AquilaX Docs
Service StatusFeature RequestLogin
  • Documentation
  • Products and Services
    • Demo
      • Security Engineer - Assistant
      • Security Engineer - Chat
      • Scan code Snippet
    • Products
    • Services
      • Vulnerability Triaging
      • AppSec Training
      • DevSecOps Consultation
      • Deployment Options
      • Security Consultation
      • Integrations
    • Company Principles
      • Engineering Principles
      • AI Principles
      • AquilaX Mission
    • Proof of Value (PoV)
    • SLO/SLA/SLI
    • Security Scanners
    • Supported Languages
    • What is AquilaX
    • Success Cases
      • RemoteEngine
    • AquilaX License Model
  • User Manual
    • Access Tokens
    • Scanners
      • Secret Scanning
      • PII Scanner
      • SAST
      • SCA
      • Container Scanning
      • IaC Scanning
      • API Security
      • Malware Scanning
      • AI Generated Code
      • License Scanning
    • DevTools
      • AquilaX CLI
      • CI/CD
        • GitHub Integration
        • GitLab Integration
      • Vulnerability Tickets
        • GitHub Issues
        • GitLab Issues
        • JIRA Tickets
      • IDE
        • VS Code
    • Frameworks
    • Roles
    • Security Policy
    • Comparison
      • ArmorCode vs AquilaX
      • Black Duck vs AquilaX
      • AquilaX vs other Vendors
    • Press and Logo
    • Install AquilaX
    • Public Scan
    • Scanning Setup Guide
    • AI Chat Prompts
  • API Docs
  • Tech Articles
    • Proprietary AI Models
    • AquilaX Securitron
    • Securitron AI Service
    • Secure SDLC (DevSecOps)
    • Bending the technology
    • SecuriTron In Action
    • Future
      • The Future of Code Review
      • Building Superhumans
    • Blog
      • Breaking the Code: AquilaX
      • Rethinking Authentication in 2024
      • Software Supply Chain Security
      • OneFirewall - Network Security
      • The Art of Doing Source Code Review
      • Our Cloud Infrastracture
    • AppSec
      • 10 ‘must’ controls
      • OWASP Top 10
      • MITRE ATT&CK Framework
      • SQL Injection
      • DevSecOps
      • Insider Threats in Application Security
      • Secure API Development
      • RBAC in Applications
      • Security in CI/CD Pipelines
      • Audits in DevSecOps
      • Security Policies
      • S SDLC
      • Multi-Factor Authentication (MFA)
      • API Gateway Security
      • RESTful APIs
      • Microservices
      • Secure API Development
      • API Security Best Practices
    • AI
      • AI part of AppSec
      • NL-JSON Model
      • Findings Review (AquilaX AI)
      • AI-Driven Vulnerability Triage
    • Tech Events
      • Web Summit 2024
    • ASPM
    • State of Art Secure SDLC
      • Validating Runtime Security
    • Announcements
      • 10 Billion
      • AquilaX Joins NVIDIA Inception
    • Webinars
      • Unlock the Future of Code Security with AI
  • AI Models
    • AI Scanner
    • Query
    • QnA
    • Security Assistant
    • Review
Powered by GitBook
On this page

Was this helpful?

  1. Products and Services

Security Scanners

Scanners used within AquilaX AI

At AquilaX, we believe a top-notch Application Security and DevSecOps program should leverage the best of today’s trusted, mature open-source scanners. We openly showcase each scanner we use, allowing our clients to see exactly how we’re protecting their code. And for those needing more, we also integrate and offer a full range of both private and open-source scanners to cover all bases in application security.

Logo
License
Used for
https://github.com/bridgecrewio/checkov

Apache 2.0

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

https://github.com/securego/gosec

Apache 2.0

Go security checker

https://github.com/aquasecurity/trivy

Apache 2.0

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

https://github.com/finos/CatchIT

Apache 2.0

Source code secret scanner by Goldman Sachs and FINOS

https://github.com/anchore/syft

Apache 2.0

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

https://docs.npmjs.com/cli/v9/commands/npm-audit

The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.

https://github.com/gitleaks/gitleaks

MIT

Protect and discover secrets using Gitleaks 🔑

https://github.com/Yelp/detect-secrets

Apache 2.0

An enterprise friendly way of detecting and preventing secrets in code.

https://github.com/prowler-cloud/prowler

Apache 2.0

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

https://github.com/aquasecurity/chain-bench

Apache 2.0

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

https://github.com/Checkmarx/kics

Apache 2.0

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

https://github.com/PyCQA/bandit

Apache 2.0

Bandit is a tool designed to find common security issues in Python code.

https://github.com/facebook/pyre-check

MIT

Performant and security type-checking for python.

https://github.com/controlplaneio/kubesec

Apache 2.0

Security risk analysis for Kubernetes resources

https://github.com/jeremylong/DependencyCheck

Apache 2.0

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://github.com/ZupIT/horusec

Apache 2.0

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

https://github.com/nccgroup/sobelow

Apache 2.0

Sobelow is a security-focused static analysis tool for Elixir & the Phoenix framework.

https://github.com/Nullify-Platform/attack-surface-scanner

MIT

Web application attack surface scanner by Nullify

https://google.github.io/osv-scanner/

Apache 2.0

PreviousSLO/SLA/SLINextSupported Languages

Last updated 5 months ago

Was this helpful?

Vulnerability scanner written in Go which uses the data provided by

https://osv.dev