![\"Supported](\"https://gallery.mailchimp.com/6c07c586e98eabf488f8ee14f/images/ee5bf0d2-a37a-43c7-b4ed-57a1d4e2fa42.png\")
\n\nWe currently support **static code analysis** and/or **vulnerable dependencies checks** for 20+ programming languages. GuardRails can also be used on any kind of repositories to prevent secrets leakage thanks to our **secrets detection** engines. \n\nGuardRails works out of the box, _no configuration required_. However, if you want a custom experience, please refer to our documentation for the [configuration](https://docs.guardrails.io/docs/configuration) options. For example, you can **integrate GuardRails with Slack** to get the right notifications right where you want them.","primary_category_id":6,"secondary_category_id":2,"privacy_policy_url":"https://www.guardrails.io/privacy","tos_url":"https://www.guardrails.io/docs/en/terms","company_url":"https://www.guardrails.io","status_url":"https://guardrailsio.statuspage.io/","support_url":"https://support.guardrails.io","documentation_url":"https://docs.guardrails.io","pricing_url":null,"bgcolor":"fff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1042,"technical_email":"yamil@guardrails.io","marketing_email":"stefan@guardrails.io","finance_email":"sales@guardrails.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@guardrails.io","listable_type":"Integration","listable_id":5512,"copilot_app":false}}},{"type":"marketplace_listing","id":"7736","state":"verified","name":"Cloudback: GitHub Backup & Restore","free":false,"primary_category":"Security","secondary_category":"Backup Utilities","is_verified_owner":true,"slug":"cloudback","owner_login":"cloudback","resource_path":"/marketplace/cloudback","installation_count":998,"full_description":"Cloudback secures your GitHub repositories with recurrent data backups\n\n - SOC2 in progress\n - Automatic backups\n - Self-sufficient password-protected ZIP archives with AES-256 encryption\n - Customer storages: S3, OneDrive, Azure, GCP, Wasabi, Alibaba, etc\n - Cloudback storages: USA, EU, UK, Asia\n - Data deduplication\n - Backup replication\n - Audit log\n - Instant email and messenger notifications: Slack, MS Teams, Discord\n - AWS S3 Object Lock and Tag Support\n - And more\n","short_description":"Backup repositories, metadata and LFS into AWS, Azure, OneDrive, GCP, etc. Pay per repositories, not seats. SOC2 in progress","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/7736?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":7736,"state":3,"name":"Cloudback: GitHub Backup & Restore","slug":"cloudback","short_description":"Backup repositories, metadata and LFS into AWS, Azure, OneDrive, GCP, etc. Pay per repositories, not seats. SOC2 in progress","full_description":"Cloudback secures your GitHub repositories with recurrent data backups\n- SOC2 in progress\n- Automatic backups\n- Self-sufficient password-protected ZIP archives with AES-256 encryption\n- Customer storages: S3, OneDrive, Azure, GCP, Wasabi, Alibaba, etc\n- Cloudback storages: USA, EU, UK, Asia\n- Data deduplication\n- Backup replication\n- Audit log\n- Instant email and messenger notifications: Slack, MS Teams, Discord\n- AWS S3 Object Lock and Tag Support\n- And [more](https://cloudback.it/pricing#all)","extended_description":"## Features\nWe offer the most comprehensive backup on the market. Cloudback lets you store all the information you need to restore the entire repository in the event of a disaster. Back up the GitHub repository code, issues, labels, comments, milestones, etc. \n\n### Customer-managed storages\n - Microsoft Azure Blob Storage\n - Microsoft OneDrive\n - Amazon S3\n - Google Cloud Storage\n - Alibaba Cloud Object Storage\n - OpenStack Swift\n\n### Customer-managed encryption keys\n- Coming soon\n \n### Cloudback-managed storages\n - US, EU, UK, Sidney, Singapore\n\n### Data deduplication \n- Reduce storage costs while using your own storage. [Learn more](https://cloudback.it/docs/deduplication).\n\n### Backup replication\n- Leverage composite storages to replicate backups across multiple locations.\n\n### Fair pricing\n- Pay per repository, not seats. \n- All features included, no matter the plan.\n\n### And more\n- Learn more about Cloudback features in our [docs](https://cloudback.it/docs/what-is-cloudback).","primary_category_id":6,"secondary_category_id":41,"privacy_policy_url":"https://cloudback.it/docs/privacy","tos_url":"https://cloudback.it/docs/terms","company_url":"https://cloudback.it/","status_url":"","support_url":"https://cloudback.it/contact","documentation_url":"https://cloudback.it/docs/what-is-cloudback","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1921,"technical_email":"team@cloudback.it","marketing_email":"team@cloudback.it","finance_email":"team@cloudback.it","direct_billing_enabled":false,"by_github":false,"security_email":"team@cloudback.it","listable_type":"Integration","listable_id":74074,"copilot_app":false}}},{"type":"marketplace_listing","id":"8269","state":"verified","name":"Semgrep","free":false,"primary_category":"Security","secondary_category":"Code quality","is_verified_owner":true,"slug":"semgrep-dev","owner_login":"semgrep","resource_path":"/marketplace/semgrep-dev","installation_count":6646,"full_description":"Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and\nenforcing code standards. With 2,000+ built-in rules and easy-to-create custom ones, it finds the bugs that matter.\n\n - Open source engine, works on 25+ languages\n - Scan with 2,000+ community rules\n - Write rules that look like your code\n - Quickly get results in the terminal, editor, or CI/CD\n - Flag issues and get results in pull requests, Slack, + more\n","short_description":"Code scanning at ludicrous speed. Find bugs and reachable dependency vulnerabilities. Enforce standards on every commit","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/8269?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":8269,"state":3,"name":"Semgrep","slug":"semgrep-dev","short_description":"Code scanning at ludicrous speed. Find bugs and reachable dependency vulnerabilities. Enforce standards on every commit","full_description":"[Semgrep](https://semgrep.dev/) is a fast, open-source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards. With 2,000+ built-in rules and easy-to-create custom ones, it finds the bugs that matter.\n\n- Open source engine, works on 25+ languages\n- Scan with 2,000+ community rules\n- Write rules that look like your code\n- Quickly get results in the terminal, editor, or CI/CD\n- Flag issues and get results in pull requests, Slack, + more","extended_description":"This GitHub App allows you to get Semgrep results as PR comments, add Semgrep to your projects with one-click, and manage rules and results across multiple projects from one centralized place. Learn more at [semgrep.dev](https://semgrep.dev/).\n\nSemgrep is supported by Semgrep, Inc. It is an evolution of [pfff](https://github.com/returntocorp/pfff/), which began at Facebook in 2009, which itself was an evolution of the Linux refactoring tool [Coccinelle](https://en.wikipedia.org/wiki/Coccinelle_(software)).","primary_category_id":6,"secondary_category_id":12,"privacy_policy_url":"https://semgrep.dev/privacy","tos_url":"https://semgrep.dev/terms","company_url":"https://semgrep.dev","status_url":"https://status.semgrep.dev/","support_url":"support@semgrep.com","documentation_url":"https://semgrep.dev/docs","pricing_url":null,"bgcolor":"293331","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2901,"technical_email":"support@semgrep.com","marketing_email":"marketing@semgrep.com","finance_email":"accounts-payable@semgrep.