OpenText Static Application Security Testing Integrations

AWS is the leading provider of cloud computing, delivering over 200 fully featured services to organizations worldwide. Its offerings cover everything from infrastructure—such as compute, storage, and networking—to advanced technologies like artificial intelligence, machine learning, and agentic AI. Businesses use AWS to modernize legacy systems, run high-performance workloads, and build scalable, secure applications. Core services like Amazon EC2, Amazon S3, and Amazon DynamoDB provide foundational capabilities, while advanced solutions like SageMaker and AWS Transform enable AI-driven transformation. The platform is supported by a global infrastructure that includes 38 regions, 120 availability zones, and 400+ edge locations, ensuring low latency and high reliability. AWS integrates with leading enterprise tools, developer SDKs, and partner ecosystems, giving teams the flexibility to adopt cloud at their own pace. Its training and certification programs help individuals and companies grow cloud expertise with industry-recognized credentials. With its unmatched breadth, depth, and proven track record, AWS empowers organizations to innovate and compete in the digital-first economy.

Microsoft 365 for Individuals is designed to elevate personal productivity through its blend of creativity, collaboration, and AI intelligence. The suite includes industry-leading apps like Word, Excel, PowerPoint, Outlook, and OneNote, accessible across all major devices for continuous workflow. With the integration of Copilot, Microsoft’s advanced AI assistant, users can brainstorm ideas, write content, and analyze data effortlessly. OneDrive cloud storage ensures files are safe, accessible, and protected with ransomware defense. Microsoft Designer and Clipchamp bring professional-level design and video editing within reach, empowering creators to produce visually captivating content. Microsoft Defender provides enterprise-grade security, safeguarding user identities and information. The platform’s flexible plans—Personal, Family, and Premium—cater to different needs while keeping experiences consistent and user-friendly. Whether for work, study, or creativity, Microsoft 365 helps users unlock their potential with the power of AI and cloud technology.

Slack is a cloud-based platform that enhances project collaboration and team communication, specifically tailored to foster smooth interaction within organizations. With a robust suite of tools and services unified in one platform, Slack allows for private channels that encourage engagement among smaller groups, direct messaging options for sending information straight to coworkers, and public channels that invite discussions among members from different organizations. Accessible on various operating systems including Mac, Windows, Android, and iOS, Slack boasts a wide array of features such as chat capabilities, file sharing, collaborative workspaces, instant notifications, two-way audio and video calls, screen sharing, document imaging, and activity tracking, among other functionalities. Additionally, its user-friendly interface and versatile integration options make it a popular choice for teams seeking to enhance their productivity and communication effectiveness.

Jira is a project management tool that allows you to plan and track the work of your entire team. Atlassian's Jira is the #1 tool for software development teams to plan and build great products. Jira is trusted by thousands of teams. It offers a range of tools to help plan, track, and release world-class software. It also allows you to capture and organize issues, assign work, and follow team activity. It integrates with leading developer software for end-toend traceability. Jira can help you break down big ideas into manageable steps, whether they are small projects or large cross-functional programs. Organize your work, create milestones and dependencies, and more. Linking work to goals allows everyone to see how their work contributes towards company objectives, and to stay aligned with what's important. Your next step, suggested by AI. Atlassian Intelligence automatically suggests tasks to help you get your big ideas done.

GitHub stands as the leading platform for developers globally, renowned for its security, scalability, and community appreciation. By joining the ranks of millions of developers and businesses, you can contribute to the software that drives the world forward. Collaborate within the most inventive communities, all while utilizing our top-tier tools, support, and services. If you're overseeing various contributors, take advantage of our free GitHub Team for Open Source option. Additionally, GitHub Sponsors is available to assist in financing your projects. We're thrilled to announce the return of The Pack, where we’ve teamed up to provide students and educators with complimentary access to premier developer tools throughout the academic year and beyond. Furthermore, if you work for a recognized nonprofit, association, or a 501(c)(3), we offer a discounted Organization account to support your mission. With these offerings, GitHub continues to empower diverse users in their software development journeys.

