![\"Supported](\"https://gallery.mailchimp.com/6c07c586e98eabf488f8ee14f/images/ee5bf0d2-a37a-43c7-b4ed-57a1d4e2fa42.png\")
\n\nWe currently support **static code analysis** and/or **vulnerable dependencies checks** for 20+ programming languages. GuardRails can also be used on any kind of repositories to prevent secrets leakage thanks to our **secrets detection** engines. \n\nGuardRails works out of the box, _no configuration required_. However, if you want a custom experience, please refer to our documentation for the [configuration](https://docs.guardrails.io/docs/configuration) options. For example, you can **integrate GuardRails with Slack** to get the right notifications right where you want them.","primary_category_id":6,"secondary_category_id":2,"privacy_policy_url":"https://www.guardrails.io/privacy","tos_url":"https://www.guardrails.io/docs/en/terms","company_url":"https://www.guardrails.io","status_url":"https://guardrailsio.statuspage.io/","support_url":"https://support.guardrails.io","documentation_url":"https://docs.guardrails.io","pricing_url":null,"bgcolor":"fff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1042,"technical_email":"yamil@guardrails.io","marketing_email":"stefan@guardrails.io","finance_email":"sales@guardrails.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@guardrails.io","listable_type":"Integration","listable_id":5512,"copilot_app":false}}},{"type":"marketplace_listing","id":"9823","state":"verified","name":"GitProtect.io FREE Backup for GitHub","free":false,"primary_category":"Backup Utilities","secondary_category":"Security","is_verified_owner":true,"slug":"gitprotect-io","owner_login":"xoperosoftware","resource_path":"/marketplace/gitprotect-io","installation_count":1052,"full_description":"The ultimate GitHub Backup DR trusted by thousands of organizations - NHS, HEMA, RED, Netguru more.\n\n“I worked with other backup products and never felt comfortable that the backup plan was going to work as expected” -\nThe Wharton School\n\nBenefits:\n\n - Automatic backup of repos, metadata, LFS\n - #1 Disaster Recovery\n - Any storage - free cloud included or your own on-prem/S3/any cloud\n - Ransomware Protection\n - SOC 2 audited, best-in-class security\n","short_description":"Automatic, daily repo and metadata backup - no maintenance needed: fast restore, DR, AWS, and S3 cloud storage support","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/9823?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":9823,"state":3,"name":"GitProtect.io FREE Backup for GitHub","slug":"gitprotect-io","short_description":"Automatic, daily repo and metadata backup - no maintenance needed: fast restore, DR, AWS, and S3 cloud storage support","full_description":"**The ultimate[ GitHub Backup](https://gitprotect.io/github.html) & DR trusted by thousands of organizations** - NHS, HEMA, RED, Netguru & more.\n\n“_I worked with other backup products and never felt comfortable that the backup plan was going to work as expected_” - The Wharton School\n\n**Benefits:**\n\n- Automatic backup of repos, metadata, LFS\n- #1 Disaster Recovery\n- Any storage - free cloud included or your own on-prem/S3/any cloud\n- Ransomware Protection\n- SOC 2 audited, best-in-class security","extended_description":"### Key features\n\n**Fast setup**\nAutomatic GitHub backup on schedule/on-demand\n\n**Repos & Metadata Backup**\nProtect the entire GitHub account- repos, LFS, all metadata -pull requests, issues, wikis, & more\n\n**Multi-storage for replication, not sync**\nUse free cloud storage included, or bring your on-prem/cloud, i.e. AWS S3, Azure, Google & more for replication and 3-2-1 backup\n\n**#1 Disaster Recovery**\nGranular restore or instant Disaster Recovery to many destinations - same/new account, local machine, other platforms\n\n**Ransomware Protection** \nBackup is last line of defense, so we made it ransomware-proof\n\n**ISO/SOC 2 compliance**\nAES257 encryption, own key, audit-ready reports, **best security proven by SOC 2**\n\n**Enterprise-class features**\nUnlimited retention, GFS, multitenancy& [all features](https://gitprotect.io/github-cheat-sheet.pdf)\n\n☎️ [Book Demo](https://calendly.com/d/3s9-n9z-pgc/gitprotect-live-demo?utm_medium=marketplace&utm_source=gitprotect%20github&utm_campaign=demo)","primary_category_id":41,"secondary_category_id":6,"privacy_policy_url":"https://xopero.com/data-protection-policy/","tos_url":"https://xopero.com/terms/terms-of-service/","company_url":"https://xopero.com/","status_url":"","support_url":"https://support.xopero.com/hc/en-us/requests/new","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":"https://one.xopero.com/api/github/marketplace","how_it_works":null,"hero_card_background_image_id":2483,"technical_email":"g.bak@xopero.com","marketing_email":"g.bak@xopero.com","finance_email":"sales@xopero.com","direct_billing_enabled":false,"by_github":false,"security_email":"g.bak@xopero.com","listable_type":"OauthApplication","listable_id":1617854,"copilot_app":false}}},{"type":"marketplace_listing","id":"7736","state":"verified","name":"Cloudback: GitHub Backup & Restore","free":false,"primary_category":"Security","secondary_category":"Backup Utilities","is_verified_owner":true,"slug":"cloudback","owner_login":"cloudback","resource_path":"/marketplace/cloudback","installation_count":1003,"full_description":"Cloudback secures your GitHub repositories with recurrent data backups\n\n - SOC2 in progress\n - Automatic backups\n - Self-sufficient password-protected ZIP archives with AES-256 encryption\n - Customer storages: S3, OneDrive, Azure, GCP, Wasabi, Alibaba, etc\n - Cloudback storages: USA, EU, UK, Asia\n - Data deduplication\n - Backup replication\n - Audit log\n - Instant email and messenger notifications: Slack, MS Teams, Discord\n - AWS S3 Object Lock and Tag Support\n - And more\n","short_description":"Backup repositories, metadata and LFS into AWS, Azure, OneDrive, GCP, etc. Pay per repositories, not seats. SOC2 in progress","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/7736?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":7736,"state":3,"name":"Cloudback: GitHub Backup & Restore","slug":"cloudback","short_description":"Backup repositories, metadata and LFS into AWS, Azure, OneDrive, GCP, etc. Pay per repositories, not seats. SOC2 in progress","full_description":"Cloudback secures your GitHub repositories with recurrent data backups\n- SOC2 in progress\n- Automatic backups\n- Self-sufficient password-protected ZIP archives with AES-256 encryption\n- Customer storages: S3, OneDrive, Azure, GCP, Wasabi, Alibaba, etc\n- Cloudback storages: USA, EU, UK, Asia\n- Data deduplication\n- Backup replication\n- Audit log\n- Instant email and messenger notifications: Slack, MS Teams, Discord\n- AWS S3 Object Lock and Tag Support\n- And [more](https://cloudback.it/pricing#all)","extended_description":"## Features\nWe offer the most comprehensive backup on the market. Cloudback lets you store all the information you need to restore the entire repository in the event of a disaster. Back up the GitHub repository code, issues, labels, comments, milestones, etc. \n\n### Customer-managed storages\n - Microsoft Azure Blob Storage\n - Microsoft OneDrive\n - Amazon S3\n - Google Cloud Storage\n - Alibaba Cloud Object Storage\n - OpenStack Swift\n\n### Customer-managed encryption keys\n- Coming soon\n \n### Cloudback-managed storages\n - US, EU, UK, Sidney, Singapore\n\n### Data deduplication \n- Reduce storage costs while using your own storage. [Learn more](https://cloudback.it/docs/deduplication).\n\n### Backup replication\n- Leverage composite storages to replicate backups across multiple locations.\n\n### Fair pricing\n- Pay per repository, not seats. \n- All features included, no matter the plan.