug":"ides","description_html":"<p>Find the right interface to build, debug, and deploy your source code.</p>\n"},{"name":"Learning","slug":"learning","description_html":"<p>Get the skills you need to level up.</p>\n"},{"name":"Localization","slug":"localization","description_html":"<p>Extend your software's reach. Localize and translate continuously from GitHub.</p>\n"},{"name":"Mobile","slug":"mobile","description_html":"<p>Improve your workflow for the small screen.</p>\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"<p>Continuous integration for Mobile applications</p>\n"},{"name":"Monitoring","slug":"monitoring","description_html":"<p>Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.</p>\n"},{"name":"Project management","slug":"project-management","description_html":"<p>Organize, manage, and track your project with tools that build on top of issues and pull requests.</p>\n"},{"name":"Publishing","slug":"publishing","description_html":"<p>Get your site ready for production so you can get the word out.</p>\n"},{"name":"Recently added","slug":"recently-added","description_html":"<p>The latest tools that help you and your team build software better, together.</p>\n"},{"name":"Security","slug":"security","description_html":"<p>Find, fix, and prevent security vulnerabilities before they can be exploited.</p>\n"},{"name":"Support","slug":"support","description_html":"<p>Get your team and customers the help they need.</p>\n"},{"name":"Testing","slug":"testing","description_html":"<p>Eliminate bugs and ship with more confidence by adding these tools to your workflow.</p>\n"},{"name":"Utilities","slug":"utilities","description_html":"<p>Auxiliary tools to enhance your experience on GitHub</p>\n"}],"actions":[{"name":"API management","slug":"api-management","description_html":"<p>Structure your API infrastructure to enable various internet gateways to interact with your service.</p>\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"<p>Utilities providing periodic backups of your GitHub data</p>\n"},{"name":"Chat","slug":"chat","description_html":"<p>Bring GitHub into your conversations.</p>\n"},{"name":"Code quality","slug":"code-quality","description_html":"<p>Automate your code review with style, quality, security, and test‑coverage checks when you need them.</p>\n"},{"name":"Code review","slug":"code-review","description_html":"<p>Ensure your code meets quality standards and ship with confidence.</p>\n"},{"name":"Container CI","slug":"container-ci","description_html":"<p>Continuous integration for container applications.</p>\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"<p>Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.</p>\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"<p>Secure and manage your third-party dependencies.</p>\n"},{"name":"Deployment","slug":"deployment","description_html":"<p>Streamline your code deployment so you can focus on your product.</p>\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"<p>Enables custom protection rules to gate deployments with third-party services</p>\n"},{"name":"Game CI","slug":"game-ci","description_html":"<p>Tools for building a CI pipeline for game development</p>\n"},{"name":"GitHub Sponsors","slug":"github-sponsors","description_html":"<p>Tools to manage your <a href=\"https://github.com/sponsors\">GitHub Sponsors</a> community</p>\n"},{"name":"IDEs","slug":"ides","description_html":"<p>Find the right interface to build, debug, and deploy your source code.</p>\n"},{"name":"Learning","slug":"learning","description_html":"<p>Get the skills you need to level up.</p>\n"},{"name":"Localization","slug":"localization","description_html":"<p>Extend your software's reach. Localize and translate continuously from GitHub.</p>\n"},{"name":"Mobile","slug":"mobile","description_html":"<p>Improve your workflow for the small screen.</p>\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"<p>Continuous integration for Mobile applications</p>\n"},{"name":"Monitoring","slug":"monitoring","description_html":"<p>Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.</p>\n"},{"name":"Project management","slug":"project-management","description_html":"<p>Organize, manage, and track your project with tools that build on top of issues and pull requests.</p>\n"},{"name":"Publishing","slug":"publishing","description_html":"<p>Get your site ready for production so you can get the word out.</p>\n"},{"name":"Security","slug":"security","description_html":"<p>Find, fix, and prevent security vulnerabilities before they can be exploited.</p>\n"},{"name":"Support","slug":"support","description_html":"<p>Get your team and customers the help they need.</p>\n"},{"name":"Testing","slug":"testing","description_html":"<p>Eliminate bugs and ship with more confidence by adding these tools to your workflow.</p>\n"},{"name":"Utilities","slug":"utilities","description_html":"<p>Auxiliary tools to enhance your experience on GitHub</p>\n"}]}},"title":"Marketplace"}