{"payload":{"featured":[],"recommended":[],"recently_added":[],"search_results":{"results":[{"type":"marketplace_listing","id":"18118","state":"unverified","name":"Pangea","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":false,"slug":"pangea-cyber","owner_login":"pangeacyber","resource_path":"/marketplace/pangea-cyber","installation_count":19,"full_description":"For any application today, upwards of 20% of the code is security related functionality. Pangea provides a composable\nsecurity framework of 19 security services like authentication and secure audit logging that you can easily add to your\ncode so you don t have to build them yourself. The Pangea Github Copilot Extension, available under @pangea-cyber,\nallows you to ask Pangea questions about security features and will guide users on how to add Pangea security features\nto any application.\n","short_description":"The essential security features you need in API-based services that can be implemented easily with just a few lines of code","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/18118?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":18118,"state":6,"name":"Pangea","slug":"pangea-cyber","short_description":"The essential security features you need in API-based services that can be implemented easily with just a few lines of code","full_description":"For any application today, upwards of 20% of the code is security related functionality.  Pangea provides a composable security framework of 19 security services like authentication and secure audit logging that you can easily add to your code so you don't have to build them yourself. The Pangea Github Copilot Extension, available under @pangea-cyber, allows you to ask Pangea questions about security features and will guide users on how to add Pangea security features to any application.","extended_description":"With Pangea's comprehensive platform of essential API-based security services, you can eliminate the burden of building, scaling and managing complex security code.\n\nPrerequisites and Set-up\n- User has a free [Pangea account](https://pangea.cloud/docs/getting-started/create-account/).\n- User is part of a GitHub organization that has a Copilot license\n- User can install extensions\n\nInstallation, Sign-in & Auth\n1. Install the @pangea-cyber extension\n2. In Copilot chat, use @pangea-cyber to ask questions about security features\n3. Using your Pangea account and the extension's responses, implement security features in your application\n\nExample Use-cases\n- Learn how Pangea services can assist in developing secure applications.\n- Get pointers on what Pangea service to use to solve a given problem.\n\nExample prompts\n- @pangea-cyber how can I add logins to my website?\n- @pangea-cyber how can I redact sensitive info from text?\n- @pangea-cyber I need to be HIPAA compliant. How can I do that?","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://pangea.cloud/privacy-policy/","tos_url":"https://pangea.cloud/terms-of-use/","company_url":"https://pangea.cloud/","status_url":"https://status.pangea.cloud/","support_url":"info@pangea.cloud","documentation_url":"https://pangea.cloud/docs/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4618,"technical_email":"kenan.yildirim@pangea.cloud","marketing_email":"michael.weinberger@pangea.cloud","finance_email":"tim.driscoll@pangea.cloud","direct_billing_enabled":false,"by_github":false,"security_email":"baruch.mettler@pangea.cloud","listable_type":"Integration","listable_id":878395,"copilot_app":true}}},{"type":"marketplace_listing","id":"17890","state":"unverified","name":"Sudoviz","free":true,"primary_category":"Security","secondary_category":"AI Assisted","is_verified_owner":false,"slug":"sudoviz","owner_login":"sudoviz","resource_path":"/marketplace/sudoviz","installation_count":3,"full_description":"Sudoviz: Security   Analytics\n\n  - Detect Vulnerabilities: Remediate code issues 100x faster.\n  - Security Visibility: Manage risk across applications.\n  - Data Analysis: Visibility in development environments.\n  - Secure Strategy: Avoid cyber risks.\n\nFeatures:\n\n  - Scans: Comprehensive stack analysis.\n  - Analytics: Insights from vulnerability metrics.\n  - Workflow: Manage issues via Jira.\n  - AI Remediation: Enhance code security.\n","short_description":"Secure your software stack with next gen AI","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17890?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17890,"state":6,"name":"Sudoviz","slug":"sudoviz","short_description":"Secure your software stack with next gen AI","full_description":"# Sudoviz: Security & Analytics\n- **Detect Vulnerabilities**: Remediate code issues 100x faster.\n- **Security Visibility**: Manage risk across applications.\n- **Data Analysis**: Visibility in development environments.\n- **Secure Strategy**: Avoid cyber risks.\n\n### Features:\n- **Scans**: Comprehensive stack analysis.\n- **Analytics**: Insights from vulnerability metrics.\n- **Workflow**: Manage issues via Jira.\n- **AI Remediation**: Enhance code security.\n","extended_description":"# Sudoviz: Enhanced Security & Analytics Solutions\n\n## Core Features:\n\n- **Rapid Vulnerability Detection**: Accelerate issue identification and remediation by 100 times.\n- **Comprehensive Security Oversight**: Oversee and mitigate risks throughout your entire software portfolio.\n- **Persistent Data Analysis**: Maintain continuous oversight across essential development zones.\n- **Proactive Risk Management**: Navigate away from hidden cyber threats and vulnerabilities.\n\n### Detailed Functionality:\n\n- **Vulnerability Scans**: Initiate thorough examinations of your software stack, identifying and analyzing potential security risks.\n- **Results Analysis**: Explore vulnerabilities using an intuitive dashboard to make strategic security decisions.\n- **Workflow Optimization**: Streamline issue management with integrated Jira ticket creation for effective collaboration.\n- **AI-Assisted Solutions**: Utilize AI for precise false positive analysis and to recommend robust security measures.","primary_category_id":6,"secondary_category_id":39,"privacy_policy_url":"https://www.sudoviz.com/","tos_url":"https://www.sudoviz.com/","company_url":"https://www.sudoviz.com/","status_url":"https://www.sudoviz.com/","support_url":"https://www.sudoviz.com/contact","documentation_url":"https://www.sudoviz.com/","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"support@sudoviz.com","marketing_email":"support@sudoviz.com","finance_email":"support@sudoviz.com","direct_billing_enabled":false,"by_github":false,"security_email":"support@sudoviz.com","listable_type":"Integration","listable_id":880429,"copilot_app":false}}},{"type":"marketplace_listing","id":"17864","state":"unverified","name":"Golang Code Scanner","free":true,"primary_category":"Code quality","secondary_category":"Security","is_verified_owner":true,"slug":"golang-code-scanner","owner_login":"Armur-Ai","resource_path":"/marketplace/golang-code-scanner","installation_count":2,"full_description":"Golang Code Scanner\n\nThe Golang Code Scanner is a app designed to enhance the security of your Golang codebase by scanning for\nvulnerabilities. It automatically analyzes your Golang code whenever you push changes to the master branch or create a\npull request targeting the master or main branch. Upon detecting vulnerabilities, it adds a comment to the created pull\nrequest, thereby facilitating timely resolution of security issues.\n","short_description":"Automated vulnerability Scanner","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17864?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17864,"state":6,"name":"Golang Code Scanner","slug":"golang-code-scanner","short_description":"Automated vulnerability Scanner","full_description":"# Golang Code Scanner\n\nThe **Golang Code Scanner** is a app designed to enhance the security of your Golang codebase by scanning for vulnerabilities. It automatically analyzes your Golang code whenever you push changes to the `master` branch or create a pull request targeting the `master` or  `main` branch. Upon detecting vulnerabilities, it adds a comment to the created pull request, thereby facilitating timely resolution of security issues.