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@semgrep.com","listable_type":"Integration","listable_id":60555,"copilot_app":false}}},{"type":"marketplace_listing","id":"9823","state":"verified","name":"GitProtect.io FREE Backup for GitHub","free":false,"primary_category":"Backup Utilities","secondary_category":"Security","is_verified_owner":true,"slug":"gitprotect-io","owner_login":"xoperosoftware","resource_path":"/marketplace/gitprotect-io","installation_count":1044,"full_description":"The ultimate GitHub Backup DR trusted by thousands of organizations - NHS, HEMA, RED, Netguru more.\n\n“I worked with other backup products and never felt comfortable that the backup plan was going to work as expected” -\nThe Wharton School\n\nBenefits:\n\n - Automatic backup of repos, metadata, LFS\n - #1 Disaster Recovery\n - Any storage - free cloud included or your own on-prem/S3/any cloud\n - Ransomware Protection\n - SOC 2 audited, best-in-class security\n","short_description":"Automatic, daily repo and metadata backup - no maintenance needed: fast restore, DR, AWS, and S3 cloud storage support","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/9823?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":9823,"state":3,"name":"GitProtect.io FREE Backup for GitHub","slug":"gitprotect-io","short_description":"Automatic, daily repo and metadata backup - no maintenance needed: fast restore, DR, AWS, and S3 cloud storage support","full_description":"**The ultimate[ GitHub Backup](https://gitprotect.io/github.html) & DR trusted by thousands of organizations** - NHS, HEMA, RED, Netguru & more.\n\n“_I worked with other backup products and never felt comfortable that the backup plan was going to work as expected_” - The Wharton School\n\n**Benefits:**\n\n- Automatic backup of repos, metadata, LFS\n- #1 Disaster Recovery\n- Any storage - free cloud included or your own on-prem/S3/any cloud\n- Ransomware Protection\n- SOC 2 audited, best-in-class security","extended_description":"### Key features\n\n**Fast setup**\nAutomatic GitHub backup on schedule/on-demand\n\n**Repos & Metadata Backup**\nProtect the entire GitHub account- repos, LFS, all metadata -pull requests, issues, wikis, & more\n\n**Multi-storage for replication, not sync**\nUse free cloud storage included, or bring your on-prem/cloud, i.e. AWS S3, Azure, Google & more for replication and 3-2-1 backup\n\n**#1 Disaster Recovery**\nGranular restore or instant Disaster Recovery to many destinations - same/new account, local machine, other platforms\n\n**Ransomware Protection** \nBackup is last line of defense, so we made it ransomware-proof\n\n**ISO/SOC 2 compliance**\nAES257 encryption, own key, audit-ready reports, **best security proven by SOC 2**\n\n**Enterprise-class features**\nUnlimited retention, GFS, multitenancy& [all features](https://gitprotect.io/github-cheat-sheet.pdf)\n\n☎️ [Book Demo](https://calendly.com/d/3s9-n9z-pgc/gitprotect-live-demo?utm_medium=marketplace&utm_source=gitprotect%20github&utm_campaign=demo)","primary_category_id":41,"secondary_category_id":6,"privacy_policy_url":"https://xopero.com/data-protection-policy/","tos_url":"https://xopero.com/terms/terms-of-service/","company_url":"https://xopero.com/","status_url":"","support_url":"https://support.xopero.com/hc/en-us/requests/new","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":"https://one.xopero.com/api/github/marketplace","how_it_works":null,"hero_card_background_image_id":2483,"technical_email":"g.bak@xopero.com","marketing_email":"g.bak@xopero.com","finance_email":"sales@xopero.com","direct_billing_enabled":false,"by_github":false,"security_email":"g.bak@xopero.com","listable_type":"OauthApplication","listable_id":1617854,"copilot_app":false}}},{"type":"marketplace_listing","id":"13390","state":"verified","name":"Socket Security","free":false,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"socket-security","owner_login":"SocketDev","resource_path":"/marketplace/socket-security","installation_count":5627,"full_description":"Prevent malicious open source dependencies from infiltrating your apps.\n\nSocket dramatically improves your open source security posture by detecting and blocking the attacks you don t expect –\nmalware, install scripts, hidden code, typo-squatting, and more – which aren t caught by traditional vulnerability\nscanners.\n\n - Block malware – Block emerging malware threats\n - Block typo-squatting – Block malicious packages that differ in name by only a few characters\n","short_description":"Protect your app from malicious open source dependencies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/13390?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":13390,"state":3,"name":"Socket Security","slug":"socket-security","short_description":"Protect your app from malicious open source dependencies","full_description":"**Prevent malicious open source dependencies from infiltrating your apps.**\n\nSocket dramatically improves your open source security posture by _detecting and blocking the attacks you don't expect_ – malware, install scripts, hidden code, typo-squatting, and more – which aren't caught by traditional vulnerability scanners.\n\n- **Block malware** – Block emerging malware threats\n- **Block typo-squatting** – Block malicious packages that differ in name by only a few characters","extended_description":"- **Detect hidden code** – Detect obfuscated, minified, or hidden code\n- **Detect privileged API usage** – Report when a dependency update introduces new risky API usage – filesystem, network, child_process, eval()\n- **Detect suspicious updates** – Sudden inclusion of privileged APIs in patch or minor releases\n\nSocket currently [supports 70 detections](https://socket.dev/npm/issue) in 5 categories: supply chain risk, quality, maintenance, known vulnerabilities, and license problems.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://socket.dev/privacy","tos_url":"https://socket.dev/terms","company_url":"https://socket.dev","status_url":"https://status.socket.dev","support_url":"https://socket.dev/contact","documentation_url":"https://docs.socket.dev","pricing_url":null,"bgcolor":"FFDDFF","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":3211,"technical_email":"eng@socket.dev","marketing_email":"feross@socket.dev","finance_email":"accountant@socket.dev","direct_billing_enabled":false,"by_github":false,"security_email":"security@socket.dev","listable_type":"Integration","listable_id":156372,"copilot_app":false}}},{"type":"marketplace_listing","id":"13509","state":"verified","name":"Codeac.io","free":false,"primary_category":"Code quality","secondary_category":"Security","is_verified_owner":true,"slug":"codeac-io","owner_login":"codeacio","resource_path":"/marketplace/codeac-io","installation_count":196,"full_description":"Codeac is an Automated Code Review Tool that monitors your technical debt. It helps you improve your code quality and\nteaches best practices to your developers to save time during Code Reviews.\n","short_description":"We help developers write clean code","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/13509?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":13509,"state":3,"name":"Codeac.io","slug":"codeac-io","short_description":"We help developers write clean code","full_description":"**Codeac** is an Automated Code Review Tool that monitors your technical debt. It helps you improve your code quality and teaches best practices to your developers to save time during Code Reviews.","extended_description":"Codeac brings a set of analyzers to your workflow with unified standards across the whole team. This helps you get actionable feedback after each commit so you can keep the quality of the codebase at a high level.\n\n### Track your technical debt\nCodeac helps you guard all the critical metrics to give you **actionable feedback** and insight about the current state of your codebase. This will help you keep track of your code quality over time.