devsecops — independent software & tools
-
niro
Security that keeps up with your developers.
-
pentest-with-LLM
Automate authorized pentesting with LLMs, combining scanning, RAG, and exploit research for faster target analysis, vuln discovery, and reporting
-
AttackMap
AI-assisted defensive security analysis for codebases.
-
diffgate
Triage for AI-generated code review: grades each changed diff line green/yellow/orange by impact, so reviewers spend attention where it matters. High-signal, low-noise (0 false blocks), deterministic — in your coding agent (MCP), editor (VS Code), and CLI/CI.
-
pinprick
Pin your GitHub Actions. Prick holes in their supply chain security.
-
trusca
Self-hosted, open-source SCA portal — vulnerability (CVE), license compliance, and SBOM management in one UI. Black Duck/Snyk-class capabilities, Apache-2.0.
-
agent-bom
AI supply-chain & cloud security scanner and self-hosted control plane — agents, MCP, packages, cloud estate, non-human identities, and LLM cost. SBOM/SARIF, graph attack-paths, runtime enforcement, and compliance evidence.