\n","extended_description":"# Features\n\n- **Automated Vulnerability Detection**: The app automatically scans Golang code for vulnerabilities.\n- **Integration with Pull Requests**: Vulnerability findings are reported as comments on pull requests, streamlining the review process.\n\n","primary_category_id":12,"secondary_category_id":6,"privacy_policy_url":"https://www.armur.ai/privacy-policy","tos_url":"","company_url":"https://www.armur.ai","status_url":"","support_url":"https://www.armur.ai/contact","documentation_url":"","pricing_url":null,"bgcolor":"000000","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4543,"technical_email":"akhil@armur.ai","marketing_email":"shane@armur.ai","finance_email":"paul@armur.ai","direct_billing_enabled":false,"by_github":false,"security_email":"admin@armur.ai","listable_type":"Integration","listable_id":874187,"copilot_app":false}}},{"type":"marketplace_listing","id":"17829","state":"unverified","name":"Minder by Stacklok","free":true,"primary_category":"Security","secondary_category":"Code quality","is_verified_owner":false,"slug":"minder-by-stacklok","owner_login":"stacklok","resource_path":"/marketplace/minder-by-stacklok","installation_count":68,"full_description":"Minder by Stacklok is an open source and extensible platform that helps OSS maintainers and project owners consistently\nprotect their code repos, build pipelines, and artifacts from malicious attacks.\n","short_description":"An open source, extensible platform that helps you enforce security policies and settings across your GitHub organization","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17829?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17829,"state":6,"name":"Minder by Stacklok","slug":"minder-by-stacklok","short_description":"An open source, extensible platform that helps you enforce security policies and settings across your GitHub organization","full_description":"Minder by Stacklok is an open source and extensible platform that helps OSS maintainers and project owners consistently protect their code repos, build pipelines, and artifacts from malicious attacks.","extended_description":"# Minder Features\n\n### Repository configuration and security\n\nMost development teams have multiple repos—averaging 6x the number of developers. Minder helps you simplify configuration and management of security policies and settings across multiple project repos.\n\n### Proactive security enforcement\n\nContinuously enforce security best practices like secret scanning, branch protections, artifact signing and more by setting granular policies to alert or auto-remediate.\n\n### Artifact attestation\n\nMake sure your artifacts are tamper-proof by setting a policy to verify that all artifacts are signed using Sigstore, and display signature and verification status for those artifacts.\n\n### Dependency and license management\n\nManage your dependency security posture and supported licenses by helping developers make better choices and enforcing controls. Minder integrates with [Trusty](https://stacklok.com/trusty) to enable policy-driven management based on dependency risk level.","primary_category_id":6,"secondary_category_id":12,"privacy_policy_url":"https://www.iubenda.com/privacy-policy/85152077","tos_url":"","company_url":"https://stacklok.com/","status_url":"https://status.stacklok.com/","support_url":"https://docs.stacklok.com/minder/about/faq#how-do-i-get-support-for-minder","documentation_url":"https://docs.stacklok.com/minder/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"info@stacklok.com","marketing_email":"marketing@stacklock.com","finance_email":"accountspayable@stacklok.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@stacklok.com","listable_type":"Integration","listable_id":863270,"copilot_app":false}}},{"type":"marketplace_listing","id":"17634","state":"unverified","name":"Puaro Security","free":true,"primary_category":"Security","secondary_category":"Continuous integration","is_verified_owner":true,"slug":"puaro-security","owner_login":"puaro-app","resource_path":"/marketplace/puaro-security","installation_count":4,"full_description":"Puaro Security provides a simple-to-use platform to detect and eliminate secrets in your code\n","short_description":"Secure your code today","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17634?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17634,"state":6,"name":"Puaro Security","slug":"puaro-security","short_description":"Secure your code today","full_description":"Puaro Security provides a simple-to-use platform to detect and eliminate secrets in your code","extended_description":"- Integrate Puaro easily into your source control system as part of CI/CD pipelines, ensure continuous scanning of your code, without the need to configure or maintain Puaro on your side.\n- Gets a detailed view of secrets found in your code at the PR level and enjoy comprehensive analytics to review security performance metrics.\n\n[Schedule a demo and learn more](https://puaro.io/contact-us)!","primary_category_id":6,"secondary_category_id":2,"privacy_policy_url":"https://puaro.io/legal/privacy","tos_url":"https://puaro.io/legal/terms-of-use","company_url":"https://puaro.io","status_url":"","support_url":"https://puaro.io","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"info@puaro.io","marketing_email":"info@puaro.io","finance_email":"info@puaro.io","direct_billing_enabled":false,"by_github":false,"security_email":"info@puaro.io","listable_type":"Integration","listable_id":856884,"copilot_app":false}}},{"type":"marketplace_listing","id":"17615","state":"unverified","name":"Back Git Up","free":true,"primary_category":"Backup Utilities","secondary_category":"Security","is_verified_owner":true,"slug":"back-git-up-backups-for-github","owner_login":"backgitup","resource_path":"/marketplace/back-git-up-backups-for-github","installation_count":4,"full_description":"🎉 We ve launched! Celebrate with us. Back Git Up is completely free for the first 50 users! 🎉\n\nThe Backup app for GitHub. Back Git Up specialises in one thing, backing up your repositories.\n\n  - Automatic daily, hourly or live backups of your source code\n  - On-demand backups with a click of a button\n  - Backups encrypted at rest in Google Cloud Storage with AES-256 encryption\n  - Read-only access to your repositories.\n","short_description":"Protect your code from malicious actors and accidental deletion","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17615?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17615,"state":6,"name":"Back Git Up","slug":"back-git-up-backups-for-github","short_description":"Protect your code from malicious actors and accidental deletion","full_description":"###\n### 🎉 We've launched! Celebrate with us. Back Git Up is completely free for the first 50 users! 🎉\n\n**The Backup app for GitHub.** [Back Git Up](https://backgitup.com) specialises in one thing, backing up your repositories.\n\n* Automatic daily, hourly or live backups of your source code\n* On-demand backups with a click of a button\n* Backups encrypted at rest in Google Cloud Storage with AES-256 encryption\n* Read-only access to your repositories.","extended_description":"**Protect your business right now**\nDon't roll your own back up scripts. Install Back Git Up and get your code protected in minutes.\n\n**Define our roadmap**\nWe're new, we're small and we're agile. Support small, independent developers. Help us build the product you want.\n\n**Coming soon**\n\n* Bring your own cloud and store your backups on your infrastructure\n* Select your data residency\n\n**How does pricing work?