Bitbucket transcends traditional Git code management by offering a unified platform where teams can plan, collaborate on code, test, and deploy all in one place. It is free for small teams of up to five members and offers scalable options with Standard and Premium plans priced at $3 and $6 per user per month, respectively. By enabling the creation of Bitbucket branches directly from Jira issues or Trello cards, it helps keep projects systematically organized. The platform supports build, test, and deployment processes with its integrated CI/CD, enhancing efficiency through configuration as code and rapid feedback cycles. Code reviews are streamlined with pull requests, allowing teams to create a merge checklist and designate approvers while facilitating discussions directly in the source code using inline comments. With Bitbucket Pipelines featuring Deployments, teams can seamlessly integrate their build, test, and deployment processes. Security is prioritized with features like IP whitelisting and mandatory two-step verification, ensuring that code remains protected in the cloud. Additionally, users can restrict access to specific individuals and manage their permissions with branch controls and merge checks to ensure the highest quality of code output. This comprehensive suite of features makes Bitbucket an invaluable tool for modern software development teams.

Snowflake offers a unified AI Data Cloud platform that transforms how businesses store, analyze, and leverage data by eliminating silos and simplifying architectures. It features interoperable storage that enables seamless access to diverse datasets at massive scale, along with an elastic compute engine that delivers leading performance for a wide range of workloads. Snowflake Cortex AI integrates secure access to cutting-edge large language models and AI services, empowering enterprises to accelerate AI-driven insights. The platform’s cloud services automate and streamline resource management, reducing complexity and cost. Snowflake also offers Snowgrid, which securely connects data and applications across multiple regions and cloud providers for a consistent experience. Their Horizon Catalog provides built-in governance to manage security, privacy, compliance, and access control. Snowflake Marketplace connects users to critical business data and apps to foster collaboration within the AI Data Cloud network. Serving over 11,000 customers worldwide, Snowflake supports industries from healthcare and finance to retail and telecom.

Jenkins, the premier open-source automation server, boasts an extensive library of plugins that facilitate the building, deployment, and automation of any project. Its versatility allows Jenkins to function not only as a straightforward continuous integration (CI) server but also as a comprehensive continuous delivery hub tailored for diverse projects. This self-sufficient, Java-based application is designed to operate immediately, with installation packages available for Windows, Linux, macOS, and various Unix-like platforms. Configuring Jenkins is straightforward through its intuitive web interface, which features real-time error checks and embedded assistance. With a plethora of plugins accessible in the Update Center, Jenkins seamlessly integrates with nearly every tool utilized in the continuous integration and delivery pipeline. Its plugin architecture allows for significant expandability, offering almost limitless options for enhancing Jenkins’s functionality. Additionally, Jenkins can efficiently allocate tasks across multiple machines, significantly accelerating the build, testing, and deployment processes across various environments, which ultimately leads to increased productivity. This adaptability makes Jenkins a key player in modern software development workflows.

Utilize integrated software delivery tools to share code, monitor tasks, and deploy software, all hosted on your premises. Whether you choose to leverage the full suite of Azure DevOps services or just a select few, these tools can seamlessly enhance your current workflows. Formerly recognized as Team Foundation Server (TFS), Azure DevOps Server provides a comprehensive set of collaborative tools for software development, tailored for on-premises use. By integrating with your preferred IDE or editor, Azure DevOps Server empowers your diverse team to collaborate effectively on projects, regardless of their scale. This powerful software includes robust source code management capabilities, along with features such as access controls and permissions, bug tracking, build automation, change management, code reviews, collaboration, continuous integration, and version control, to support your development process in a holistic manner. With Azure DevOps Server, teams can streamline their development cycles and enhance productivity, ensuring that software delivery is efficient and reliable.

Bamboo excels in providing exceptional support for the "delivery" component of continuous delivery. Its deployment projects streamline the often tedious process of releasing software across various environments, all while granting you the ability to manage permissions tailored to each specific environment, ensuring a smooth and controlled deployment experience. This feature enhances the overall efficiency and reliability of the software delivery process.