\n\n### And more\n- Learn more about Cloudback features in our [docs](https://cloudback.it/docs/what-is-cloudback).","primary_category_id":6,"secondary_category_id":41,"privacy_policy_url":"https://cloudback.it/docs/privacy","tos_url":"https://cloudback.it/docs/terms","company_url":"https://cloudback.it/","status_url":"","support_url":"https://cloudback.it/contact","documentation_url":"https://cloudback.it/docs/what-is-cloudback","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1921,"technical_email":"team@cloudback.it","marketing_email":"team@cloudback.it","finance_email":"team@cloudback.it","direct_billing_enabled":false,"by_github":false,"security_email":"team@cloudback.it","listable_type":"Integration","listable_id":74074,"copilot_app":false}}},{"type":"marketplace_listing","id":"8269","state":"verified","name":"Semgrep","free":false,"primary_category":"Security","secondary_category":"Code quality","is_verified_owner":true,"slug":"semgrep-dev","owner_login":"semgrep","resource_path":"/marketplace/semgrep-dev","installation_count":6692,"full_description":"Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and\nenforcing code standards. With 2,000+ built-in rules and easy-to-create custom ones, it finds the bugs that matter.\n\n - Open source engine, works on 25+ languages\n - Scan with 2,000+ community rules\n - Write rules that look like your code\n - Quickly get results in the terminal, editor, or CI/CD\n - Flag issues and get results in pull requests, Slack, + more\n","short_description":"Code scanning at ludicrous speed. Find bugs and reachable dependency vulnerabilities. Enforce standards on every commit","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/8269?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":8269,"state":3,"name":"Semgrep","slug":"semgrep-dev","short_description":"Code scanning at ludicrous speed. Find bugs and reachable dependency vulnerabilities. Enforce standards on every commit","full_description":"[Semgrep](https://semgrep.dev/) is a fast, open-source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards. With 2,000+ built-in rules and easy-to-create custom ones, it finds the bugs that matter.\n\n- Open source engine, works on 25+ languages\n- Scan with 2,000+ community rules\n- Write rules that look like your code\n- Quickly get results in the terminal, editor, or CI/CD\n- Flag issues and get results in pull requests, Slack, + more","extended_description":"This GitHub App allows you to get Semgrep results as PR comments, add Semgrep to your projects with one-click, and manage rules and results across multiple projects from one centralized place. Learn more at [semgrep.dev](https://semgrep.dev/).\n\nSemgrep is supported by Semgrep, Inc. It is an evolution of [pfff](https://github.com/returntocorp/pfff/), which began at Facebook in 2009, which itself was an evolution of the Linux refactoring tool [Coccinelle](https://en.wikipedia.org/wiki/Coccinelle_(software)).","primary_category_id":6,"secondary_category_id":12,"privacy_policy_url":"https://semgrep.dev/privacy","tos_url":"https://semgrep.dev/terms","company_url":"https://semgrep.dev","status_url":"https://status.semgrep.dev/","support_url":"support@semgrep.com","documentation_url":"https://semgrep.dev/docs","pricing_url":null,"bgcolor":"293331","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2901,"technical_email":"support@semgrep.com","marketing_email":"marketing@semgrep.com","finance_email":"accounts-payable@semgrep.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@semgrep.com","listable_type":"Integration","listable_id":60555,"copilot_app":false}}},{"type":"marketplace_listing","id":"15732","state":"verified","name":"AppMap","free":false,"primary_category":"Code review","secondary_category":"Security","is_verified_owner":true,"slug":"get-appmap","owner_login":"getappmap","resource_path":"/marketplace/get-appmap","installation_count":199,"full_description":"Runtime Code Review\n\nGet reports on failed tests, API changes, security flaws, performance problems, and code anti-patterns in every pull\nrequest.\n\nAppMap is a versatile open-source runtime code analysis tool compatible with Ruby, Java, Python, and Node.js. It records\ncode execution traces, gathering data about how your code works and behaves. These traces can then be displayed as\ninteractive diagrams, and analyzed to find coding flaws and problems.\n","short_description":"Runtime Code Review","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/15732?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":15732,"state":3,"name":"AppMap","slug":"get-appmap","short_description":"Runtime Code Review","full_description":" \n#\n# Runtime Code Review\n\n**Get reports on failed tests, API changes, security flaws, performance problems, and code anti-patterns in every pull request.**\n\nAppMap is a versatile open-source runtime code analysis tool compatible with Ruby, Java, Python, and Node.js. It records code execution traces, gathering data about how your code works and behaves. These traces can then be displayed as interactive diagrams, and analyzed to find coding flaws and problems.","extended_description":"### Test Failure Analysis\nAppMap identifies the root causes of test failures, highlighting the lines of code most likely to be responsible. Each test failure can be viewed as a sequence diagram “diff.”\n\n### Identification of Important API Changes\nAppMap reveals changes in HTTP / RESTful API behaviors, and presents these as differences in auto-generated OpenAPI specifications. Breaking changes are highlighted.\n\n### Security Flaw Detection\nAppMap detects vulnerabilities like missing and improper authorization, secrets in logs, and unsafe system calls.\n\n### Performance Problem Detection\nAppMap identifies anti-patterns like N+1 queries. Slow operations can be visualized within interactive flame graphs, without the need to change application code to add spans.\n\n### SQL Details\nAppMap traces exactly how your code uses the database, and where each query is coming from in your code.","primary_category_id":10,"secondary_category_id":6,"privacy_policy_url":"https://appmap.io/community/privacy-policy","tos_url":"","company_url":"https://appmap.io","status_url":"","support_url":"support@appmap.io","documentation_url":"https://appmap.io/docs/setup-appmap-in-ci/in-github-actions.html","pricing_url":null,"bgcolor":"ff07aa","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4153,"technical_email":"kevin@appmap.io","marketing_email":"elizabeth@appmap.io","finance_email":"accounting@appmap.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@appmap.io","listable_type":"Integration","listable_id":321307,"copilot_app":false}}},{"type":"marketplace_listing","id":"13390","state":"verified","name":"Socket Security","free":false,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"socket-security","owner_login":"SocketDev","resource_path":"/marketplace/socket-security","installation_count":5642,"full_description":"Prevent malicious open source dependencies from infiltrating your apps.\n\nSocket dramatically improves your open source security posture by detecting and blocking the attacks you don t expect –\nmalware, install scripts, hidden code, typo-squatting, and more – which aren t caught by traditional vulnerability\nscanners.\n\n - Block malware – Block emerging malware threats\n - Block typo-squatting – Block malicious packages that differ in name by only a few characters\n","short_description":"Protect your app from malicious open source dependencies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/13390?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":13390,"state":3,"name":"Socket Security","slug":"socket-security","short_description":"Protect your app from malicious open source dependencies","full_description":"**Prevent malicious open source dependencies from infiltrating your apps.