**\nWe price per organization. All billing is handled through GitHub.","primary_category_id":41,"secondary_category_id":6,"privacy_policy_url":"https://www.backgitup.com/privacy","tos_url":"https://www.backgitup.com/terms","company_url":"","status_url":"","support_url":"https://backgitup.com","documentation_url":"","pricing_url":null,"bgcolor":"16a34a","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"nick@backgitup.com","marketing_email":"nick@backgitup.com","finance_email":"nick@backgitup.com","direct_billing_enabled":false,"by_github":false,"security_email":"nick@backgitup.com","listable_type":"Integration","listable_id":852732,"copilot_app":false}}},{"type":"marketplace_listing","id":"17513","state":"unverified","name":"Tillion Guardian","free":true,"primary_category":"AI Assisted","secondary_category":"Code Scanning Ready","is_verified_owner":true,"slug":"tillion-guardian","owner_login":"tillionio","resource_path":"/marketplace/tillion-guardian","installation_count":9,"full_description":"Tillion AI Guardian rapidly detects conflicts between your org data policies and code, to ensure ongoing compliance. It\nautomatically scans your codebase to identify data usage and recipients of data, then compares it to your policies and\nflags issues.\n","short_description":"Your AI Data Guardian","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17513?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17513,"state":6,"name":"Tillion Guardian","slug":"tillion-guardian","short_description":"Your AI Data Guardian","full_description":"Tillion AI Guardian rapidly detects conflicts between your org data policies and code, to ensure ongoing compliance. It automatically scans your codebase to identify data usage and recipients of data, then compares it to your policies and flags issues.","extended_description":"### Free up time previously spent on recurring compliance tasks\n\nTillion AI Guardian automates the policy audit and evidence collection process. Data usage and recipients of data are continuously tracked, and a trail of code file paths is generated for reference.\n\n### Get more work done\n\nTillion AI Guardian brings your org policies into the code and automatically links data usage to its corresponding policy items. It lets you easily understand what’s allowed or not, so you can focus on building fast without breaking policy.\n\n### Improve code quality\n\nTillion AI Guardian regularly measures how compliant your code is against your org policies, giving you the visibility and context you need to prioritize and resolve data usage issues.","primary_category_id":39,"secondary_category_id":42,"privacy_policy_url":"https://www.tillion.ai/legal/privacy-policy","tos_url":"https://www.tillion.ai/legal/terms-of-use","company_url":"https://www.tillion.ai/","status_url":"https://status.tillion.ai/","support_url":"https://trust.tillion.ai/","documentation_url":"","pricing_url":null,"bgcolor":"000000","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"barak@tillion.ai","marketing_email":"info@tillion.ai","finance_email":"finance@tillion.ai","direct_billing_enabled":false,"by_github":false,"security_email":"cybersecurity@tillion.ai","listable_type":"Integration","listable_id":308293,"copilot_app":false}}},{"type":"marketplace_listing","id":"17459","state":"unverified","name":"mit10s-app","free":true,"primary_category":"Security","secondary_category":"Code quality","is_verified_owner":false,"slug":"mit10s","owner_login":"mit10s","resource_path":"/marketplace/mit10s","installation_count":1,"full_description":"Revolutionize your API security with mit10s. A powerful vulnerability scanner leveraging Artificial Intelligence to\nscrutinize your code and generate an exhaustive report of potential vulnerabilities, the severity of threats, and\nactionable steps to fix them. Integrate code security checks directly into your software development lifecycle with our\ncompanion GitHub app. Improve the security of your code with the touch of a button.\n","short_description":"A comprehensive security tool for your API codebases","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17459?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17459,"state":6,"name":"mit10s-app","slug":"mit10s","short_description":"A comprehensive security tool for your API codebases","full_description":"Revolutionize your API security with `mit10s`. A powerful vulnerability scanner leveraging Artificial Intelligence to scrutinize your code and generate an exhaustive report of potential vulnerabilities, the severity of threats, and actionable steps to fix them. Integrate code security checks directly into your software development lifecycle with our companion GitHub app. Improve the security of your code with the touch of a button.","extended_description":"`mit10s` reliably scans your API codebases and uses AI-based algorithms to identify potential security vulnerabilities. This process produces a detailed report featuring:\n\n- A comprehensive list of potential security vulnerabilities.\n- The severity of each identified threat.\n- The priority level for fixing each vulnerability.\n- Clear, actionable steps to remediate identified vulnerabilities.\n\n'mit10s' comes with this companion GitHub app that integrates seamlessly with your repositories. With this app you can:\n\n- Run 'mit10s' directly on your repository, generating exhaustive security reports.\n- Enhance your PR reviews with automated annotations.\n- Establish checklist rules for PRs, blocking the merging of code not passing 'mit10s' security checks.\n\nBring your security testing to the next level by opting for the `mit10s` GitHub app for a well-integrated, efficient, secure coding experience.","primary_category_id":6,"secondary_category_id":12,"privacy_policy_url":"https://github.com/mit10s/mit10s-github-app/blob/main/privacy-policy.md","tos_url":"https://github.com/mit10s/mit10s-github-app/blob/main/terms-of-service.md","company_url":"https://mit10s.com/","status_url":"https://mit10s.com/","support_url":"https://github.com/mit10s/mit10s-github-app/issues","documentation_url":"https://github.com/mit10s/mit10s-github-app","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"ceo@mit10s.com","marketing_email":"ceo@mit10s.com","finance_email":"ceo@mit10s.com","direct_billing_enabled":false,"by_github":false,"security_email":"ceo@mit10s.com","listable_type":"Integration","listable_id":832495,"copilot_app":false}}},{"type":"marketplace_listing","id":"17133","state":"unverified","name":"OpenSCA SaaS OAuth","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":false,"slug":"opensca-saas-oauth","owner_login":"XmirrorSecurity","resource_path":"/marketplace/opensca-saas-oauth","installation_count":3,"full_description":"OpenSCA is the open source realization of SCA (Software Composition Analysis) technology. As the open source version of\nXmirror SCA, it has been endowed with the core abilities of mixed-source application security detection. Aiming at\nguarding open source security, it is competent to dig out the hiding vulnerabilities and compliance risks in all\ncomponents by dependency analysis, characteristic analysis, reference identification and compliance analysis.\n","short_description":"OpenSCA is an open source solution to check your software for supply chain security risks","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17133?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17133,"state":6,"name":"OpenSCA SaaS OAuth","slug":"opensca-saas-oauth","short_description":"OpenSCA is an open source solution to check your software for supply chain security risks","full_description":"OpenSCA is the open source realization of SCA (Software Composition Analysis) technology. As the open source version of Xmirror SCA, it has been endowed with the core abilities of mixed-source application security detection. Aiming at guarding open source security, it is competent to dig out the hiding vulnerabilities and compliance risks in all components by dependency analysis, characteristic analysis, reference identification and compliance analysis.","extended_description":"Unlike traditional commercial SCA tools, OpenSCA has offered an open source solution to the management of open source risks which is full of potential. Being both complete in ability and easy to use, it supports various scenarios including online/offline, IDE/CMD/SaaS, etc. while allows customized configuration such as local vulnerability databse and private repos. Generally speaking, OpenSCA is intended for outputting transparent component assets & risk list for companies, organizations and individual developers in a flexible way.