\n\n### Seamless integration\nFor all commits and pull requests, Codeac sends the results back to GitHub.\n\n### 12+ different languages - one platform\nAll projects consist of various technologies; sometimes, it can be hard to keep all the analyzers updated. Now, you can leave the update on us and focus on what's important - developing your software.\n\n### Infrastructure as Code analyses\nCodeac can analyze all the code in your repositories, including Infrastructure as Code like Ansible, Terraform, and more.","primary_category_id":12,"secondary_category_id":6,"privacy_policy_url":"https://www.codeac.io/privacy-policy.html","tos_url":"","company_url":"https://www.codeac.io/","status_url":"","support_url":"https://www.codeac.io/documentation/getting-started.html","documentation_url":"https://www.codeac.io/documentation/index.html","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":3797,"technical_email":"support@codeac.io","marketing_email":"support@codeac.io","finance_email":"support@codeac.io","direct_billing_enabled":false,"by_github":false,"security_email":"support@codeac.io","listable_type":"Integration","listable_id":190172,"copilot_app":false}}},{"type":"marketplace_listing","id":"15732","state":"verified","name":"AppMap","free":false,"primary_category":"Code review","secondary_category":"Security","is_verified_owner":true,"slug":"get-appmap","owner_login":"getappmap","resource_path":"/marketplace/get-appmap","installation_count":199,"full_description":"Runtime Code Review\n\nGet reports on failed tests, API changes, security flaws, performance problems, and code anti-patterns in every pull\nrequest.\n\nAppMap is a versatile open-source runtime code analysis tool compatible with Ruby, Java, Python, and Node.js. It records\ncode execution traces, gathering data about how your code works and behaves. These traces can then be displayed as\ninteractive diagrams, and analyzed to find coding flaws and problems.\n","short_description":"Runtime Code Review","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/15732?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":15732,"state":3,"name":"AppMap","slug":"get-appmap","short_description":"Runtime Code Review","full_description":" \n#\n# Runtime Code Review\n\n**Get reports on failed tests, API changes, security flaws, performance problems, and code anti-patterns in every pull request.**\n\nAppMap is a versatile open-source runtime code analysis tool compatible with Ruby, Java, Python, and Node.js. It records code execution traces, gathering data about how your code works and behaves. These traces can then be displayed as interactive diagrams, and analyzed to find coding flaws and problems.","extended_description":"### Test Failure Analysis\nAppMap identifies the root causes of test failures, highlighting the lines of code most likely to be responsible. Each test failure can be viewed as a sequence diagram “diff.”\n\n### Identification of Important API Changes\nAppMap reveals changes in HTTP / RESTful API behaviors, and presents these as differences in auto-generated OpenAPI specifications. Breaking changes are highlighted.\n\n### Security Flaw Detection\nAppMap detects vulnerabilities like missing and improper authorization, secrets in logs, and unsafe system calls.\n\n### Performance Problem Detection\nAppMap identifies anti-patterns like N+1 queries. Slow operations can be visualized within interactive flame graphs, without the need to change application code to add spans.\n\n### SQL Details\nAppMap traces exactly how your code uses the database, and where each query is coming from in your code.","primary_category_id":10,"secondary_category_id":6,"privacy_policy_url":"https://appmap.io/community/privacy-policy","tos_url":"","company_url":"https://appmap.io","status_url":"","support_url":"support@appmap.io","documentation_url":"https://appmap.io/docs/setup-appmap-in-ci/in-github-actions.html","pricing_url":null,"bgcolor":"ff07aa","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4153,"technical_email":"kevin@appmap.io","marketing_email":"elizabeth@appmap.io","finance_email":"accounting@appmap.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@appmap.io","listable_type":"Integration","listable_id":321307,"copilot_app":false}}},{"type":"marketplace_listing","id":"1177","state":"unverified","name":"Scantist Thompson","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"scantist-sca","owner_login":"scantist","resource_path":"/marketplace/scantist-sca","installation_count":298,"full_description":"Scantist’s SCA is a FREE app that provide complete visibility into the third-party components used in your applications.\n\nThis enables you to proactively manage the security risks which come from the use of such components, it helps\ncontinuously scan all your repos (private and public), detects vulnerabilities and provide remediation.\n","short_description":"Proactive vulnerability management and license compliance for your third-party components","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/1177?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":1177,"state":6,"name":"Scantist Thompson","slug":"scantist-sca","short_description":"Proactive vulnerability management and license compliance for your third-party components","full_description":"Scantist’s SCA is a FREE app that provide complete visibility into the third-party components used in your applications. \n\nThis enables you to proactively manage the security risks which come from the use of such components, it helps continuously scan all your repos (private and public), detects vulnerabilities and provide remediation.\n\n","extended_description":"## Find and Fix Vulnerabilities\nScantist SCA scan your repo thoroughly and search for all the known vulnerabilities caused by the uses of 3rd party repositories. Once the vulnerabilities have been identified, Scantist SCA finds the most suitable library version that can fix either your direct or transitive dependencies, and generate a Pull Request, sending it back to your repo.\n\n## Continuous Monitoring\nThere are new vulnerabilities being discovered and introduced everyday. Scantist SCA helps monitor your repo continuously and send notification/alert to you, keeping your repo to stay under the most secured environment.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://scantist.io","tos_url":"","company_url":"https://scantist.io","status_url":"","support_url":"support@scantist.com","documentation_url":"https://scantist.atlassian.net/wiki/spaces/SD/pages","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":"https://scantist.io","how_it_works":null,"hero_card_background_image_id":0,"technical_email":"admin@scantist.com","marketing_email":"rohan@scantist.com","finance_email":"finance@scantist.com","direct_billing_enabled":false,"by_github":false,"security_email":"ding@scantist.com","listable_type":"OauthApplication","listable_id":620146,"copilot_app":false}}},{"type":"marketplace_listing","id":"1581","state":"unverified","name":"SonarCloud","free":true,"primary_category":"Code quality","secondary_category":"Security","is_verified_owner":true,"slug":"sonarcloud","owner_login":"SonarSource","resource_path":"/marketplace/sonarcloud","installation_count":159720,"full_description":"SonarCloud helps devs merge safer, cleaner code with static analysis of your pull requests and branches. SonarCloud\ndetects Security Vulnerabilities, Bugs and Code Smells, and provides clear remediation guidance to help fix issues in\ncode.\n\nUse SonarCloud to save time during code reviews and make sure code meets quality and security requirements. SonarCloud\nnatively integrates with GitHub and decorates pull requests with analysis results.\n","short_description":"Empowering developers to detect Security Vulnerabilities, Bugs, and Code Smells in pull requests and repositories","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/1581?