**\n\nSocket dramatically improves your open source security posture by _detecting and blocking the attacks you don't expect_ – malware, install scripts, hidden code, typo-squatting, and more – which aren't caught by traditional vulnerability scanners.\n\n- **Block malware** – Block emerging malware threats\n- **Block typo-squatting** – Block malicious packages that differ in name by only a few characters","extended_description":"- **Detect hidden code** – Detect obfuscated, minified, or hidden code\n- **Detect privileged API usage** – Report when a dependency update introduces new risky API usage – filesystem, network, child_process, eval()\n- **Detect suspicious updates** – Sudden inclusion of privileged APIs in patch or minor releases\n\nSocket currently [supports 70 detections](https://socket.dev/npm/issue) in 5 categories: supply chain risk, quality, maintenance, known vulnerabilities, and license problems.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://socket.dev/privacy","tos_url":"https://socket.dev/terms","company_url":"https://socket.dev","status_url":"https://status.socket.dev","support_url":"https://socket.dev/contact","documentation_url":"https://docs.socket.dev","pricing_url":null,"bgcolor":"FFDDFF","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":3211,"technical_email":"eng@socket.dev","marketing_email":"feross@socket.dev","finance_email":"accountant@socket.dev","direct_billing_enabled":false,"by_github":false,"security_email":"security@socket.dev","listable_type":"Integration","listable_id":156372,"copilot_app":false}}},{"type":"marketplace_listing","id":"13509","state":"verified","name":"Codeac.io","free":false,"primary_category":"Code quality","secondary_category":"Security","is_verified_owner":true,"slug":"codeac-io","owner_login":"codeacio","resource_path":"/marketplace/codeac-io","installation_count":197,"full_description":"Codeac is an Automated Code Review Tool that monitors your technical debt. It helps you improve your code quality and\nteaches best practices to your developers to save time during Code Reviews.\n","short_description":"We help developers write clean code","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/13509?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":13509,"state":3,"name":"Codeac.io","slug":"codeac-io","short_description":"We help developers write clean code","full_description":"**Codeac** is an Automated Code Review Tool that monitors your technical debt. It helps you improve your code quality and teaches best practices to your developers to save time during Code Reviews.","extended_description":"Codeac brings a set of analyzers to your workflow with unified standards across the whole team. This helps you get actionable feedback after each commit so you can keep the quality of the codebase at a high level.\n\n### Track your technical debt\nCodeac helps you guard all the critical metrics to give you **actionable feedback** and insight about the current state of your codebase. This will help you keep track of your code quality over time.\n\n### Seamless integration\nFor all commits and pull requests, Codeac sends the results back to GitHub.\n\n### 12+ different languages - one platform\nAll projects consist of various technologies; sometimes, it can be hard to keep all the analyzers updated. Now, you can leave the update on us and focus on what's important - developing your software.\n\n### Infrastructure as Code analyses\nCodeac can analyze all the code in your repositories, including Infrastructure as Code like Ansible, Terraform, and more.","primary_category_id":12,"secondary_category_id":6,"privacy_policy_url":"https://www.codeac.io/privacy-policy.html","tos_url":"","company_url":"https://www.codeac.io/","status_url":"","support_url":"https://www.codeac.io/documentation/getting-started.html","documentation_url":"https://www.codeac.io/documentation/index.html","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":3797,"technical_email":"support@codeac.io","marketing_email":"support@codeac.io","finance_email":"support@codeac.io","direct_billing_enabled":false,"by_github":false,"security_email":"support@codeac.io","listable_type":"Integration","listable_id":190172,"copilot_app":false}}},{"type":"marketplace_listing","id":"4315","state":"unverified","name":"Nightfall DLP: GitHub Secrets Scanner","free":true,"primary_category":"AI Assisted","secondary_category":"Security","is_verified_owner":true,"slug":"watchtower-radar","owner_login":"nightfallai","resource_path":"/marketplace/watchtower-radar","installation_count":24,"full_description":"Detect sensitive data in your GitHub repos.\n\nNightfall automatically detects PII, credentials, secrets, and more in GitHub repos via machine learning - ensuring your\nsensitive data is kept safe.\n\n✔️ Integrates in seconds via GitHub app. ✔️ Best in class accuracy via machine learning. ✔️ Detection in real-time upon\nnew code push and historically across all diffs. ✔️ DLP that fits your workflow. Integrates with Slack, Jira, SIEM, etc.\n✔️ Enterprise-grade security. ✔️ Free tier to get started.\n","short_description":"Nightfall automatically detects PII, credentials, secrets, and more in GitHub repos via machine learning. Free tier","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/4315?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":4315,"state":6,"name":"Nightfall DLP: GitHub Secrets Scanner","slug":"watchtower-radar","short_description":"Nightfall automatically detects PII, credentials, secrets, and more in GitHub repos via machine learning. Free tier","full_description":"### Detect sensitive data in your GitHub repos. \nNightfall automatically detects PII, credentials, secrets, and more in GitHub repos via machine learning - ensuring your sensitive data is kept safe.\n\n✔️ Integrates in seconds via GitHub app.\n✔️ Best in class accuracy via machine learning.\n✔️ Detection in real-time upon new code push and historically across all diffs.\n✔️ DLP that fits your workflow. Integrates with Slack, Jira, SIEM, etc.\n✔️ Enterprise-grade security.\n✔️ Free tier to get started.","extended_description":"### Start with the Free Tier\n- Scan the full commit history of any public or private repos\n- Detect credentials & secrets\n- Run up to 100 scans per month \n\n### Key Benefits\n- Integrate in seconds via a GitHub app.\n- Scan GitHub repos & organizations in real-time as new code is pushed to ensure sensitive data is not in your repos.\n- Run on-demand or scheduled scans of your full commit history.\n- Automatically detect hundreds of types of PII, credentials & secrets, including API keys and certificates via Nightfall’s ML-trained detectors.\n- Configure the Detection Engine with granular detection rules, detector tuning, custom detectors, & OCR file scanning.\n- Review violations with an intuitive dashboard and easily create Jira tickets for remediation.\n- Alert in Slack when new violations are detected and push results to a SIEM, reporting tool, or webhook.\n- Remediation advice: Read our [guide](https://nightfall.ai/github-secrets-leak-remediation-guide) to remediating credentials & secrets.","primary_category_id":39,"secondary_category_id":6,"privacy_policy_url":"https://www.nightfall.ai/privacy","tos_url":"","company_url":"https://nightfall.ai/github","status_url":"","support_url":"https://www.nightfall.ai","documentation_url":"https://radar.nightfall.ai/docs","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":"https://radar.nightfall.ai","how_it_works":null,"hero_card_background_image_id":0,"technical_email":"support@nightfall.ai","marketing_email":"support@nightfall.ai","finance_email":"support@nightfall.ai","direct_billing_enabled":false,"by_github":false,"security_email":"support@nightfall.ai","listable_type":"OauthApplication","listable_id":1045456,"copilot_app":false}}},{"type":"marketplace_listing","id":"5160","state":"unverified","name":"Bright Security","free":true,"primary_category":"Security","secondary_category":"AI Assisted","is_verified_owner":true,"slug":"nexploit-app","owner_login":"NeuraLegion","resource_path":"/marketplace/nexploit-app","installation_count":482,"full_description":"Build Secure Apps APIs. Fast.