\n\nBased on OpenSCA, we've built up a global community covering industries of telecom, internet, IoV, finance, energy and so on. We sincerely hope that our project can be a stage for communication and innovation of open source stakeholders.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://opensca.xmirror.cn","tos_url":"","company_url":"https://www.xmirror.cn","status_url":"","support_url":"https://github.com/XmirrorSecurity/OpenSCA-cli/issues","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"opensca@anpro-tech.com","marketing_email":"opensca@anpro-tech.com","finance_email":"opensca@anpro-tech.com","direct_billing_enabled":false,"by_github":false,"security_email":"opensca@anpro-tech.com","listable_type":"Integration","listable_id":793629,"copilot_app":false}}},{"type":"marketplace_listing","id":"17028","state":"unverified","name":"Paraxial.io","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":false,"slug":"paraxial-io","owner_login":"paraxialio","resource_path":"/marketplace/paraxial-io","installation_count":22,"full_description":"Paraxial.io secures Elixir and Phoenix applications. Check your code for security problems in CI/CD, get a full\ninventory of where your Elixir apps are running, and stop attacks at runtime.\n","short_description":"Detect security problems in your code. Get actionable security feedback and prevent new vulnerabilities","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/17028?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":17028,"state":6,"name":"Paraxial.io","slug":"paraxial-io","short_description":"Detect security problems in your code. Get actionable security feedback and prevent new vulnerabilities","full_description":"Paraxial.io secures Elixir and Phoenix applications. Check your code for security problems in CI/CD, get a full inventory of where your Elixir apps are running, and stop attacks at runtime. ","extended_description":"## Secure Code and Dependencies \n\nNew vulnerabilities can be introduced through a code change or new dependency. Paraxial.io automatically checks both, ensuring your application is secure. \n\n## Automated Code Review\n\nThe Paraxial.io Github App checks all new code changes for security problems, and provides detailed feedback on how to fix reported issues. \n\n## Feedback In Your PR\n\nYou do not have to go digging through CI logs to determine what security issue caused the build to fail. Get immediate, actionable feedback right in your PR.\n\n## Secure and Compliant \n\nParaxial.io checks for severe security issues (RCE, SQL injection) that result in data breaches. It also ensures a record of each scan is kept on the backend for compliance audits. (ex: SOC 2 Type I & II)\n\n\n\n\n","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://paraxial.io/privacy","tos_url":"https://paraxial.io/terms","company_url":"https://paraxial.io/","status_url":"","support_url":"https://paraxial.io/","documentation_url":"https://hexdocs.pm/paraxial/getting_started.html","pricing_url":null,"bgcolor":"000","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"michael@paraxial.io","marketing_email":"michael@paraxial.io","finance_email":"michael@paraxial.io","direct_billing_enabled":false,"by_github":false,"security_email":"michael@paraxial.io","listable_type":"Integration","listable_id":717041,"copilot_app":false}}},{"type":"marketplace_listing","id":"16907","state":"unverified","name":"DC-Automate-GitHub","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":true,"slug":"dc-automate-github","owner_login":"flussoai","resource_path":"/marketplace/dc-automate-github","installation_count":4,"full_description":"Cross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your\ndevelopment partners.\n","short_description":"Automated cross-organization repo sharing, tracking and analytics","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16907?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16907,"state":6,"name":"DC-Automate-GitHub","slug":"dc-automate-github","short_description":"Automated cross-organization repo sharing, tracking and analytics","full_description":"Cross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your development partners.","extended_description":"## Establish Trustworthy Collaboration with your Development Partners\nCross-organization repo sharing, tracking and analytics. Collaborate faster, safer and transparently with your development partners.\n\n## Sharing with DC Automate - Fast, Simple and Safe\nDC Automate removes the administrative overhead of managing outside collaborators, simply nominate the organization you want to share your repos with and the maximum number of users and let DC Automate handle the rest.\n\n## Create Great Dev Experiences\nDevelopers never need to log a support request again, the target organization just needs to choose the GitHub Teams that require access. Onboarding a new dev is as easy as adding or removing them from the Team, which is automatically mirrored in the source organization.\n\n## Engagement and Activity\nLeaders can view activity logs, track dev engagement and measure effectiveness","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://dc.datacoalitions.com/policies/dca/github/privacy","tos_url":"https://dc.datacoalitions.com/policies/dca/github/tos","company_url":"https://flusso.world","status_url":"https://dc.datacoalitions.com/status","support_url":"https://dc.datacoalitions.com/support","documentation_url":"https://dc.datacoalitions.com/docs/dca/github","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4329,"technical_email":"technical@flusso.world","marketing_email":"marketing@flusso.world","finance_email":"finance@flusso.world","direct_billing_enabled":false,"by_github":false,"security_email":"security@flusso.world","listable_type":"Integration","listable_id":380919,"copilot_app":false}}},{"type":"marketplace_listing","id":"16822","state":"unverified","name":"SAML.to","free":true,"primary_category":"Security","secondary_category":"Utilities","is_verified_owner":true,"slug":"saml-to","owner_login":"saml-to","resource_path":"/marketplace/saml-to","installation_count":39,"full_description":"SAML.to GitHub Application\n\nYou can use SAML.to to easily access your AWS Account (and any other providers that support SAML authentication!) on\nLaptops or in GitHub Actions.\n\nWith SAML.to:\n\n  - 🆔 Users can access AWS using their GitHub Identity\n  - 💻 Users can login to services via the Web or a Developer-friendly CLI\n  - 🔏 Access Control is managed with using YAML file in a GitHub Repository of your choice\n","short_description":"Developer Friendly AWS Role Assumption","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16822?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16822,"state":6,"name":"SAML.to","slug":"saml-to","short_description":"Developer Friendly AWS Role Assumption","full_description":"# SAML.to GitHub Application\n\nYou can use SAML.to to easily access your [AWS](https://aws.amazon.com) Account (and any other providers that support SAML authentication!) on Laptops or in GitHub Actions.\n\nWith SAML.to:\n - 🆔 Users can access AWS using their GitHub Identity\n - 💻 Users can login to services via the Web or a [Developer-friendly CLI](https://github.com/saml-to/cli)\n - 🔏 Access Control is managed with using YAML file in a GitHub Repository of your choice\n","extended_description":"### Replace Okta, JumpCloud, AWS SSO, or home-grown scripts to assume AWS roles.\n\n - Declarative Access Control Lists\n - Auditable Access Control\n - Command Line Interface\n\nFor more information, visit [SAML.to](https://saml.to).\n\n#### Command Line Interface\nUse the `saml-to` CLI assume roles on developer systems.\n\n```shell\nsaml-to login github\n\n$(saml-to assume [a-role-name-or-arn] --headless)\n\naws ec2 reboot-instances ...\n```\n\n#### GitHub Actions\nUse the `assume-aws-role-action` to assume roles during CI/CD.\n\n```yaml\nsteps:\n- uses: saml-to/assume-aws-role-action@v1\n  with:\n    role: a-role-name-or-arn\n- run: aws ecs deploy ...