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":1581,"state":6,"name":"SonarCloud","slug":"sonarcloud","short_description":"Empowering developers to detect Security Vulnerabilities, Bugs, and Code Smells in pull requests and repositories","full_description":"[SonarCloud](https://www.sonarcloud.io) helps devs merge safer, cleaner code with **static analysis** of your pull requests and branches. SonarCloud detects Security Vulnerabilities, Bugs and Code Smells, and provides clear **remediation guidance** to help fix issues in code.\n\nUse SonarCloud to save time during code reviews and make sure **code meets quality and security requirements**. SonarCloud natively integrates with GitHub and decorates pull requests with analysis results.","extended_description":"**High-quality feedback, early in your workflow**\nAnalyze your code automatically after every commit and get a comprehensive report in your pull request directly. \n\n**Software quality and security monitoring**\nFollow key metrics about your code: Security, Maintainability, Reliability, Code coverage, Code duplications.\n\n**Support for continuous integration and delivery**\nFail pipelines when the quality or security of your code doesn’t meet the requirements you set for it.\n\n**Developer-centric experience**\nLearn and implement coding best practices with a tool that has been tailored for developers needs specifically.\n","primary_category_id":12,"secondary_category_id":6,"privacy_policy_url":"https://sonarcloud.io/documentation/appendices/privacy/","tos_url":"https://sonarcloud.io/terms.pdf","company_url":"https://sonarcloud.io","status_url":"https://status.sonarcloud.io","support_url":"https://community.sonarsource.com","documentation_url":"https://sonarcloud.io/documentation/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2630,"technical_email":"sonarcloud-github@sonarsource.com","marketing_email":"marketing@sonarsource.com","finance_email":"contact@sonarsource.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@sonarsource.com","listable_type":"Integration","listable_id":12526,"copilot_app":false}}},{"type":"marketplace_listing","id":"3768","state":"unverified","name":"Debricked","free":false,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"debricked","owner_login":"debricked","resource_path":"/marketplace/debricked","installation_count":2373,"full_description":"Debricked s tool allows you to discover known vulnerabilities in your open source-libraries in an early stage of your\ndevelopment process. Identify, fix and prevent open source vulnerabilities automatically with enforceable pipeline\nrules. Spend less time on manual security research and fixes; let Debricked do the work for you.\n\nDebricked is free for all open source projects!\n","short_description":"Automatically identify, fix and prevent vulnerabilities in your open source dependencies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/3768?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":3768,"state":6,"name":"Debricked","slug":"debricked","short_description":"Automatically identify, fix and prevent vulnerabilities in your open source dependencies","full_description":"Debricked's tool allows you to discover known vulnerabilities in your open source-libraries in an early stage of your development process. **Identify**, **fix** and **prevent** open source vulnerabilities automatically with enforceable pipeline rules. Spend less time on manual security research and fixes; let Debricked do the work for you. \n\n**Debricked is free for all open source projects!** \n\n\n\n\n\n","extended_description":"Debricked makes it easy to maintain a good state of security in your project. \n\nThe tool allows you to:\n\n- Detect vulnerabilities in your direct and indirect dependencies\n- Integrate seamlessly with other systems used in your everyday workflow\n- Prioritise with the help of our own score, debAI, and make informed decisions \n- Fix vulnerabilities using our suggestions and advise as well as pull requests\n- Prevent dependencies with severe vulnerabilities from entry using automated rules\n- Prevent using dependencies with incompatible licenses\n\nWe support a [wide range of languages and package managers](https://debricked.com/documentation/language-support/), and more are being added as we go!\n\n","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://debricked.com/privacy-policy/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","tos_url":"https://debricked.com/terms-and-conditions/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","company_url":"https://debricked.com/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","status_url":"","support_url":"https://debricked.com/contact/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","documentation_url":"https://debricked.com/documentation/1.0/integrations/ci-build-systems/github?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","pricing_url":null,"bgcolor":"0d1840","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2763,"technical_email":"oscar.reimer@debricked.com","marketing_email":"joanna.qvarnstrom@debricked.com","finance_email":"daniel.wisenhoff@debricked.com","direct_billing_enabled":false,"by_github":false,"security_email":"martin.hell@debricked.com","listable_type":"Integration","listable_id":24490,"copilot_app":false}}},{"type":"marketplace_listing","id":"4315","state":"unverified","name":"Nightfall DLP: GitHub Secrets Scanner","free":true,"primary_category":"AI Assisted","secondary_category":"Security","is_verified_owner":true,"slug":"watchtower-radar","owner_login":"nightfallai","resource_path":"/marketplace/watchtower-radar","installation_count":24,"full_description":"Detect sensitive data in your GitHub repos.\n\nNightfall automatically detects PII, credentials, secrets, and more in GitHub repos via machine learning - ensuring your\nsensitive data is kept safe.\n\n✔️ Integrates in seconds via GitHub app. ✔️ Best in class accuracy via machine learning. ✔️ Detection in real-time upon\nnew code push and historically across all diffs. ✔️ DLP that fits your workflow. Integrates with Slack, Jira, SIEM, etc.\n✔️ Enterprise-grade security. ✔️ Free tier to get started.\n","short_description":"Nightfall automatically detects PII, credentials, secrets, and more in GitHub repos via machine learning. Free tier","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/4315?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":4315,"state":6,"name":"Nightfall DLP: GitHub Secrets Scanner","slug":"watchtower-radar","short_description":"Nightfall automatically detects PII, credentials, secrets, and more in GitHub repos via machine learning. Free tier","full_description":"### Detect sensitive data in your GitHub repos. \nNightfall automatically detects PII, credentials, secrets, and more in GitHub repos via machine learning - ensuring your sensitive data is kept safe.\n\n✔️ Integrates in seconds via GitHub app.\n✔️ Best in class accuracy via machine learning.\n✔️ Detection in real-time upon new code push and historically across all diffs.\n✔️ DLP that fits your workflow. Integrates with Slack, Jira, SIEM, etc.\n✔️ Enterprise-grade security.\n✔️ Free tier to get started.","extended_description":"### Start with the Free Tier\n- Scan the full commit history of any public or private repos\n- Detect credentials & secrets\n- Run up to 100 scans per month \n\n### Key Benefits\n- Integrate in seconds via a GitHub app.\n- Scan GitHub repos & organizations in real-time as new code is pushed to ensure sensitive data is not in your repos.\n- Run on-demand or scheduled scans of your full commit history.\n- Automatically detect hundreds of types of PII, credentials & secrets, including API keys and certificates via Nightfall’s ML-trained detectors.