SonarQube Server serves as a self-hosted solution for ongoing code quality assessment, enabling development teams to detect and address bugs, vulnerabilities, and code issues in real time. It delivers automated static analysis across multiple programming languages, ensuring that the highest standards of quality and security are upheld throughout the software development process. Additionally, SonarQube Server integrates effortlessly with current CI/CD workflows, providing options for both on-premise and cloud deployments. Equipped with sophisticated reporting capabilities, it assists teams in managing technical debt, monitoring progress, and maintaining coding standards. This platform is particularly well-suited for organizations desiring comprehensive oversight of their code quality and security while maintaining high performance levels. Furthermore, SonarQube fosters a culture of continuous improvement within development teams, encouraging proactive measures to enhance code integrity over time.

Selenium enables the automation of web browsers, and the possibilities it presents are entirely in your hands. While its primary use is for testing web applications, its utility extends well beyond that scope. Repetitive web-based administrative tasks can also be automated effectively, making your workflow more efficient and less tedious. For those looking to develop comprehensive browser-based regression automation suites and distribute scripts across various environments, Selenium WebDriver is the ideal choice, offering a set of language-specific bindings to control a browser as intended. Alternatively, if you are interested in quickly creating bug reproduction scripts or enhancing exploratory testing through automation, Selenium IDE serves as a convenient tool; this is a browser add-on for Chrome and Firefox that provides straightforward record-and-playback functionality for user interactions. Furthermore, if your goal involves scaling your testing processes by executing tests across multiple machines and managing diverse environments from a centralized interface, Selenium can accommodate those needs as well. Ultimately, the versatility of Selenium allows for a broad range of automation possibilities tailored to fit various requirements.

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk is a developer security platform that automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams.

Oobeya is an engineering intelligence platform that helps software development teams accelerate their value delivery performance. Oobeya works with code repositories, issue tracking, testing, application performance monitoring (APM), and incident management tools to measure engineering metrics, like cycle time, lead time, sprint planning accuracy, pull request metrics, and value stream metrics (VSM), and DevOps DORA metrics. Engineering Leaders can access real-time data and insights about individuals, teams, and systems to make them more confident in taking action on product development and engineering processes.

Visual Studio by Microsoft is a complete ecosystem for professional developers, combining robust coding environments, integrated AI capabilities, and advanced collaboration tools. The flagship Visual Studio 2022 IDE delivers an all-in-one workspace with compilers, debuggers, designers, and performance profilers for .NET, C++, C#, and Azure development. Meanwhile, Visual Studio Code (VS Code) offers a lightweight yet powerful editor that runs on Windows, macOS, and Linux, ideal for web, JavaScript, Python, and container-based workflows. With GitHub Copilot integration, developers receive intelligent code completions, automated refactoring, and natural language explanations of complex logic. Agent Mode introduces an AI-driven assistant that can edit across files, execute builds, and resolve compile or test errors autonomously. Built-in tools like unit test generators, CI-aware policy enforcement, and style validation help ensure clean, testable, and secure code. Thousands of extensions from the Visual Studio Marketplace expand functionality for database, cloud, and DevOps workflows. Together, these platforms redefine productivity, helping teams code smarter and deliver innovation faster.

Nucleus is revolutionizing the landscape of vulnerability management software by serving as the definitive source for all asset information, vulnerabilities, and relevant data. We enable you to harness the untapped potential of your current tools, guiding you towards enhanced program maturity through the integration of individuals, processes, and technology in vulnerability management. By utilizing Nucleus, you gain unparalleled insight into your program, along with a collection of tools whose capabilities cannot be replicated elsewhere. This platform acts as the sole shift-left solution that merges development with security operations, allowing you to fully exploit the value that your existing tools fail to provide. With Nucleus, you will experience exceptional integration within your pipeline, efficient tracking, prioritized triage, streamlined automation, and comprehensive reporting features, all delivered through a uniquely functional suite of tools. Ultimately, adopting Nucleus not only enhances your operational efficiency but also significantly strengthens your organization's approach to managing vulnerabilities and code weaknesses.