\n```\n\n#### GitHub Codespaces\nUse the `assume-aws-role` to assume roles in Codesapces.\n\n```json\n\"features\": {\n  \"ghcr.io/saml-to/devcontainer-features/assume-aws-role:1\": {\n    \"role\": \"a-role-name-or-arn\"\n  },\n}\n```","primary_category_id":6,"secondary_category_id":29,"privacy_policy_url":"https://saml.to/privacy","tos_url":"https://saml.to/terms","company_url":"https://saml.to","status_url":"","support_url":"https://saml.to/contact","documentation_url":"https://docs.saml.to/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"help@saml.to","marketing_email":"marketing@saml.to","finance_email":"finance@saml.to","direct_billing_enabled":false,"by_github":false,"security_email":"security@saml.to","listable_type":"Integration","listable_id":141473,"copilot_app":false}}},{"type":"marketplace_listing","id":"16736","state":"unverified","name":"DryRun Security","free":true,"primary_category":"Code review","secondary_category":"Security","is_verified_owner":false,"slug":"dryrun-security-app","owner_login":"DryRunSecurity","resource_path":"/marketplace/dryrun-security-app","installation_count":146,"full_description":"Get an AI-powered Security Buddy on Your Next Pull Request\n\nWe’re in beta with a waitlist. Install now and we’ll notify you when we have your spot ready.\n\nDevelopers get stuck with security tools that are too noisy and too slow. We hate that.\n\nWe think:\n\n🦥 Security Code Reviews are too Slow\n\n🎯 Security Context is Missing\n\n🔮 Security Tools are too Confusing\n\nOur drop-in solution adds security context on every pull request, so you don’t have to be a security expert to do the\nright thing.\n","short_description":"Your AI-powered security buddy that uses contextual security analysis to reveal risky code changes","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16736?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16736,"state":6,"name":"DryRun Security","slug":"dryrun-security-app","short_description":"Your AI-powered security buddy that uses contextual security analysis to reveal risky code changes","full_description":"## Get an AI-powered Security Buddy on Your Next Pull Request\n\n> We’re in beta with a waitlist. Install now and we’ll notify you when we have your spot ready.\n\nDevelopers get stuck with security tools that are too noisy and too slow. We hate that. \n\nWe think:\n\n🦥 Security Code Reviews are too Slow\n\n🎯 Security Context is Missing\n\n🔮 Security Tools are too Confusing\n\nOur drop-in solution adds security context on every pull request, so you don’t have to be a security expert to do the right thing.","extended_description":"## Ditch the Noise, Get the Context\n\nUntil now, most security testing takes a generic approach that frustrates developers with repetitive alerts or inaccurate results (hello, we see you false positives).\n\nInstead we evaluate each pull request using Contextual Security Analysis, and it’s the model behind our AI-powered Security Buddy.\n\nYour security buddy checks for:\n\n✅ Authentication and Authorization \n✅ Sensitive Codepaths and Sensitive Functions\n✅ Authorship and Intent\n✅ Code Brittleness\n✅ and more…\n\n## Benefits and Perks\n\n#### Every Code Change Covered\nEvery change and pull request gets analyzed so developers get feedback in near real-time.\n\n#### Every Code Repository Protected\nWith every source code repository in your organization protected, you're limiting exposure to code mishaps and misadventures.\n\n#### Improved Developer Productivity\n\nImproves developer productivity through increasing the velocity of the development pipeline. ","primary_category_id":10,"secondary_category_id":6,"privacy_policy_url":"https://www.dryrun.security/privacy-policy","tos_url":"https://www.dryrun.security/terms-of-service","company_url":"https://dryrun.security","status_url":"","support_url":"https://app.dryrun.security/support","documentation_url":"","pricing_url":null,"bgcolor":"1A1825","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"ken@dryrun.security","marketing_email":"hi@dryrun.security","finance_email":"billing@dryrun.security","direct_billing_enabled":false,"by_github":false,"security_email":"security@dryrun.security","listable_type":"Integration","listable_id":377039,"copilot_app":false}}},{"type":"marketplace_listing","id":"16726","state":"unverified","name":"Seal Security Bot","free":true,"primary_category":"Security","secondary_category":"Open Source management","is_verified_owner":true,"slug":"seal-security-bot","owner_login":"seal-community","resource_path":"/marketplace/seal-security-bot","installation_count":55,"full_description":"Seal helps you secure your application without enduring difficult upgrades. Using Seal Security s standalone security\npatches you can easily mitigate open-source vulnerabilities when a full version upgrade is impractical, thereby\neliminating the tradeoff between security and developer velocity.\n","short_description":"Seal helps you remediate open source vulnerabilities without enduring difficult upgrades","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16726?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16726,"state":6,"name":"Seal Security Bot","slug":"seal-security-bot","short_description":"Seal helps you remediate open source vulnerabilities without enduring difficult upgrades","full_description":"Seal helps you secure your application without enduring difficult upgrades. Using Seal Security's standalone security patches you can easily mitigate open-source vulnerabilities when a full version upgrade is impractical, thereby eliminating the tradeoff between security and developer velocity.","extended_description":"# The app\nOur app analyzes your dependencies and compares them to the OSV database. For each vulnerable package it offers a free ready-to-use tested vulnerability-free version made by our research team. Just register for free to our [artifact server](https://app.sealsecurity.io/?ref=ghm), and enjoy hassle-free security patches.\n\n## For developers\nSometimes a full upgrade just to fix a vulnerability is impractical, due to:\n* Breaking changes\n* Legacy codebases\n* Vulnerable transitive dependencies\n\nSeal offers an alternative. Access hundreds of tested [open source](https://github.com/seal-community/patches) patches and eliminate the hassle.\n\n## For security practitioners\nOS vulnerabilities pose a serious risk. Prioritization is useful but inaccurate, and dev teams are recalcitrant. At [Seal](https://seal.security) we make remediation easy.\n\nWith Seal you can achieve faster MTTR and ensure timely updates without compromising stability.\nScan and see which vulnerabilities you can fix today.","primary_category_id":6,"secondary_category_id":18,"privacy_policy_url":"https://www.seal.security/privacy","tos_url":"https://www.seal.security/terms","company_url":"https://www.seal.security/","status_url":"https://sealsecurity.statuspage.io/","support_url":"https://www.seal.security/","documentation_url":"https://docs.sealsecurity.io/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4242,"technical_email":"github@sealsecurity.io","marketing_email":"marketings@sealsecurity.io","finance_email":"finance@sealsecurity.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@sealsecurity.io","listable_type":"Integration","listable_id":422016,"copilot_app":false}}},{"type":"marketplace_listing","id":"16706","state":"unverified","name":"sbom.sh - Easy creating, vuln scanning and sharing of SBOMs.","free":true,"primary_category":"Code review","secondary_category":"Security","is_verified_owner":false,"slug":"sbom-sh-easy-creating-vuln-scanning-and-sharing-of-sboms","owner_login":"codenotary","resource_path":"/marketplace/sbom-sh-easy-creating-vuln-scanning-and-sharing-of-sboms","installation_count":16,"full_description":"sbom.sh - Streamline Your SBOM Management\n\nA powerful GH Action for easy creation, vuln-scanning, and sharing of Software Bill of Materials (SBOMs). Integrating\nwith Grype, Trivy, and Syft, it supports sbomqs for quality scoring.\n\nFeatures\n\n  - Automated SBOM Creation\n  - Integrated Scanning with Top Tools\n  - SBOM Quality Check\n  - Track URLs in Build Logs\n  - Dashboard Visualizations\n\nEnhance your workflow, improve security, and gain valuable insights.