\n- Configure the Detection Engine with granular detection rules, detector tuning, custom detectors, & OCR file scanning.\n- Review violations with an intuitive dashboard and easily create Jira tickets for remediation.\n- Alert in Slack when new violations are detected and push results to a SIEM, reporting tool, or webhook.\n- Remediation advice: Read our [guide](https://nightfall.ai/github-secrets-leak-remediation-guide) to remediating credentials & secrets.","primary_category_id":39,"secondary_category_id":6,"privacy_policy_url":"https://www.nightfall.ai/privacy","tos_url":"","company_url":"https://nightfall.ai/github","status_url":"","support_url":"https://www.nightfall.ai","documentation_url":"https://radar.nightfall.ai/docs","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":"https://radar.nightfall.ai","how_it_works":null,"hero_card_background_image_id":0,"technical_email":"support@nightfall.ai","marketing_email":"support@nightfall.ai","finance_email":"support@nightfall.ai","direct_billing_enabled":false,"by_github":false,"security_email":"support@nightfall.ai","listable_type":"OauthApplication","listable_id":1045456,"copilot_app":false}}},{"type":"marketplace_listing","id":"5160","state":"unverified","name":"Bright Security","free":true,"primary_category":"Security","secondary_category":"AI Assisted","is_verified_owner":true,"slug":"nexploit-app","owner_login":"NeuraLegion","resource_path":"/marketplace/nexploit-app","installation_count":482,"full_description":"Build Secure Apps APIs. Fast.\n\nBright is a powerful developer-centric DAST platform (Dynamic Application API Security Testing), that security teams\ntrust and developers love.\n\nAutomatically Tests Every Aspect of Your Apps APIs\n\nScans any target, whether Web Apps, APIs (REST. SOAP, GraphQL more), Web sockets or mobile, providing actionable\nreports.\n\nSeamlessly integrates with the Tools and Workflows You Already Use…\n","short_description":"Bright is a powerful dynamic App & API security testing (DAST) platform that security teams trust and developers love","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/5160?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":5160,"state":6,"name":"Bright Security","slug":"nexploit-app","short_description":"Bright is a powerful dynamic App & API security testing (DAST) platform that security teams trust and developers love","full_description":"## Build Secure Apps & APIs. Fast.\n\nBright is a powerful developer-centric DAST platform (Dynamic Application & API Security Testing), that security teams trust and developers love.\n\n## Automatically Tests Every Aspect of Your Apps & APIs\n\nScans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports.\n\n## Seamlessly integrates with the Tools and Workflows You Already Use…","extended_description":"## Seamlessly integrates with the Tools and Workflows You Already Use\nBright works with your existing CI/CD pipelines – trigger scans on every commit, pull request, or build with unit testing.\n\n## Spin-Up, Configure and Control Scans with Code\nOne file. One command. One scan. No UI is needed.\n\n## Super-Fast Scans\nInteracts with applications and APIs, instead of just crawling them and guessing.\nScans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.\n\n## No False Positives\nStop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code.\n\n## Comprehensive Security Testing\nNeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE - as well as uncommon vulnerabilities, such as business logic vulnerabilities.\n\nLearn more at https://brightsec.com/","primary_category_id":6,"secondary_category_id":39,"privacy_policy_url":"https://brightsec.com/privacy-policy-3/","tos_url":"https://brightsec.com/terms-of-use/","company_url":"https://brightsec.com/","status_url":"","support_url":"https://brightsec.com/contact/","documentation_url":"https://docs.brightsec.com/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"bar@brightsec.com","marketing_email":"pr@brightsec.com","finance_email":"sales@brightsec.com","direct_billing_enabled":false,"by_github":false,"security_email":"support@brightsec.com","listable_type":"Integration","listable_id":24180,"copilot_app":false}}},{"type":"marketplace_listing","id":"6868","state":"unverified","name":"Bridgecrew","free":true,"primary_category":"Security","secondary_category":"Code Scanning Ready","is_verified_owner":true,"slug":"bridgecrew","owner_login":"bridgecrewio","resource_path":"/marketplace/bridgecrew","installation_count":5108,"full_description":"Our platform automates security engineering, allowing teams to identify and automatically fix misconfigurations in\nrun-time and build-time\n","short_description":"Find and fix security and compliance issues in Terraform, AWS Cloudformation, ARM templates, Kubernetes, and more","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/6868?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":6868,"state":6,"name":"Bridgecrew","slug":"bridgecrew","short_description":"Find and fix security and compliance issues in Terraform, AWS Cloudformation, ARM templates, Kubernetes, and more","full_description":"Our platform automates security engineering, allowing teams to identify and automatically fix misconfigurations in run-time and build-time","extended_description":" * Easily automate deployment and ongoing management of security workflows\n * Instant compliance to security requirements\n * Bridgecrew ships with industry-standard controls that connect to existing infrastructure. With continuous monitoring, Bridgecrew makes sure that the right resources have the right configurations at all times.\n# Automate Manual Security Tasks\nBridgecrew is making it easier for security practitioners to work closely with development and operations teams to securely grow from initial migration through day-to-day management.\n# Fix Broken and Vulnerable Infrastructure\nBridgecrew automates the actions required to find and fix misconfigurations.\n## Scanning\nBridgecrew uses existing APIs to periodically check your cloud infrastructure's compliance to defined security policies and identify incidents of non-conformance.\n## Remediating \nBridgecrew offers a variety of automated and manual methods for correcting and reporting Policy violations.","primary_category_id":6,"secondary_category_id":42,"privacy_policy_url":"https://bridgecrew.io/privacy-policy/","tos_url":"https://bridgecrew.io/end-user-license-agreement/","company_url":"https://bridgecrew.io/","status_url":"","support_url":"https://www.bridgecrew.cloud/","documentation_url":"https://docs.bridgecrew.io/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"barak@bridgecrew.io","marketing_email":"guy@bridgecrew.io","finance_email":"guy@bridgecrew.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@bridgecrew.io","listable_type":"Integration","listable_id":52968,"copilot_app":false}}},{"type":"marketplace_listing","id":"6758","state":"unverified","name":"GitGuardian","free":true,"primary_category":"Security","secondary_category":"Monitoring","is_verified_owner":true,"slug":"gitguardian","owner_login":"GitGuardian","resource_path":"/marketplace/gitguardian","installation_count":353646,"full_description":"🦉 What is GitGuardian?\n\nGitGuardian is the ultimate security layer for developers. We detect hardcoded secrets in repositories and help you with\nprevention and remediation.\n","short_description":"The #1 GitHub Security App – Find and fix hardcoded secrets in your GitHub repositories","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/6758?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":6758,"state":6,"name":"GitGuardian","slug":"gitguardian","short_description":"The #1 GitHub Security App – Find and fix hardcoded secrets in your GitHub repositories","full_description":"## 🦉 What is GitGuardian?\n\nGitGuardian is the ultimate security layer for developers.