\n\nBright is a powerful developer-centric DAST platform (Dynamic Application API Security Testing), that security teams\ntrust and developers love.\n\nAutomatically Tests Every Aspect of Your Apps APIs\n\nScans any target, whether Web Apps, APIs (REST. SOAP, GraphQL more), Web sockets or mobile, providing actionable\nreports.\n\nSeamlessly integrates with the Tools and Workflows You Already Use…\n","short_description":"Bright is a powerful dynamic App & API security testing (DAST) platform that security teams trust and developers love","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/5160?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":5160,"state":6,"name":"Bright Security","slug":"nexploit-app","short_description":"Bright is a powerful dynamic App & API security testing (DAST) platform that security teams trust and developers love","full_description":"## Build Secure Apps & APIs. Fast.\n\nBright is a powerful developer-centric DAST platform (Dynamic Application & API Security Testing), that security teams trust and developers love.\n\n## Automatically Tests Every Aspect of Your Apps & APIs\n\nScans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports.\n\n## Seamlessly integrates with the Tools and Workflows You Already Use…","extended_description":"## Seamlessly integrates with the Tools and Workflows You Already Use\nBright works with your existing CI/CD pipelines – trigger scans on every commit, pull request, or build with unit testing.\n\n## Spin-Up, Configure and Control Scans with Code\nOne file. One command. One scan. No UI is needed.\n\n## Super-Fast Scans\nInteracts with applications and APIs, instead of just crawling them and guessing.\nScans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.\n\n## No False Positives\nStop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code.\n\n## Comprehensive Security Testing\nNeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE - as well as uncommon vulnerabilities, such as business logic vulnerabilities.\n\nLearn more at https://brightsec.com/","primary_category_id":6,"secondary_category_id":39,"privacy_policy_url":"https://brightsec.com/privacy-policy-3/","tos_url":"https://brightsec.com/terms-of-use/","company_url":"https://brightsec.com/","status_url":"","support_url":"https://brightsec.com/contact/","documentation_url":"https://docs.brightsec.com/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"bar@brightsec.com","marketing_email":"pr@brightsec.com","finance_email":"sales@brightsec.com","direct_billing_enabled":false,"by_github":false,"security_email":"support@brightsec.com","listable_type":"Integration","listable_id":24180,"copilot_app":false}}},{"type":"marketplace_listing","id":"1177","state":"unverified","name":"Scantist Thompson","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"scantist-sca","owner_login":"scantist","resource_path":"/marketplace/scantist-sca","installation_count":296,"full_description":"Scantist’s SCA is a FREE app that provide complete visibility into the third-party components used in your applications.\n\nThis enables you to proactively manage the security risks which come from the use of such components, it helps\ncontinuously scan all your repos (private and public), detects vulnerabilities and provide remediation.\n","short_description":"Proactive vulnerability management and license compliance for your third-party components","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/1177?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":1177,"state":6,"name":"Scantist Thompson","slug":"scantist-sca","short_description":"Proactive vulnerability management and license compliance for your third-party components","full_description":"Scantist’s SCA is a FREE app that provide complete visibility into the third-party components used in your applications. \n\nThis enables you to proactively manage the security risks which come from the use of such components, it helps continuously scan all your repos (private and public), detects vulnerabilities and provide remediation.\n\n","extended_description":"## Find and Fix Vulnerabilities\nScantist SCA scan your repo thoroughly and search for all the known vulnerabilities caused by the uses of 3rd party repositories. Once the vulnerabilities have been identified, Scantist SCA finds the most suitable library version that can fix either your direct or transitive dependencies, and generate a Pull Request, sending it back to your repo.\n\n## Continuous Monitoring\nThere are new vulnerabilities being discovered and introduced everyday. Scantist SCA helps monitor your repo continuously and send notification/alert to you, keeping your repo to stay under the most secured environment.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://scantist.io","tos_url":"","company_url":"https://scantist.io","status_url":"","support_url":"support@scantist.com","documentation_url":"https://scantist.atlassian.net/wiki/spaces/SD/pages","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":"https://scantist.io","how_it_works":null,"hero_card_background_image_id":0,"technical_email":"admin@scantist.com","marketing_email":"rohan@scantist.com","finance_email":"finance@scantist.com","direct_billing_enabled":false,"by_github":false,"security_email":"ding@scantist.com","listable_type":"OauthApplication","listable_id":620146,"copilot_app":false}}},{"type":"marketplace_listing","id":"1581","state":"unverified","name":"SonarCloud","free":true,"primary_category":"Code quality","secondary_category":"Security","is_verified_owner":true,"slug":"sonarcloud","owner_login":"SonarSource","resource_path":"/marketplace/sonarcloud","installation_count":160192,"full_description":"SonarCloud helps devs merge safer, cleaner code with static analysis of your pull requests and branches. SonarCloud\ndetects Security Vulnerabilities, Bugs and Code Smells, and provides clear remediation guidance to help fix issues in\ncode.\n\nUse SonarCloud to save time during code reviews and make sure code meets quality and security requirements. SonarCloud\nnatively integrates with GitHub and decorates pull requests with analysis results.\n","short_description":"Empowering developers to detect Security Vulnerabilities, Bugs, and Code Smells in pull requests and repositories","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/1581?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":1581,"state":6,"name":"SonarCloud","slug":"sonarcloud","short_description":"Empowering developers to detect Security Vulnerabilities, Bugs, and Code Smells in pull requests and repositories","full_description":"[SonarCloud](https://www.sonarcloud.io) helps devs merge safer, cleaner code with **static analysis** of your pull requests and branches. SonarCloud detects Security Vulnerabilities, Bugs and Code Smells, and provides clear **remediation guidance** to help fix issues in code.\n\nUse SonarCloud to save time during code reviews and make sure **code meets quality and security requirements**. SonarCloud natively integrates with GitHub and decorates pull requests with analysis results.","extended_description":"**High-quality feedback, early in your workflow**\nAnalyze your code automatically after every commit and get a comprehensive report in your pull request directly. \n\n**Software quality and security monitoring**\nFollow key metrics about your code: Security, Maintainability, Reliability, Code coverage, Code duplications.\n\n**Support for continuous integration and delivery**\nFail pipelines when the quality or security of your code doesn’t meet the requirements you set for it.\n\n**Developer-centric experience**\nLearn and implement coding best practices with a tool that has been tailored for developers needs specifically.