\n","short_description":"sbom.sh - Simplify SBOM Management and sharing incl. vuln-scanning with GitHub Actions","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16706?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16706,"state":6,"name":"sbom.sh - Easy creating, vuln scanning and sharing of SBOMs.","slug":"sbom-sh-easy-creating-vuln-scanning-and-sharing-of-sboms","short_description":"sbom.sh - Simplify SBOM Management and sharing incl. vuln-scanning with GitHub Actions","full_description":"# sbom.sh - Streamline Your SBOM Management\n\nA powerful GH Action for easy creation, vuln-scanning, and sharing of **Software Bill of Materials (SBOMs)**. Integrating with **Grype**, **Trivy**, and **Syft**, it supports **sbomqs** for quality scoring.\n\n## Features\n- **Automated SBOM Creation**\n- **Integrated Scanning with Top Tools**\n- **SBOM Quality Check**\n- **Track URLs in Build Logs**\n- **Dashboard Visualizations**\n\nEnhance your workflow, improve security, and gain valuable insights.\n","extended_description":"## Key Features\n- **Easy SBOM Creation**: Generate SBOMs effortlessly as part of your CI/CD pipeline.\n- **Vulnerability Scanning Integration**: Works with Grype, Trivy, and Syft for comprehensive vulnerability analysis.\n- **Quality Scoring with sbomqs**: Evaluate SBOM quality scores for better insights.\n- **Track Unique URLs**: Maintain a clear audit trail by tracking URLs generated during the build process.\n- **User-Friendly Dashboard**: Visualize SBOM data easily for analysis and decision-making.\n\n## Benefits\n- **Enhanced Security**: Identify potential vulnerabilities early in the development cycle.\n- **Compliance Ready**: Ensure adherence to security standards.\n- **Efficiency**: Automate SBOM management within your existing workflow.\n- **Transparency**: Offer clear insights into software components and dependencies.\n\nSuitable for projects of all sizes.\n","primary_category_id":10,"secondary_category_id":6,"privacy_policy_url":"https://codenotary.com/privacy-policy","tos_url":"https://codenotary.com/terms-of-service","company_url":"https://codenotary.com","status_url":"","support_url":"https://codenotary.freshdesk.com/support/home","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":"https://sbom.sh","how_it_works":null,"hero_card_background_image_id":4227,"technical_email":"dennis@codenotary.com","marketing_email":"dennis@codenotary.com","finance_email":"dennis@codenotary.com","direct_billing_enabled":false,"by_github":false,"security_email":"dennis@codenotary.com","listable_type":"OauthApplication","listable_id":2378229,"copilot_app":false}}},{"type":"marketplace_listing","id":"16695","state":"unverified","name":"Veracode Workflow App","free":true,"primary_category":"Security","secondary_category":"Code review","is_verified_owner":false,"slug":"veracode-workflow-app","owner_login":"veracode","resource_path":"/marketplace/veracode-workflow-app","installation_count":239,"full_description":"Automate scans easily – and at scale - by leveraging our Veracode app and using a single workflow to control your\nsecurity program across your organization!\n\nFeatures at-a-glance\n\n  - Automate scans from one place across thousands of repositories\n  - Static, SCA, and Container scans on developer activity from a single “Master” workflow\n  - Zero configuration for Developers - scans run automatically without having to add workflows to individual repo’s\n  - Broad language support\n","short_description":"Automate scans at scale by using our Veracode app to orchestrate scans across your entire portfolio","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16695?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16695,"state":6,"name":"Veracode Workflow App","slug":"veracode-workflow-app","short_description":"Automate scans at scale by using our Veracode app to orchestrate scans across your entire portfolio","full_description":"Automate scans easily – and at scale - by leveraging our Veracode app and using a single workflow to control your security program across your organization! \n\n### Features at-a-glance\n- Automate scans from one place across thousands of repositories\n- Static, SCA, and Container scans on developer activity from a single “Master” workflow\n- Zero configuration for Developers - scans run automatically without having to add workflows to individual repo’s\n- Broad language support\n","extended_description":"### Scan all your repo’s fast!\nScan your repo’s without having to worry about having workflow files scattered across your org\n\n- **1:** Install the app \n- **2:** Veracode automatically forks a template workflow repo into your org if you install the app on all repo's\n    - Or fork the official [Veracode workflow repo](https://github.com/veracode/github-actions-integration) yourself into your root folder and name it `veracode`\n- **3:** Add your credentials to this SINGLE repo\n- **DONE!** Developers get their code scanned automatically and results are viewed as GitHub Checks!\n\n### Scan automatically – set it and forget it!\nAfter installing the app and having the Veracode workflow repo sitting in your org, here’s what happens:\n- Anytime a developer pushes code – a static, SCA, and container scan runs\n- Anytime a developer merges code to your default branch – results are saved to the platform\n- All these can be configured with a few keypresses to match your own security program!","primary_category_id":6,"secondary_category_id":10,"privacy_policy_url":"https://www.veracode.com/legal-privacy/privacy-statement","tos_url":"","company_url":"https://www.veracode.com/","status_url":"","support_url":"https://www.veracode.com/resources/customers/technical-support","documentation_url":"https://docs.veracode.com/r/GitHub_Workflow_Integration_for_Repo_Scanning","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4225,"technical_email":"mtawadrous@veracode.com","marketing_email":"evelarde@Veracode.com","finance_email":"mtawadrous@veracode.com","direct_billing_enabled":false,"by_github":false,"security_email":"oboyle@Veracode.com","listable_type":"Integration","listable_id":484771,"copilot_app":false}}},{"type":"marketplace_listing","id":"16598","state":"unverified","name":"Open Buckets","free":true,"primary_category":"AI Assisted","secondary_category":"Security","is_verified_owner":false,"slug":"open-buckets","owner_login":"openbuckets","resource_path":"/marketplace/open-buckets","installation_count":24,"full_description":"OpenBuckets.io is a sophisticated security tool engineered to enhance the protection of cloud storage buckets,\nspecializing in platforms such as Amazon S3 and Azure Blob Storage. It meticulously scans and identifies potential\nvulnerabilities, ensuring that data is impermeable to unauthorized access and security breaches.\n","short_description":"OpenBuckets.io is a security tool for identifying vulnerabilities in cloud storage buckets across various platform","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16598?