\nWe detect hardcoded secrets in repositories and help you with prevention and remediation.","extended_description":"## 🥇 Benefits\n\n### 1. Scan your codebase for 350+ types of secrets\nGitGuardian scans your selected repositories and raises alerts only for critical secrets, such as API keys or other credentials. GitGuardian’s detection algorithm has been battle-tested, at scale, on over three years of activity in all public GitHub repositories.\n\n### 2. Easily remediate your hardcoded secrets\nIf you ever experience a leak involving a credential, we have a complete remediation guide used by 100k+ developers each year. We’ll show you how to revoke the secret and remove it from your git history.\n\n### 3. Get an overview of your security posture\nGet a health status for every repository & view reports in your GitGuardian dashboard\n\n## 👋 Support\n\nIf you experience any difficulties or have any questions, please reach out to us by email ([support@gitguardian.com](mailto:support@gitguardian.com)).","primary_category_id":6,"secondary_category_id":14,"privacy_policy_url":"https://www.gitguardian.com/terms","tos_url":"https://www.gitguardian.com/legal-terms","company_url":"https://www.gitguardian.com/","status_url":"https://gitguardian.statuspage.io/","support_url":"https://www.gitguardian.com/security","documentation_url":"https://docs.gitguardian.com/","pricing_url":null,"bgcolor":"081736","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2493,"technical_email":"eric.fourrier@gitguardian.com","marketing_email":"carole.winqwist@gitguardian.com","finance_email":"jeremy.thomas@gitguardian.com","direct_billing_enabled":false,"by_github":false,"security_email":"farzad.farid@gitguardian.com","listable_type":"Integration","listable_id":46505,"copilot_app":false}}},{"type":"marketplace_listing","id":"8329","state":"unverified","name":"Secure Code Warrior for GitHub","free":true,"primary_category":"Security","secondary_category":"Learning","is_verified_owner":true,"slug":"secure-code-warrior-for-github","owner_login":"SecureCodeWarrior","resource_path":"/marketplace/secure-code-warrior-for-github","installation_count":823,"full_description":"Secure Code Warrior for GitHub brings secure coding learning to GitHub, making it easier for you to access the highly\nrelevant learning resources when you need them. Available in a number of programming languages and frameworks, these\nresources are fetched from our Learning Platform based on the vulnerability descriptions found in issues and pull\nrequests. Only the most relevant learning resources are added as comments - making learning a part of the developers\nconversations in GitHub.\n","short_description":"Resolve vulnerabilities faster with highly relevant in-app secure coding learning","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/8329?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":8329,"state":6,"name":"Secure Code Warrior for GitHub","slug":"secure-code-warrior-for-github","short_description":"Resolve vulnerabilities faster with highly relevant in-app secure coding learning","full_description":"Secure Code Warrior for GitHub brings secure coding learning to GitHub, making it easier for you to access the highly relevant learning resources when you need them. Available in a number of programming languages and frameworks, these resources are fetched from our Learning Platform based on the vulnerability descriptions found in issues and pull requests. Only the most relevant learning resources are added as comments - making learning a part of the developers' conversations in GitHub. ","extended_description":"### Get the help you need at the right time\nWhen a vulnerability issue is assigned to a developer, they are given help - in the form of learning content in comments - to resolve the issue. We call this contextual learning - bite-sized and highly relevant to the vulnerability in question.\n\n### Uses CWE or OWASP references to identify content\nThis app will serve training content based on Common Weakness Enumeration (CWE) or Open Web Application Security Project (OWASP) references identified in the issue or pull request title, body, labels, or comments. This has been designed to work with several popular security tools that can be configured to push findings into GitHub issues with these references automatically. The app will also search pull request status check output for these references and is compatible with GitHub CodeQL Code Scanning. If no references are included, this app will fall back to searching for common vulnerability names and phrases.","primary_category_id":6,"secondary_category_id":28,"privacy_policy_url":"https://securecodewarrior.com/privacy-policy","tos_url":"","company_url":"https://securecodewarrior.com","status_url":"","support_url":"https://help.securecodewarrior.com","documentation_url":"https://help.securecodewarrior.com/hc/en-us/articles/900001737346-Secure-Code-Warrior-for-Github-Issues-Configuration-Guide","pricing_url":null,"bgcolor":"333e48","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2048,"technical_email":"marketplace.admin@securecodewarrior.com","marketing_email":"marketplace.admin@securecodewarrior.com","finance_email":"marketplace.admin@securecodewarrior.com","direct_billing_enabled":false,"by_github":false,"security_email":"marketplace.admin@securecodewarrior.com","listable_type":"Integration","listable_id":41816,"copilot_app":false}}},{"type":"marketplace_listing","id":"8603","state":"unverified","name":"Clayton for GitHub","free":true,"primary_category":"Security","secondary_category":"Code review","is_verified_owner":true,"slug":"clayton-for-github","owner_login":"spaceheroes","resource_path":"/marketplace/clayton-for-github","installation_count":226,"full_description":"Your complete Salesforce code reviewer\n\nClayton finds flawed code, written by humans or generative AI, twice as accurately as any code scanner. And its complete\nsuite of features helps you ship faster and stay secure.\n","short_description":"Your complete Salesforce code reviewer","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/8603?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":8603,"state":6,"name":"Clayton for GitHub","slug":"clayton-for-github","short_description":"Your complete Salesforce code reviewer","full_description":"# Your complete Salesforce code reviewer\nClayton finds flawed code, written by humans or generative AI, twice as accurately as any code scanner. And its complete suite of features helps you ship faster and stay secure.\n","extended_description":"## **Your Salesforce expert that never sleeps, right in GitHub.**\n\nAdd the latest Salesforce best practices to your everyday developer experience. Clayton works with classic metadata and SFDX, and updates automatically with every Spring, Summer and Winter release.\n\n- **Fast and accurate SAST.** Enjoy ultra-accurate, faster scans, powered by Ai.\n- **No scan limits**. Scan as much as you want, as often as you want. We only care about fair use.\n- **Hassle-free**. Simply install one GitHub App for your organization and you are good to go. Don't worry about scripting or third-party actions, it just works.\n- **Secure**. Your code is processed securely on our trusted, ISO/IEC 27001-certified platform.\n\n## **All-in-one support for your Salesforce development teams.