\n","primary_category_id":12,"secondary_category_id":6,"privacy_policy_url":"https://sonarcloud.io/documentation/appendices/privacy/","tos_url":"https://sonarcloud.io/terms.pdf","company_url":"https://sonarcloud.io","status_url":"https://status.sonarcloud.io","support_url":"https://community.sonarsource.com","documentation_url":"https://sonarcloud.io/documentation/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2630,"technical_email":"sonarcloud-github@sonarsource.com","marketing_email":"marketing@sonarsource.com","finance_email":"contact@sonarsource.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@sonarsource.com","listable_type":"Integration","listable_id":12526,"copilot_app":false}}},{"type":"marketplace_listing","id":"3768","state":"unverified","name":"Debricked","free":false,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"debricked","owner_login":"debricked","resource_path":"/marketplace/debricked","installation_count":2376,"full_description":"Debricked s tool allows you to discover known vulnerabilities in your open source-libraries in an early stage of your\ndevelopment process. Identify, fix and prevent open source vulnerabilities automatically with enforceable pipeline\nrules. Spend less time on manual security research and fixes; let Debricked do the work for you.\n\nDebricked is free for all open source projects!\n","short_description":"Automatically identify, fix and prevent vulnerabilities in your open source dependencies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/3768?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":3768,"state":6,"name":"Debricked","slug":"debricked","short_description":"Automatically identify, fix and prevent vulnerabilities in your open source dependencies","full_description":"Debricked's tool allows you to discover known vulnerabilities in your open source-libraries in an early stage of your development process. **Identify**, **fix** and **prevent** open source vulnerabilities automatically with enforceable pipeline rules. Spend less time on manual security research and fixes; let Debricked do the work for you. \n\n**Debricked is free for all open source projects!** \n\n\n\n\n\n","extended_description":"Debricked makes it easy to maintain a good state of security in your project. \n\nThe tool allows you to:\n\n- Detect vulnerabilities in your direct and indirect dependencies\n- Integrate seamlessly with other systems used in your everyday workflow\n- Prioritise with the help of our own score, debAI, and make informed decisions \n- Fix vulnerabilities using our suggestions and advise as well as pull requests\n- Prevent dependencies with severe vulnerabilities from entry using automated rules\n- Prevent using dependencies with incompatible licenses\n\nWe support a [wide range of languages and package managers](https://debricked.com/documentation/language-support/), and more are being added as we go!\n\n","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://debricked.com/privacy-policy/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","tos_url":"https://debricked.com/terms-and-conditions/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","company_url":"https://debricked.com/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","status_url":"","support_url":"https://debricked.com/contact/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","documentation_url":"https://debricked.com/documentation/1.0/integrations/ci-build-systems/github?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","pricing_url":null,"bgcolor":"0d1840","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2763,"technical_email":"oscar.reimer@debricked.com","marketing_email":"joanna.qvarnstrom@debricked.com","finance_email":"daniel.wisenhoff@debricked.com","direct_billing_enabled":false,"by_github":false,"security_email":"martin.hell@debricked.com","listable_type":"Integration","listable_id":24490,"copilot_app":false}}},{"type":"marketplace_listing","id":"6868","state":"unverified","name":"Bridgecrew","free":true,"primary_category":"Security","secondary_category":"Code Scanning Ready","is_verified_owner":true,"slug":"bridgecrew","owner_login":"bridgecrewio","resource_path":"/marketplace/bridgecrew","installation_count":5109,"full_description":"Our platform automates security engineering, allowing teams to identify and automatically fix misconfigurations in\nrun-time and build-time\n","short_description":"Find and fix security and compliance issues in Terraform, AWS Cloudformation, ARM templates, Kubernetes, and more","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/6868?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":6868,"state":6,"name":"Bridgecrew","slug":"bridgecrew","short_description":"Find and fix security and compliance issues in Terraform, AWS Cloudformation, ARM templates, Kubernetes, and more","full_description":"Our platform automates security engineering, allowing teams to identify and automatically fix misconfigurations in run-time and build-time","extended_description":" * Easily automate deployment and ongoing management of security workflows\n * Instant compliance to security requirements\n * Bridgecrew ships with industry-standard controls that connect to existing infrastructure. With continuous monitoring, Bridgecrew makes sure that the right resources have the right configurations at all times.\n# Automate Manual Security Tasks\nBridgecrew is making it easier for security practitioners to work closely with development and operations teams to securely grow from initial migration through day-to-day management.\n# Fix Broken and Vulnerable Infrastructure\nBridgecrew automates the actions required to find and fix misconfigurations.\n## Scanning\nBridgecrew uses existing APIs to periodically check your cloud infrastructure's compliance to defined security policies and identify incidents of non-conformance.\n## Remediating \nBridgecrew offers a variety of automated and manual methods for correcting and reporting Policy violations.","primary_category_id":6,"secondary_category_id":42,"privacy_policy_url":"https://bridgecrew.io/privacy-policy/","tos_url":"https://bridgecrew.io/end-user-license-agreement/","company_url":"https://bridgecrew.io/","status_url":"","support_url":"https://www.bridgecrew.cloud/","documentation_url":"https://docs.bridgecrew.io/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"barak@bridgecrew.io","marketing_email":"guy@bridgecrew.io","finance_email":"guy@bridgecrew.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@bridgecrew.io","listable_type":"Integration","listable_id":52968,"copilot_app":false}}},{"type":"marketplace_listing","id":"6758","state":"unverified","name":"GitGuardian","free":true,"primary_category":"Security","secondary_category":"Monitoring","is_verified_owner":true,"slug":"gitguardian","owner_login":"GitGuardian","resource_path":"/marketplace/gitguardian","installation_count":354422,"full_description":"🦉 What is GitGuardian?\n\nGitGuardian is the ultimate security layer for developers. We detect hardcoded secrets in repositories and help you with\nprevention and remediation.\n","short_description":"The #1 GitHub Security App – Find and fix hardcoded secrets in your GitHub repositories","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/6758?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":6758,"state":6,"name":"GitGuardian","slug":"gitguardian","short_description":"The #1 GitHub Security App – Find and fix hardcoded secrets in your GitHub repositories","full_description":"## 🦉 What is GitGuardian?\n\nGitGuardian is the ultimate security layer for developers.\nWe detect hardcoded secrets in repositories and help you with prevention and remediation.","extended_description":"## 🥇 Benefits\n\n### 1. Scan your codebase for 350+ types of secrets\nGitGuardian scans your selected repositories and raises alerts only for critical secrets, such as API keys or other credentials. GitGuardian’s detection algorithm has been battle-tested, at scale, on over three years of activity in all public GitHub repositories.