Mend.io delivers the first AI native application security platform built for software created by both humans and machines. It empowers organizations to secure AI generated code and embedded AI components like models, agents, MCPs, and RAG pipelines. The unified platform brings together comprehensive capabilities including AI security, SAST, SCA, container scanning, and Mend Renovate providing development and security teams complete visibility into risks across their codebase. With AI powered remediation and prioritization workflows, teams are enabled to quickly resolve issues and reduce risk. With a simple, predictable price model, eliminating per-module costs and minimal reliance on expensive professional services Mend.io is a scalable, proactive, developer-friendly platform for modern AppSec—all in a single platform.

Bugzilla is a robust server application aimed at facilitating the management of software development projects. It features an optimized database architecture, enhancing both performance and scalability. The software prioritizes security measures to ensure the confidentiality of sensitive information. With an advanced query tool, users can easily recall their previous searches. Built-in email functionalities further streamline communication. Users also benefit from customizable profiles and detailed email preferences. A thorough permissions system grants varying levels of access based on user roles. Having proven its reliability as Mozilla's bug tracking solution, Bugzilla is utilized by a multitude of companies, organizations, and projects. This particular page highlights several noteworthy or prominent installations of Bugzilla while also providing a directory of public Bugzilla instances. The updates mentioned include bug fixes and enhancements to performance, but refrain from introducing any new features or major scalability improvements. Additionally, there are no alterations to the database schema, although documentation updates may be present. It's worth noting that template changes are limited to corrections of typos and grammatical errors. Furthermore, users are encouraged to explore the extensive community support surrounding Bugzilla, which contributes to its ongoing development and refinement.

ThreadFix 3.0 offers an all-encompassing perspective on the risks associated with applications and their underlying infrastructure. Say goodbye to traditional spreadsheets and PDFs for good. Designed for everyone from Application Security Managers to CISOs, ThreadFix enhances team efficiency and delivers robust reporting capabilities for senior management. Discover the significant advantages of ThreadFix, recognized as the leading platform for managing application vulnerabilities. It enables the automatic consolidation, de-duplication, and correlation of vulnerabilities found in applications with the infrastructure assets that support them, utilizing data from both commercial and open-source scanning tools. Understanding the existing vulnerabilities is just the beginning; ThreadFix allows you to swiftly identify trends in vulnerabilities and make informed remediation choices based on a centralized data view. Once vulnerabilities are identified, addressing them promptly can be challenging, but with ThreadFix, you gain the tools necessary to streamline this critical process effectively. By leveraging its comprehensive features, organizations can enhance their overall security posture and respond proactively to emerging threats.

Phoenix Security bridges the communication gap between security teams, developers, and businesses, ensuring they all share a common understanding. We assist security experts in concentrating on the most critical vulnerabilities that impact cloud, infrastructure, and application security. By honing in on the top 10% of vulnerabilities that require immediate attention, we expedite risk reduction through prioritized and contextualized insights. Our automated threat intelligence enhances efficiency, facilitating quicker responses to potential threats. Furthermore, we aggregate, correlate, and contextualize data from various security tools, granting organizations unparalleled visibility into their security landscape. This approach dismantles the barriers that typically exist between application security, operational security, and business operations, fostering a more cohesive security strategy. Ultimately, our goal is to empower organizations to respond to risks more effectively and collaboratively.

Black Duck, a segment of the Synopsys Software Integrity Group, stands out as a prominent provider of application security testing (AST) solutions. Their extensive array of offerings encompasses tools for static analysis, software composition analysis (SCA), dynamic analysis, and interactive analysis, which assist organizations in detecting and addressing security vulnerabilities throughout the software development life cycle. By streamlining the identification and management of open-source software, Black Duck guarantees adherence to security and licensing regulations. Their solutions are meticulously crafted to enable organizations to foster trust in their software while effectively managing application security, quality, and compliance risks at a pace that aligns with business demands. With Black Duck, businesses are equipped to innovate with security in mind, delivering software solutions confidently and efficiently. Furthermore, their commitment to continuous improvement ensures that clients remain ahead of emerging security challenges in a rapidly evolving technological landscape.

