SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production.
This product is open source and very convenient.
This is open source.
This product is open source and very convenient.
This is open source.
Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
I believe pricing is better compared to other commercial tools.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
I believe pricing is better compared to other commercial tools.
Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.
We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon
You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it.
We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon
You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it.
Users have expressed satisfaction with various aspects, highlighting its quality, functionality, and value for money. They appreciate its user-friendly interface and the convenience it offers.
Additionally, users have praised the prompt and helpful customer support provided. Some users have also mentioned the product's durability and reliability.
I think that we pay approximately $100 USD per month.
The price is okay.
I think that we pay approximately $100 USD per month.
The price is okay.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
Sonatype Lifecycle is an open-source security and dependency management software that uses only one tool to automatically find open-source vulnerabilities at every stage of the System Development Life Cycle (SDLC). Users can now minimize security vulnerabilities, permitting organizations to enhance development workflow. Sonatype Lifecycle gives the user complete control over their software supply chain, allowing them to regain wasted time fighting risks in the SDLC. In addition, this software unifies the ability to define rules, actions, and policies that work best for your organizations and teams.
Its pricing is competitive within the market. It's not very cheap, it's not very expensive.
We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.
Its pricing is competitive within the market. It's not very cheap, it's not very expensive.
We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.
Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.
We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000.
Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand).
We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000.
Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand).
Bitbucket is a team-oriented Git-based code hosting and collaboration solution. The best-in-class Jira and Trello integrations in Bitbucket are meant to bring the entire software team together to complete a project. Bitbucket gives your team a single location to collaborate on code from concept to cloud deployment, to generate quality code through automated testing, and to deploy code with confidence.
You have to buy additional licenses when you exceed 50 users.
With our small number of users, our licensing fees are approximately $10 USD per month.
You have to buy additional licenses when you exceed 50 users.
With our small number of users, our licensing fees are approximately $10 USD per month.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Try the free trial of the product to understand the basic working mechanisms.
It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Try the free trial of the product to understand the basic working mechanisms.
Stash has multiple deployment options to provide the flexibility your organization needs.
The solution comes as a part of the suite.
We pay around $6 per user.
The solution comes as a part of the suite.
We pay around $6 per user.
Atlassian SourceTree is a graphical user interface (GUI) desktop client that facilitates user interaction with Git repositories. SourceTree provides a visual interface that is easy to use and intuitive. It allows developers to save a lot of command lines when working with Git.
There is a fee for using SourceTree.
Atlassian SourceTree is a free solution.
There is a fee for using SourceTree.
Atlassian SourceTree is a free solution.
We are using the open-source version, which is available free of charge.
This is an open-source solution, so there are no licensing fees associated with it, and no extra, 'hidden' charges.
We are using the open-source version, which is available free of charge.
This is an open-source solution, so there are no licensing fees associated with it, and no extra, 'hidden' charges.
AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
The solution is expensive.
The product's pricing is low. I would rate it a two out of ten.
The solution is expensive.
The product's pricing is low. I would rate it a two out of ten.
Sonatype Repository Firewall is a cloud-based security solution designed to safeguard your software supply chain against malicious components. It operates by meticulously scanning and evaluating each new component against customized governance policies, thereby effectively identifying and blocking potential threats before they infiltrate your development pipeline. What sets Sonatype Repository Firewall apart is its user-friendly setup, seamless integration with existing workflows, and remarkable scalability, making it suitable for software development environments of any size. Key features include blocking malicious components through behavioral analysis, malware scanning, and vulnerability assessment, as well as the ability to enforce custom governance policies. By utilizing this tool, organizations can enhance their software supply chain security, mitigate risks related to supply chain attacks, bolster compliance with industry standards, and ultimately reduce costs associated with security incidents.
The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive.
The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive.
IBM Rational ClearCase is an enterprise-grade configuration management system that provides controlled access to software assets, including requirements, design documents, models, test plans and test results. It be can be integrated with other IBM solutions, including IBM Rational Team Concert, IBM Rational ClearQuest, IBM Rational Asset Manager and IBM Rational Application Developer for WebSphere Software.
This is a very expensive product.
IBM Rational ClearCase, like any other IBM tool, is expensive.
This is a very expensive product.
IBM Rational ClearCase, like any other IBM tool, is expensive.
Liquibase is a migration-based open source database version control solution that relies on a changelog to track what changesets have been deployed to a database, and what additional changesets needs to be applied to a database in order to migrate a database schema to a specific version. Liquibase supports an XML model for defining changesets so that database schema changes can easily be translated to another DBMS platforms. As an open source solution, Liquibase is ideal for smaller teams and projects or for teams that have ample time to invest in extending and adapting the open source capability to meet their needs.
Perforce, the Fast Software Configuration Management System, is a tool that versions and manages source code and digital assets for enterprises. Perforce is easy to install, learn and administer; seamlessly handles distributed development; and supports developers across a large number of platforms. Perforce ensures development integrity by grouping multi-file updates into atomic changes, enables concurrent development, and intelligently manages multiple software releases using its Inter-File Branching system.
The tool's price is good.
The tool's price is good.