**\n\nBuild with SFDX or classic metadata and scan anything, including Apex, Flows, Lightning Web Components, Aura Components, Visualforce, and much more!","primary_category_id":6,"secondary_category_id":10,"privacy_policy_url":"https://www.getclayton.com/legal","tos_url":"https://www.getclayton.com/legal","company_url":"https://www.getclayton.com","status_url":"https://status.clayton.io/","support_url":"https://www.getclayton.com","documentation_url":"https://intercom.help/getclayton/en/","pricing_url":null,"bgcolor":"4038dd","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4001,"technical_email":"davide@clayton.io","marketing_email":"claudia@clayton.io","finance_email":"lorenzo@clayton.io","direct_billing_enabled":false,"by_github":false,"security_email":"giancarlo@clayton.io","listable_type":"Integration","listable_id":1260,"copilot_app":false}}},{"type":"marketplace_listing","id":"8916","state":"unverified","name":"BluBracket Community Edition","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":true,"slug":"blubracket-community-edition","owner_login":"BluBracket","resource_path":"/marketplace/blubracket-community-edition","installation_count":823,"full_description":"What if code security could be improved with the same techniques we use to improve code quality? Tests and code coverage\nreports integrated in our workflows giving us quick feedback on PRs and in our IDEs have helped us build better, faster,\nand more maintainable code together, and now it’s time to do the same to improve security.\n\nBluBracket is like 📎 Clippy for code security, but—you know—not as annoying and a lot more effective.\n","short_description":"BluBracket is like Clippy for code security, but—you know—not as annoying and a lot more effective","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/8916?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":8916,"state":6,"name":"BluBracket Community Edition","slug":"blubracket-community-edition","short_description":"BluBracket is like Clippy for code security, but—you know—not as annoying and a lot more effective","full_description":"What if code security could be improved with the same techniques we use to improve code quality? Tests and code coverage reports integrated in our workflows giving us quick feedback on PRs and in our IDEs have helped us build better, faster, and more maintainable code together, and now it’s time to do the same to improve security.\n\nBluBracket is like 📎 Clippy for code security, but—you know—not as annoying and a lot more effective.","extended_description":"🙌 Benefits\n-----------\n### 💂♀️ Stop risks at the source\nEarly and automated feedback on pull requests, via pre-commit hooks, and in our IDEs, where and when we need it.\n### 🔍 Comprehensive risk detection\nComprehensive detection of secrets, PII, non-inclusive language, and infrastructure as code risks in our code, as well as risks related to git access and configuration.\n### 🛠 Find and fix risks already in your code\nClear severity scores and rich tools to filter and slice data so we can see the big picture and find actionable ways to improve code health now.\n### 📈 Track your code health improvement\nRich reporting to understand the big picture, the details, and track and report our continuous improvement over time.\n### 🦄 Fifth element\nSeriously sci-fi risk detection and magical workflow support.","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://blubracket.com/privacy/","tos_url":"https://blubracket.com/ceterms/","company_url":"https://blubracket.com","status_url":"","support_url":"https://docs.blubracket.com/","documentation_url":"https://docs.blubracket.com/","pricing_url":null,"bgcolor":"1b2199","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"payman@blubracket.com","marketing_email":"ajay@blubracket.com","finance_email":"prakash@blubracket.com","direct_billing_enabled":false,"by_github":false,"security_email":"infraops@blubracket.com","listable_type":"Integration","listable_id":89971,"copilot_app":false}}},{"type":"marketplace_listing","id":"8922","state":"unverified","name":"Drata (Version Control)","free":true,"primary_category":"Security","secondary_category":"Monitoring","is_verified_owner":true,"slug":"drata-version-control","owner_login":"drata","resource_path":"/marketplace/drata-version-control","installation_count":3500,"full_description":"Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company s\nsecurity controls, while streamlining compliance workflows end-to-end to ensure audit readiness.\n\nCompanies trust Drata s powerful integration engine to help them build trust with their customers in how they protect\ntheir data and grow securely.\n","short_description":"The Drata (Version Control) app uses read-only repo access to continuously monitor your SOC 2 compliance posture","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/8922?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":8922,"state":6,"name":"Drata (Version Control)","slug":"drata-version-control","short_description":"The Drata (Version Control) app uses read-only repo access to continuously monitor your SOC 2 compliance posture","full_description":"Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining compliance workflows end-to-end to ensure audit readiness.\n\nCompanies trust Drata's powerful integration engine to help them build trust with their customers in how they protect their data and grow securely.","extended_description":"The Drata (Version Control) App uses read-only access to your GitHub account and repositories to continuously monitor and collect evidence of your company's security controls. For ticketing, this is done by reviewing how your company prioritizes and resolves security vulnerability issues.\n\nBased on your custom workflows, Drata will gather how your company organizes security issues and ensure that they're properly assigned and resolved in a timely manner according to your companies SLAs.","primary_category_id":6,"secondary_category_id":14,"privacy_policy_url":"https://drata.com/privacy","tos_url":"https://drata.com/terms","company_url":"https://drata.com","status_url":"https://status.drata.com","support_url":"https://help.drata.com","documentation_url":"https://help.drata.com","pricing_url":null,"bgcolor":"1c2541","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"danielzev@drata.com","marketing_email":"adam@drata.com","finance_email":"adam@drata.com","direct_billing_enabled":false,"by_github":false,"security_email":"danielzev@drata.com","listable_type":"Integration","listable_id":89446,"copilot_app":false}}},{"type":"marketplace_listing","id":"9358","state":"unverified","name":"HackerOne for GitHub","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":true,"slug":"hackerone-for-github","owner_login":"Hacker0x01","resource_path":"/marketplace/hackerone-for-github","installation_count":22,"full_description":"A seamless two-way workflow integration enables tracking and synchronization of high-priority vulnerability reports\nbetween HackerOne and GitHub.\n\nAs the world’s most trusted crowdsourced security platform, HackerOne connects organizations to the largest community of\nethical hackers to help close security gaps. Armed with the most robust database of vulnerabilities, the HackerOne\ncommunity of hackers finds and safely reports security risks across today’s diverse attack surfaces.\n","short_description":"HackerOne streamlines workflow between security & development to speed response, track GitHub issues & remediate faster","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/9358?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":9358,"state":6,"name":"HackerOne for GitHub","slug":"hackerone-for-github","short_description":"HackerOne streamlines workflow between security & development to speed response, track GitHub issues & remediate faster","full_description":"A seamless two-way workflow integration enables tracking and synchronization of high-priority vulnerability reports between HackerOne and GitHub.\n\nAs the world’s most trusted crowdsourced security platform, HackerOne connects organizations to the largest community of ethical hackers to help close security gaps. Armed with the most robust database of vulnerabilities, the HackerOne community of hackers finds and safely reports security risks across today’s diverse attack surfaces.","extended_description":"- **Reduce time to remediation with automated workflows** - Simplify the triage and remediation process with a seamless handoff to your development team.