Security Scanners

Scanners used within AquilaX AI

At AquilaX, we believe a top-notch Application Security and DevSecOps program should leverage the best of today’s trusted, mature open-source scanners. We openly showcase each scanner we use, allowing our clients to see exactly how we’re protecting their code. And for those needing more, we also integrate and offer a full range of both private and open-source scanners to cover all bases in application security.

Logo

License

Used for

https://github.com/bridgecrewio/checkov

Apache 2.0

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

https://github.com/securego/gosec

Apache 2.0

Go security checker

https://github.com/aquasecurity/trivy

Apache 2.0

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

https://github.com/finos/CatchIT

Apache 2.0

Source code secret scanner by Goldman Sachs and FINOS

https://github.com/anchore/syft

Apache 2.0

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

https://docs.npmjs.com/cli/v9/commands/npm-audit

The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.

https://github.com/gitleaks/gitleaks

MIT

Protect and discover secrets using Gitleaks 🔑

https://github.com/Yelp/detect-secrets

Apache 2.0

An enterprise friendly way of detecting and preventing secrets in code.

https://github.com/prowler-cloud/prowler

Apache 2.0

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

https://github.com/aquasecurity/chain-bench

Apache 2.0

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

https://github.com/Checkmarx/kics

Apache 2.0

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

https://github.com/PyCQA/bandit

Apache 2.0

Bandit is a tool designed to find common security issues in Python code.

https://github.com/facebook/pyre-check

MIT

Performant and security type-checking for python.

https://github.com/controlplaneio/kubesec

Apache 2.0

Security risk analysis for Kubernetes resources

https://github.com/jeremylong/DependencyCheck

Apache 2.0

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://github.com/ZupIT/horusec

Apache 2.0

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

https://github.com/nccgroup/sobelow

Apache 2.0

Sobelow is a security-focused static analysis tool for Elixir & the Phoenix framework.

https://github.com/Nullify-Platform/attack-surface-scanner

MIT

Web application attack surface scanner by Nullify

https://google.github.io/osv-scanner/

Apache 2.0

PreviousSLO/SLA/SLI NextSupported Languages

Last updated 5 months ago

Was this helpful?

Security Scanners

Scanners used within AquilaX AI

Logo

License

Used for

https://github.com/bridgecrewio/checkov

Apache 2.0

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

https://github.com/securego/gosec

Apache 2.0

Go security checker

https://github.com/aquasecurity/trivy

Apache 2.0

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

https://github.com/finos/CatchIT

Apache 2.0

Source code secret scanner by Goldman Sachs and FINOS

https://github.com/anchore/syft

Apache 2.0

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

https://docs.npmjs.com/cli/v9/commands/npm-audit

The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.

https://github.com/gitleaks/gitleaks

MIT

Protect and discover secrets using Gitleaks 🔑

https://github.com/Yelp/detect-secrets

Apache 2.0

An enterprise friendly way of detecting and preventing secrets in code.

https://github.com/prowler-cloud/prowler

Apache 2.0

https://github.com/aquasecurity/chain-bench

Apache 2.0

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

https://github.com/Checkmarx/kics

Apache 2.0

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

https://github.com/PyCQA/bandit

Apache 2.0

Bandit is a tool designed to find common security issues in Python code.

https://github.com/facebook/pyre-check

MIT

Performant and security type-checking for python.

https://github.com/controlplaneio/kubesec

Apache 2.0

Security risk analysis for Kubernetes resources

https://github.com/jeremylong/DependencyCheck

Apache 2.0

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.