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16598,"state":6,"name":"Open Buckets","slug":"open-buckets","short_description":"OpenBuckets.io is a security tool for identifying vulnerabilities in cloud storage buckets across various platform","full_description":"OpenBuckets.io is a sophisticated security tool engineered to enhance the [protection of cloud storage buckets](https://openbuckets.io), specializing in platforms such as Amazon S3 and Azure Blob Storage. It meticulously scans and identifies potential vulnerabilities, ensuring that data is impermeable to unauthorized access and security breaches.","extended_description":"OpenBuckets.io stands as a bastion in safeguarding sensitive information, optimizing security protocols to shield against the ever-evolving landscape of cyber threats. \n\nUtilize OpenBuckets.io to fortify your cloud storage defenses, ensuring the integrity and confidentiality of your data. Its innovative approach in unearthing and mitigating risks makes it an indispensable asset in bolstering cloud storage security. \n\nOpenBuckets.io transcends conventional security measures, offering a robust and dynamic solution to secure data in the realm of cloud storage.","primary_category_id":6,"secondary_category_id":39,"privacy_policy_url":"https://openbuckets.io/privacy-policy","tos_url":"https://openbuckets.io/terms-and-conditions","company_url":"https://openbuckets.io","status_url":"https://openbuckets.io","support_url":"https://openbuckets.io/support","documentation_url":"https://openbuckets.io/api-docs","pricing_url":null,"bgcolor":"1a243d","light_text":false,"learn_more_url":null,"installation_url":"https://openbuckets.io","how_it_works":null,"hero_card_background_image_id":4201,"technical_email":"support@openbuckets.io","marketing_email":"support@openbuckets.io","finance_email":"support@openbuckets.io","direct_billing_enabled":false,"by_github":false,"security_email":"support@openbuckets.io","listable_type":"OauthApplication","listable_id":2370988,"copilot_app":false}}},{"type":"marketplace_listing","id":"16139","state":"unverified","name":"EdgeBit Security","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":false,"slug":"edgebit-security","owner_login":"edgebitio","resource_path":"/marketplace/edgebit-security","installation_count":14,"full_description":"Prevent insecure dependencies before they can merge. Track and remediate vulnerabilities in your entire supply chain.\n\nEdgeBit is a real-time SCA tool that uses data about how your app executes in production to filter out irrelevant\nvulnerabilities and dormant code.\n","short_description":"Real-time SCA tool to find issues in your supply chain and rank threats with context from production execution","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16139?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16139,"state":6,"name":"EdgeBit Security","slug":"edgebit-security","short_description":"Real-time SCA tool to find issues in your supply chain and rank threats with context from production execution","full_description":"**Prevent insecure dependencies before they can merge. Track and remediate vulnerabilities in your entire supply chain.**\n\nEdgeBit is a [real-time SCA tool](https://edgebit.io/solutions/vulnerability-management/?utm_source=github) that uses data about how your app executes in production to filter out irrelevant vulnerabilities and dormant code.\n\n","extended_description":" - **Detection in Pull Request**: Identify risks in new dependencies right in a PR\n - **Prioritized CVEs**: Ruthlessly prioritize issues to fix based on real-time context\n - **Supply Chain Inventory**: Track dependency track usage across your software components\n - **Generate SBOMs automatically**: SBOMs for compliance artifacts\n \n Dependencies for software products are exploding in number and with that comes a sprawling supply chain. A supply chain isn't just a build-time check, it's highly dynamic.\n\nEdgeBit watches in real time — we cross-reference your build pipelines here on GitHub and server fleet with multiple data sources to communicate your live inventory and actual risk.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://edgebit.io/legal/privacy/","tos_url":"https://edgebit.io/legal/terms/","company_url":"https://edgebit.io","status_url":"https://status.edgebit.io","support_url":"https://edgebit.io/support/","documentation_url":"https://edgebit.io/docs/0.x/","pricing_url":null,"bgcolor":"fff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"eugene@edgebit.io","marketing_email":"founders@edgebit.io","finance_email":"rob@edgebit.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@edgebit.io","listable_type":"Integration","listable_id":357519,"copilot_app":false}}},{"type":"marketplace_listing","id":"16019","state":"unverified","name":"Pixeebot | Automated code fixes.","free":true,"primary_category":"AI Assisted","secondary_category":"Security","is_verified_owner":true,"slug":"pixeebot-automated-code-fixes","owner_login":"pixee","resource_path":"/marketplace/pixeebot-automated-code-fixes","installation_count":1722,"full_description":"Code security is complex work. Let Pixeebot handle it for you.\n\nPixeebot currently supports Java and Python. Install now to get on the waitlist for future languages. ✨ AI features\nenabled by default. Learn more.\n\nJust as Dependabot keeps your dependencies up to date, Pixeebot helps ensure your code is - and stays - secure. Pixeebot\nimmediately starts monitoring your repository and makes suggestions that are easy for your team to absorb.\n","short_description":"Your Automated Product Security Engineer","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16019?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16019,"state":6,"name":"Pixeebot | Automated code fixes.","slug":"pixeebot-automated-code-fixes","short_description":"Your Automated Product Security Engineer","full_description":"# Code security is complex work. Let Pixeebot handle it for you.\n\n>Pixeebot currently supports **Java** and **Python**. Install now to get on the waitlist for future languages. ✨ AI features enabled by default. [Learn more](https://docs.pixee.ai/faqs/).\n\nJust as Dependabot keeps your dependencies up to date, Pixeebot helps ensure your code is - and stays - secure. Pixeebot immediately starts monitoring your repository and makes suggestions that are easy for your team to absorb.","extended_description":"### Pixeebot is not a code scanner, and it’s not going to send you reports. It just hardens your code and fixes stuff.\nNo findings to review, just PRs to accept+merge!\n\n### Harden code continuously\nEvery week, Pixeebot sends a pull request to your default branch with suggested security improvements. Even summon Pixeebot with **@pixeebot next** if you’re ready for more.\n\n### Fix vulnerabilities\nPixeebot also reviews results from your SAST code scanners and auto-remediates whenever possible. All you have to do is approve!\n\n### Uplevel security with PR tune-ups\nEach new pull request your team creates gets automatic feedback from Pixeebot, whether it’s confirmation that everything looks good, or a PR with suggestions. No reports, just actual code fixes you can merge in one step.\n\n### We keep up to date on security best practices, so you don’t have to\nOur security experts stay on top of the latest research to make sure you’re protected from all the latest security threats.","primary_category_id":39,"secondary_category_id":6,"privacy_policy_url":"https://pixee.ai/privacy","tos_url":"https://pixee.ai/terms","company_url":"https://pixee.ai","status_url":"https://docs.pixee.ai/status","support_url":"https://docs.pixee.ai","documentation_url":"https://docs.pixee.ai","pricing_url":null,"bgcolor":"fbfafb","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4069,"technical_email":"david@pixee.ai","marketing_email":"surag@pixee.ai","finance_email":"surag@pixee.ai","direct_billing_enabled":false,"by_github":false,"security_email":"david@pixee.ai","listable_type":"Integration","listable_id":193111,"copilot_app":false}}},{"type":"marketplace_listing","id":"15916","state":"unverified","name":"Panoptica GitHub","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":false,"slug":"panoptica-github","owner_login":"cisco-panoptica","resource_path":"/marketplace/panoptica-github","installation_count":159,"full_description":"Panoptica s GitHub app enables easy integration of the Panoptica platform to your GitHub organizations and repositories\nproviding IaC, Secret, SAST and SCM Posture scanning to detect, prioritize and prevent security issues.\n","short_description":"Scan IaC in your repository to detect security issues, prioritize risks, and prevent risky configurations before deployment","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/15916?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":15916,"state":6,"name":"Panoptica GitHub","slug":"panoptica-github","short_description":"Scan IaC in your repository to detect security issues, prioritize risks, and prevent risky configurations before deployment","full_description":"Panoptica's GitHub app enables easy integration of the Panoptica platform to your GitHub organizations and repositories providing IaC, Secret, SAST and SCM Posture scanning to detect, prioritize and prevent security issues.","extended_description":"# Panoptica for GitHub\n\nOur tool is engineered to fortify your repositories and organization's security, connecting directly with the Panoptica platform for a unified security management experience and enabling your team true shift security left.