\n- **One-click integration between HackerOne and GitHub** - Import the most critical data with one click - and create new GitHub issues in HackerOne with another.\n- **Customize synchronization in both directions** - Decide what status changes matter most to your team, and sync from HackerOne to GitHub - or vice versa.\n\nStay up to date on changes to your GitHub issues and HackerOne reports. This integration will help your teams build in more protection at every step by automatically syncing activities between HackerOne and GitHub. You’ll be able to create a GitHub issue from your HackerOne report with one click and have all the information from the HackerOne report available in GitHub to track progress and take action.\n","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://www.hackerone.com/privacy","tos_url":"https://www.hackerone.com/terms","company_url":"https://www.hackerone.com","status_url":"https://www.hackeronestatus.com/","support_url":"https://support.hackerone.com/hc/en-us/requests/new","documentation_url":"https://docs.hackerone.com/programs/github-integration.html","pricing_url":null,"bgcolor":"fff","light_text":false,"learn_more_url":null,"installation_url":"https://hackerone.com/apps/github","how_it_works":null,"hero_card_background_image_id":2351,"technical_email":"martijn@hackerone.com","marketing_email":"amy@hackerone.com","finance_email":"martijn@hackerone.com","direct_billing_enabled":false,"by_github":false,"security_email":"martijn@hackerone.com","listable_type":"OauthApplication","listable_id":1469177,"copilot_app":false}}}],"total":1364,"total_pages":69},"categories":{"apps":[{"name":"API management","slug":"api-management","description_html":"Structure your API infrastructure to enable various internet gateways to interact with your service.
\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"Utilities providing periodic backups of your GitHub data
\n"},{"name":"Chat","slug":"chat","description_html":"Bring GitHub into your conversations.
\n"},{"name":"Code quality","slug":"code-quality","description_html":"Automate your code review with style, quality, security, and test‑coverage checks when you need them.
\n"},{"name":"Code review","slug":"code-review","description_html":"Ensure your code meets quality standards and ship with confidence.
\n"},{"name":"Container CI","slug":"container-ci","description_html":"Continuous integration for container applications.
\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.
\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"Secure and manage your third-party dependencies.
\n"},{"name":"Deployment","slug":"deployment","description_html":"Streamline your code deployment so you can focus on your product.
\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"Enables custom protection rules to gate deployments with third-party services
\n"},{"name":"Game CI","slug":"game-ci","description_html":"Tools for building a CI pipeline for game development
\n"},{"name":"IDEs","slug":"ides","description_html":"Find the right interface to build, debug, and deploy your source code.
\n"},{"name":"Learning","slug":"learning","description_html":"Get the skills you need to level up.
\n"},{"name":"Localization","slug":"localization","description_html":"Extend your software's reach. Localize and translate continuously from GitHub.
\n"},{"name":"Mobile","slug":"mobile","description_html":"Improve your workflow for the small screen.
\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"Continuous integration for Mobile applications
\n"},{"name":"Monitoring","slug":"monitoring","description_html":"Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.
\n"},{"name":"Project management","slug":"project-management","description_html":"Organize, manage, and track your project with tools that build on top of issues and pull requests.
\n"},{"name":"Publishing","slug":"publishing","description_html":"Get your site ready for production so you can get the word out.
\n"},{"name":"Recently added","slug":"recently-added","description_html":"The latest tools that help you and your team build software better, together.
\n"},{"name":"Security","slug":"security","description_html":"Find, fix, and prevent security vulnerabilities before they can be exploited.
\n"},{"name":"Support","slug":"support","description_html":"Get your team and customers the help they need.
\n"},{"name":"Testing","slug":"testing","description_html":"Eliminate bugs and ship with more confidence by adding these tools to your workflow.
\n"},{"name":"Utilities","slug":"utilities","description_html":"Auxiliary tools to enhance your experience on GitHub
\n"}],"actions":[{"name":"API management","slug":"api-management","description_html":"Structure your API infrastructure to enable various internet gateways to interact with your service.
\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"Utilities providing periodic backups of your GitHub data
\n"},{"name":"Chat","slug":"chat","description_html":"Bring GitHub into your conversations.
\n"},{"name":"Code quality","slug":"code-quality","description_html":"Automate your code review with style, quality, security, and test‑coverage checks when you need them.
\n"},{"name":"Code review","slug":"code-review","description_html":"Ensure your code meets quality standards and ship with confidence.
\n"},{"name":"Container CI","slug":"container-ci","description_html":"Continuous integration for container applications.
\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.
\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"Secure and manage your third-party dependencies.
\n"},{"name":"Deployment","slug":"deployment","description_html":"Streamline your code deployment so you can focus on your product.
\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"Enables custom protection rules to gate deployments with third-party services
\n"},{"name":"Game CI","slug":"game-ci","description_html":"Tools for building a CI pipeline for game development
\n"},{"name":"GitHub Sponsors","slug":"github-sponsors","description_html":"Tools to manage your GitHub Sponsors community
\n"},{"name":"IDEs","slug":"ides","description_html":"Find the right interface to build, debug, and deploy your source code.
\n"},{"name":"Learning","slug":"learning","description_html":"Get the skills you need to level up.
\n"},{"name":"Localization","slug":"localization","description_html":"Extend your software's reach. Localize and translate continuously from GitHub.
\n"},{"name":"Mobile","slug":"mobile","description_html":"Improve your workflow for the small screen.
\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"Continuous integration for Mobile applications
\n"},{"name":"Monitoring","slug":"monitoring","description_html":"Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.
\n"},{"name":"Project management","slug":"project-management","description_html":"Organize, manage, and track your project with tools that build on top of issues and pull requests.
\n"},{"name":"Publishing","slug":"publishing","description_html":"Get your site ready for production so you can get the word out.
\n"},{"name":"Security","slug":"security","description_html":"Find, fix, and prevent security vulnerabilities before they can be exploited.
\n"},{"name":"Support","slug":"support","description_html":"Get your team and customers the help they need.
\n"},{"name":"Testing","slug":"testing","description_html":"Eliminate bugs and ship with more confidence by adding these tools to your workflow.
\n"},{"name":"Utilities","slug":"utilities","description_html":"Auxiliary tools to enhance your experience on GitHub
\n"}]}},"title":"Marketplace"}