\n\n### 2. Easily remediate your hardcoded secrets\nIf you ever experience a leak involving a credential, we have a complete remediation guide used by 100k+ developers each year. We’ll show you how to revoke the secret and remove it from your git history.\n\n### 3. Get an overview of your security posture\nGet a health status for every repository & view reports in your GitGuardian dashboard\n\n## 👋 Support\n\nIf you experience any difficulties or have any questions, please reach out to us by email ([support@gitguardian.com](mailto:support@gitguardian.com)).","primary_category_id":6,"secondary_category_id":14,"privacy_policy_url":"https://www.gitguardian.com/terms","tos_url":"https://www.gitguardian.com/legal-terms","company_url":"https://www.gitguardian.com/","status_url":"https://gitguardian.statuspage.io/","support_url":"https://www.gitguardian.com/security","documentation_url":"https://docs.gitguardian.com/","pricing_url":null,"bgcolor":"081736","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2493,"technical_email":"eric.fourrier@gitguardian.com","marketing_email":"carole.winqwist@gitguardian.com","finance_email":"jeremy.thomas@gitguardian.com","direct_billing_enabled":false,"by_github":false,"security_email":"farzad.farid@gitguardian.com","listable_type":"Integration","listable_id":46505,"copilot_app":false}}},{"type":"marketplace_listing","id":"11526","state":"unverified","name":"Intruder.io","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":true,"slug":"intruder-io","owner_login":"intruder-io","resource_path":"/marketplace/intruder-io","installation_count":243,"full_description":"Intruder is an online vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to\navoid costly data breaches. Enjoy the same level of security as big banks and governments worldwide, without the\ncomplexity.\n","short_description":"The Intruder GitHub app lets you open GitHub issues for your security weaknesses","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/11526?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":11526,"state":6,"name":"Intruder.io","slug":"intruder-io","short_description":"The Intruder GitHub app lets you open GitHub issues for your security weaknesses","full_description":"Intruder is an online vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches. Enjoy the same level of security as big banks and governments worldwide, without the complexity.","extended_description":"Our GitHub App lets you easily open GitHub issues for new security weaknesses found, to integrate with your team's workflow. When Intruder finds vulnerabilities such as misconfigurations, missing patches, encryption weaknesses, or application bugs, this app lets your teams know on GitHub.","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://www.intruder.io/privacy","tos_url":"https://www.intruder.io/terms","company_url":"https://www.intruder.io/","status_url":"https://status.intruder.io/","support_url":"https://help.intruder.io/en/","documentation_url":"https://developers.intruder.io/docs","pricing_url":null,"bgcolor":"061b27","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2766,"technical_email":"patrick.craston@intruder.io","marketing_email":"olya.osiagina@intruder.io","finance_email":"finance@intruder.io","direct_billing_enabled":false,"by_github":false,"security_email":"dan.andrew@intruder.io","listable_type":"Integration","listable_id":156211,"copilot_app":false}}},{"type":"marketplace_listing","id":"11929","state":"unverified","name":"StepSecurity Actions Security","free":true,"primary_category":"Security","secondary_category":null,"is_verified_owner":true,"slug":"harden-runner-app","owner_login":"step-security","resource_path":"/marketplace/harden-runner-app","installation_count":307,"full_description":"Introduction\n\nGitHub Actions execute untrusted code in a privileged environment. StepSecurity Actions Security App can help if you are\nworried about the following:\n\n1. Theft of CI/CD credentials compromising your cloud infrastructure\n2. Tampering of release builds leading to supply chain attacks\n3. Production container images not originating from compliant release pipelines\n","short_description":"Stop CI/CD supply chain attacks","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/11929?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":11929,"state":6,"name":"StepSecurity Actions Security","slug":"harden-runner-app","short_description":"Stop CI/CD supply chain attacks","full_description":"# Introduction\nGitHub Actions execute untrusted code in a privileged environment. StepSecurity Actions Security App can help if you are worried about the following:\n1. Theft of CI/CD credentials compromising your cloud infrastructure\n2. Tampering of release builds leading to supply chain attacks\n3. Production container images not originating from compliant release pipelines","extended_description":"# Features:\nFor more details, check out https://www.stepsecurity.io\n## GitHub Actions Runtime Security\nProtect against SolarWinds and Codecov-style attacks, whether in GitHub-hosted or self-hosted Actions Runner Controller (ARC) environments.\n\n## Effortless Traceability and Automatic Provenance Generation\nSwiftly locate the source of a container image and reduce Mean Time To Resolve (MTTR) during production hiccups\n\n## Manage risk from third-party GitHub Actions\nDiscover and manage third-party GitHub Actions being used across your organization\n\n## Manage GitHub Actions secrets\nHandle your GitHub Actions secrets with the same caution as cloud secrets\n\n# Permission requirements\nThis App only needs `actions: read`, `secrets: read` and `organization_secrets: read` permissions. \n\n`secrets: read` and `organization_secrets: read` only give access to the metadata about the secrets, not to the actual secret.\n\n# Support\nPlease email [info@stepsecurity.io](mailto:info@stepsecurity.io).","primary_category_id":6,"secondary_category_id":null,"privacy_policy_url":"https://app.stepsecurity.io/privacy","tos_url":"","company_url":"https://www.stepsecurity.io","status_url":"","support_url":"https://github.com/step-security/harden-runner/issues","documentation_url":"https://docs.stepsecurity.io","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"varunsh@stepsecurity.io","marketing_email":"varunsh@stepsecurity.io","finance_email":"varunsh@stepsecurity.io","direct_billing_enabled":false,"by_github":false,"security_email":"varunsh@stepsecurity.io","listable_type":"Integration","listable_id":169968,"copilot_app":false}}},{"type":"marketplace_listing","id":"12226","state":"unverified","name":"LunaTrace by LunaSec","free":true,"primary_category":"Security","secondary_category":"Open Source management","is_verified_owner":true,"slug":"lunatrace-by-lunasec","owner_login":"lunasec-io","resource_path":"/marketplace/lunatrace-by-lunasec","installation_count":227,"full_description":"LunaTrace helps you detect and fix security problems like Log4Shell by automatically scanning your software for known\nvulnerabilities in any Open Source dependencies you use.\n\nThis GitHub App integrates with our Cloud-hosted version of LunaTrace. By installing this application to your\nOrganization, LunaTrace automatically starts scanning your code for vulnerabilities and notifying you about how to fix\nthem.\n\nIt s Open Source, too! Star our repo here: https://github.com/lunasec-io/lunasec\n","short_description":"Find and fix security problems like Log4Shell automatically. Available Open Source or as a hosted SaaS powered by GitHub Apps","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/12226?