\n\n## Panoptica Platform Key Features\n\n- IaC Scanning - Scan IaC templates for potential security issues and misconfigurations.\n- Secret Leak Scanning - Detect exposed credentials within your repositories.\n- Static Application Security Testing (SAST) - Identify vulnerabilities in your source code.\n- Posture Scanning - Evaluate and identify misconfigurations in your GitHub repositories and organizations to maintain robust security standards.\n- Aggregated Security Insights - Obtain an aggregated view of security findings across your different repositories, aiding in comprehensive security analysis and decision-making.","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://www.panoptica.app/cisco-online-privacy-statement","tos_url":"https://www.panoptica.app/terms-and-conditions","company_url":"https://www.cisco.com","status_url":"","support_url":"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html","documentation_url":"https://docs.panoptica.app/v2.0/docs","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"sales@panoptica.app","marketing_email":"sales@panoptica.app","finance_email":"sales@panoptica.app","direct_billing_enabled":false,"by_github":false,"security_email":"sales@panoptica.app","listable_type":"Integration","listable_id":374303,"copilot_app":false}}}],"total":37,"total_pages":2},"categories":{"apps":[{"name":"API management","slug":"api-management","description_html":"<p>Structure your API infrastructure to enable various internet gateways to interact with your service.</p>\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"<p>Utilities providing periodic backups of your GitHub data</p>\n"},{"name":"Chat","slug":"chat","description_html":"<p>Bring GitHub into your conversations.</p>\n"},{"name":"Code quality","slug":"code-quality","description_html":"<p>Automate your code review with style, quality, security, and test‑coverage checks when you need them.</p>\n"},{"name":"Code review","slug":"code-review","description_html":"<p>Ensure your code meets quality standards and ship with confidence.</p>\n"},{"name":"Container CI","slug":"container-ci","description_html":"<p>Continuous integration for container applications.</p>\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"<p>Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.</p>\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"<p>Secure and manage your third-party dependencies.</p>\n"},{"name":"Deployment","slug":"deployment","description_html":"<p>Streamline your code deployment so you can focus on your product.</p>\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"<p>Enables custom protection rules to gate deployments with third-party services</p>\n"},{"name":"Game CI","slug":"game-ci","description_html":"<p>Tools for building a CI pipeline for game development</p>\n"},{"name":"IDEs","slug":"ides","description_html":"<p>Find the right interface to build, debug, and deploy your source code.</p>\n"},{"name":"Learning","slug":"learning","description_html":"<p>Get the skills you need to level up.</p>\n"},{"name":"Localization","slug":"localization","description_html":"<p>Extend your software's reach. Localize and translate continuously from GitHub.</p>\n"},{"name":"Mobile","slug":"mobile","description_html":"<p>Improve your workflow for the small screen.</p>\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"<p>Continuous integration for Mobile applications</p>\n"},{"name":"Monitoring","slug":"monitoring","description_html":"<p>Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.</p>\n"},{"name":"Project management","slug":"project-management","description_html":"<p>Organize, manage, and track your project with tools that build on top of issues and pull requests.</p>\n"},{"name":"Publishing","slug":"publishing","description_html":"<p>Get your site ready for production so you can get the word out.</p>\n"},{"name":"Recently added","slug":"recently-added","description_html":"<p>The latest tools that help you and your team build software better, together.</p>\n"},{"name":"Security","slug":"security","description_html":"<p>Find, fix, and prevent security vulnerabilities before they can be exploited.</p>\n"},{"name":"Support","slug":"support","description_html":"<p>Get your team and customers the help they need.</p>\n"},{"name":"Testing","slug":"testing","description_html":"<p>Eliminate bugs and ship with more confidence by adding these tools to your workflow.</p>\n"},{"name":"Utilities","slug":"utilities","description_html":"<p>Auxiliary tools to enhance your experience on GitHub</p>\n"}],"actions":[{"name":"API management","slug":"api-management","description_html":"<p>Structure your API infrastructure to enable various internet gateways to interact with your service.</p>\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"<p>Utilities providing periodic backups of your GitHub data</p>\n"},{"name":"Chat","slug":"chat","description_html":"<p>Bring GitHub into your conversations.</p>\n"},{"name":"Code quality","slug":"code-quality","description_html":"<p>Automate your code review with style, quality, security, and test‑coverage checks when you need them.</p>\n"},{"name":"Code review","slug":"code-review","description_html":"<p>Ensure your code meets quality standards and ship with confidence.</p>\n"},{"name":"Container CI","slug":"container-ci","description_html":"<p>Continuous integration for container applications.</p>\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"<p>Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.</p>\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"<p>Secure and manage your third-party dependencies.</p>\n"},{"name":"Deployment","slug":"deployment","description_html":"<p>Streamline your code deployment so you can focus on your product.</p>\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"<p>Enables custom protection rules to gate deployments with third-party services</p>\n"},{"name":"Game CI","slug":"game-ci","description_html":"<p>Tools for building a CI pipeline for game development</p>\n"},{"name":"GitHub Sponsors","slug":"github-sponsors","description_html":"<p>Tools to manage your <a href=\"https://github.com/sponsors\">GitHub Sponsors</a> community</p>\n"},{"name":"IDEs","slug":"ides","description_html":"<p>Find the right interface to build, debug, and deploy your source code.</p>\n"},{"name":"Learning","slug":"learning","description_html":"<p>Get the skills you need to level up.</p>\n"},{"name":"Localization","slug":"localization","description_html":"<p>Extend your software's reach. Localize and translate continuously from GitHub.</p>\n"},{"name":"Mobile","slug":"mobile","description_html":"<p>Improve your workflow for the small screen.</p>\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"<p>Continuous integration for Mobile applications</p>\n"},{"name":"Monitoring","slug":"monitoring","description_html":"<p>Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.</p>\n"},{"name":"Project management","slug":"project-management","description_html":"<p>Organize, manage, and track your project with tools that build on top of issues and pull requests.</p>\n"},{"name":"Publishing","slug":"publishing","description_html":"<p>Get your site ready for production so you can get the word out.</p>\n"},{"name":"Security","slug":"security","description_html":"<p>Find, fix, and prevent security vulnerabilities before they can be exploited.</p>\n"},{"name":"Support","slug":"support","description_html":"<p>Get your team and customers the help they need.</p>\n"},{"name":"Testing","slug":"testing","description_html":"<p>Eliminate bugs and ship with more confidence by adding these tools to your workflow.</p>\n"},{"name":"Utilities","slug":"utilities","description_html":"<p>Auxiliary tools to enhance your experience on GitHub</p>\n"}]}},"title":"Marketplace"}