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":12226,"state":6,"name":"LunaTrace by LunaSec","slug":"lunatrace-by-lunasec","short_description":"Find and fix security problems like Log4Shell automatically. Available Open Source or as a hosted SaaS powered by GitHub Apps","full_description":"LunaTrace helps you detect and fix security problems like Log4Shell by automatically scanning your software for known vulnerabilities in any Open Source dependencies you use.\n\nThis GitHub App integrates with our Cloud-hosted version of LunaTrace. By installing this application to your Organization, LunaTrace automatically starts scanning your code for vulnerabilities and notifying you about how to fix them.\n\nIt's Open Source, too! Star our repo here: https://github.com/lunasec-io/lunasec","extended_description":"The core of LunaTrace is Open Source and available on GitHub here: https://github.com/lunasec-io/lunasec/tree/master/lunatrace\n\nLunaTrace supports many languages already, but we're always adding more! \n\nOur best Supported Languages currently:\n- JavaScript and TypeScript\n- Java and Scala\n\nLanguages with Basic Support:\n- Python\n- Ruby\n- C# and other .NET languages\n- PHP\n- Dockerfiles\n\nIf you're using a language that isn't listed here currently, please open up a GitHub issue if you would like us to add support for it: https://github.com/lunasec-io/lunasec/issues\n\nFor more details and to learn how to get started, please visit the LunaTrace app directly here: https://lunatrace.lunasec.io","primary_category_id":6,"secondary_category_id":18,"privacy_policy_url":"https://www.lunasec.io/docs/pages/legal/terms-of-service/","tos_url":"https://www.lunasec.io/docs/pages/legal/terms-of-service/","company_url":"https://www.lunasec.io/","status_url":"","support_url":"https://www.lunasec.io/contact","documentation_url":"https://www.lunasec.io/docs/","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2941,"technical_email":"free@lunasec.io","marketing_email":"sales@lunasec.io","finance_email":"finance@lunasec.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@lunasec.io","listable_type":"Integration","listable_id":180838,"copilot_app":false}}},{"type":"marketplace_listing","id":"12255","state":"unverified","name":"ThreatKey","free":true,"primary_category":"Security","secondary_category":"AI Assisted","is_verified_owner":true,"slug":"threatkey","owner_login":"ThreatKey","resource_path":"/marketplace/threatkey","installation_count":0,"full_description":"Protecting your source code requires another layer of security to secure your GitHub organization. ThreatKey s GitHub\nintegration provides real-time protection for your GitHub organization(s) so you don t have to worry about\nmisconfigurations that could impact your security posture.\n","short_description":"Rapidly identify and remediate misconfigurations and security issues in SaaS and Cloud applications","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/12255?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":12255,"state":6,"name":"ThreatKey","slug":"threatkey","short_description":"Rapidly identify and remediate misconfigurations and security issues in SaaS and Cloud applications","full_description":"Protecting your source code requires another layer of security to secure your GitHub organization. ThreatKey's GitHub integration provides real-time protection for your GitHub organization(s) so you don't have to worry about misconfigurations that could impact your security posture. ","extended_description":"ThreatKey's GitHub integration provides businesses with an additional layer of security for their development process. We help you secure the configurations and settings that impact the security of your GitHub organization, such as: keeping your repos private, preventing force pushes to your repos, requiring a review before code can be merged into main, and many more.","primary_category_id":6,"secondary_category_id":39,"privacy_policy_url":"https://www.threatkey.com/privacy-policy","tos_url":"https://www.threatkey.com/terms-of-service","company_url":"https://www.threatkey.com","status_url":"https://status.threatkey.com/","support_url":"https://docs.threatkey.com","documentation_url":"https://docs.threatkey.com","pricing_url":null,"bgcolor":"EEEEEE","light_text":false,"learn_more_url":null,"installation_url":"https://app.threatkey.com/environment/sources","how_it_works":null,"hero_card_background_image_id":0,"technical_email":"support@threatkey.com","marketing_email":"sales@threatkey.com","finance_email":"finance@threatkey.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@threatkey.com","listable_type":"OauthApplication","listable_id":1716707,"copilot_app":false}}},{"type":"marketplace_listing","id":"12528","state":"unverified","name":"Cloud Authenticator","free":true,"primary_category":"Utilities","secondary_category":"Security","is_verified_owner":true,"slug":"cloud-authenticator","owner_login":"devsig","resource_path":"/marketplace/cloud-authenticator","installation_count":18,"full_description":"Cloud Authenticator generates 2-Step Verification codes on your phone. Cloud Authenticator can also be used to secure\nyour other online accounts that support TOTP or HMAC one-time passwords.\n\n2-Step Verification provides stronger security for your All online Account by requiring a second verification step when\nyou sign in. In addition to your password, you’ll also need a code generated by the Cloud Authenticator app on your\nphone.\n","short_description":"Cloud Authenticator: 2FA | Password | Payments | Notes","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/12528?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":12528,"state":6,"name":"Cloud Authenticator","slug":"cloud-authenticator","short_description":"Cloud Authenticator: 2FA | Password | Payments | Notes","full_description":"Cloud Authenticator generates 2-Step Verification codes on your phone.\nCloud Authenticator can also be used to secure your other online accounts that support TOTP or HMAC one-time passwords.\n\n2-Step Verification provides stronger security for your All online Account by requiring a second verification step when you sign in. In addition to your password, you’ll also need a code generated by the Cloud Authenticator app on your phone.\n","extended_description":"Multi-Device Synchronization:\nAre your re-scanning all your QR codes just to add them to your tablet and smartphone? With Cloud Authenticator you can simply add devices to your account and all of your 2fa tokens will automatically synchronize.\n\nOffline:\nStill, waiting for an SMS to arrive? do you travel constantly and lose access to your accounts? Authy generates secure tokens offline from the safety of your Android device, this way you can authenticate securely even when in airplane mode.\n\nAll of your accounts:\nWe support most major multifactor authentication accounts including Facebook, Dropbox, Amazon, Gmail, and thousands of other providers. We also support 8-digit tokens.","primary_category_id":29,"secondary_category_id":6,"privacy_policy_url":"https://play.google.com/store/apps/details?id=com.devsig.cloudauthenticator","tos_url":"","company_url":"https://devsig.com/","status_url":"","support_url":"https://play.google.com/store/apps/details?id=com.devsig.cloudauthenticator","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":"https://play.google.com/store/apps/details?id=com.devsig.cloudauthenticator","how_it_works":null,"hero_card_background_image_id":0,"technical_email":"admin@devsig.com","marketing_email":"admin@devsig.com","finance_email":"admin@devsig.com","direct_billing_enabled":false,"by_github":false,"security_email":"admin@devsig.com","listable_type":"OauthApplication","listable_id":1896248,"copilot_app":false}}}],"total":1367,"total_pages":69},"categories":{"apps":[{"name":"API management","slug":"api-management","description_html":"Structure your API infrastructure to enable various internet gateways to interact with your service.
\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"Utilities providing periodic backups of your GitHub data
\n"},{"name":"Chat","slug":"chat","description_html":"Bring GitHub into your conversations.
\n"},{"name":"Code quality","slug":"code-quality","description_html":"Automate your code review with style, quality, security, and test‑coverage checks when you need them.
\n"},{"name":"Code review","slug":"code-review","description_html":"Ensure your code meets quality standards and ship with confidence.
\n"},{"name":"Container CI","slug":"container-ci","description_html":"Continuous integration for container applications.
\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.
\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"Secure and manage your third-party dependencies.
\n"},{"name":"Deployment","slug":"deployment","description_html":"Streamline your code deployment so you can focus on your product.
\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"Enables custom protection rules to gate deployments with third-party services
\n"},{"name":"Game CI","slug":"game-ci","description_html":"Tools for building a CI pipeline for game development
\n"},{"name":"IDEs","slug":"ides","description_html":"Find the right interface to build, debug, and deploy your source code.
\n"},{"name":"Learning","slug":"learning","description_html":"Get the skills you need to level up.
\n"},{"name":"Localization","slug":"localization","description_html":"Extend your software's reach. Localize and translate continuously from GitHub.
\n"},{"name":"Mobile","slug":"mobile","description_html":"Improve your workflow for the small screen.
\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"Continuous integration for Mobile applications
\n"},{"name":"Monitoring","slug":"monitoring","description_html":"Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.
\n"},{"name":"Project management","slug":"project-management","description_html":"Organize, manage, and track your project with tools that build on top of issues and pull requests.
\n"},{"name":"Publishing","slug":"publishing","description_html":"Get your site ready for production so you can get the word out.
\n"},{"name":"Recently added","slug":"recently-added","description_html":"The latest tools that help you and your team build software better, together.
\n"},{"name":"Security","slug":"security","description_html":"Find, fix, and prevent security vulnerabilities before they can be exploited.
\n"},{"name":"Support","slug":"support","description_html":"Get your team and customers the help they need.
\n"},{"name":"Testing","slug":"testing","description_html":"Eliminate bugs and ship with more confidence by adding these tools to your workflow.
\n"},{"name":"Utilities","slug":"utilities","description_html":"Auxiliary tools to enhance your experience on GitHub
\n"}],"actions":[{"name":"API management","slug":"api-management","description_html":"Structure your API infrastructure to enable various internet gateways to interact with your service.
\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"Utilities providing periodic backups of your GitHub data
\n"},{"name":"Chat","slug":"chat","description_html":"Bring GitHub into your conversations.
\n"},{"name":"Code quality","slug":"code-quality","description_html":"Automate your code review with style, quality, security, and test‑coverage checks when you need them.
\n"},{"name":"Code review","slug":"code-review","description_html":"Ensure your code meets quality standards and ship with confidence.
\n"},{"name":"Container CI","slug":"container-ci","description_html":"Continuous integration for container applications.
\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.
\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"Secure and manage your third-party dependencies.
\n"},{"name":"Deployment","slug":"deployment","description_html":"Streamline your code deployment so you can focus on your product.
\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"Enables custom protection rules to gate deployments with third-party services
\n"},{"name":"Game CI","slug":"game-ci","description_html":"Tools for building a CI pipeline for game development
\n"},{"name":"GitHub Sponsors","slug":"github-sponsors","description_html":"Tools to manage your GitHub Sponsors community
\n"},{"name":"IDEs","slug":"ides","description_html":"Find the right interface to build, debug, and deploy your source code.
\n"},{"name":"Learning","slug":"learning","description_html":"Get the skills you need to level up.
\n"},{"name":"Localization","slug":"localization","description_html":"Extend your software's reach. Localize and translate continuously from GitHub.
\n"},{"name":"Mobile","slug":"mobile","description_html":"Improve your workflow for the small screen.
\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"Continuous integration for Mobile applications
\n"},{"name":"Monitoring","slug":"monitoring","description_html":"Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.
\n"},{"name":"Project management","slug":"project-management","description_html":"Organize, manage, and track your project with tools that build on top of issues and pull requests.
\n"},{"name":"Publishing","slug":"publishing","description_html":"Get your site ready for production so you can get the word out.
\n"},{"name":"Security","slug":"security","description_html":"Find, fix, and prevent security vulnerabilities before they can be exploited.
\n"},{"name":"Support","slug":"support","description_html":"Get your team and customers the help they need.
\n"},{"name":"Testing","slug":"testing","description_html":"Eliminate bugs and ship with more confidence by adding these tools to your workflow.
\n"},{"name":"Utilities","slug":"utilities","description_html":"Auxiliary tools to enhance your experience on GitHub
\n"}]}},"title":"Marketplace"}