Gradle, Inc. includes the Gradle Build Tool and Develocity (formerly Gradle Enterprise). These tools are used to speed up and debug builds, tests, and other tasks for Maven, Gradle, Bazel, and sbt. Gradle Build Tool is the most used tool to build open-source JVM projects on GitHub. It is downloaded on average more than 30 million times per month, and was included in TechCrunch's Top 20 Most Popular Open Source Projects. Many popular projects have moved from Maven to Gradle. Spring Boot is one of them. Develocity is the only platform that combines software build performance acceleration with analytics. It is used by the most prestigious software development companies around the world to reduce build times by half and give developers back one week of lost productivity time. Acceleration technologies speed up the software development and testing process. Data analytics (Failure Analytics Trends & Insights), make troubleshooting easier.

Harness is a comprehensive AI-native software delivery platform designed to modernize DevOps practices by automating continuous integration, continuous delivery, and GitOps workflows across multi-cloud and multi-service environments. It empowers engineering teams to build faster, deploy confidently, and manage infrastructure as code with automated error reduction and cost control. The platform integrates new capabilities like database DevOps, artifact registries, and on-demand cloud development environments to simplify complex operations. Harness also enhances software quality through AI-driven test automation, chaos engineering, and predictive incident response that minimize downtime. Feature management and experimentation tools allow controlled releases and data-driven decision-making. Security and compliance are strengthened with automated vulnerability scanning, runtime protection, and supply chain security. Harness offers deep insights into engineering productivity and cloud spend, helping teams optimize resources. With over 100 integrations and trusted by top companies, Harness unifies AI and DevOps to accelerate innovation and developer productivity.

SQUAD1VM is a Risk-Based Virtuality Management and Orchestration Platform. The Vulnerability data is compiled from various technology solutions, vulnerability scanners and manual penetration testing assessments. Squad1 provides cyber risk quantification for all vulnerability feeds. These vulnerability insights with supporting risk scoring make it easier for security personnel to take quick actions. These insights are based on context information about the mitigation patterns of peer departments and past vulnerabilities identification trends, and supported by guided workflows to improve security posture. Modules: 1. Audit Management 2. On-Demand Scanning 3. Asset Management 4. User/ Vendor Management 5. Report Management 6. Ticketing System The benefits of SQUAD1 1. Automate Risk Identification 2. Prioritization allows for faster mitigation 3. Custom Enterprise Workflow 4. Visibility to Insightful Vulnerability Monitoring

The Uni5 platform transforms conventional vulnerability management into a comprehensive approach to threat exposure management by pinpointing potential cyber threats to your enterprise, strengthening your most vulnerable controls, and addressing the most critical vulnerabilities to mitigate overall risks. To effectively minimize threat exposure and stay ahead of cybercriminals, organizations must possess a thorough understanding of their operational environment as well as the mindset of potential attackers. The HiveUni5 platform offers expansive asset visibility, actionable intelligence on threats and vulnerabilities, security control assessments, patch management, and facilitates cross-functional collaboration within the platform. It allows organizations to effectively close the risk management loop with automatically generated strategic, operational, and tactical reports. Additionally, HivePro Uni5 seamlessly integrates with over 27 widely recognized tools for asset management, IT service management, vulnerability scanning, and patch management, enabling organizations to maximize their pre-existing investments while enhancing their security posture. By leveraging these capabilities, enterprises can create a more resilient defense strategy against evolving cyber threats.

Sonatype Nexus Repository is an essential tool for managing open-source dependencies and software artifacts in modern development environments. It supports a wide range of packaging formats and integrates with popular CI/CD tools, enabling seamless development workflows. Nexus Repository offers key features like secure open-source consumption, high availability, and scalability for both cloud and on-premise deployments. The platform helps teams automate processes, track dependencies, and maintain high security standards, ensuring efficient software delivery and compliance across all stages of the SDLC.

OpenText Software Delivery Management empowers Agile and DevOps teams to deliver superior software quality by combining integrated planning, continuous integration, test management, and release management in a single solution. The platform offers transparency and traceability throughout the entire software delivery lifecycle, allowing teams to align work from ideation through release seamlessly. It supports hybrid development methodologies, enabling organizations to transform at their own pace from traditional waterfall to scaled Agile and DevOps practices. By scaling to thousands of continuous integration-driven tests and tuning automation efforts, it optimizes testing efficiency and effectiveness. The solution proactively addresses compliance requirements for highly regulated industries by identifying and mitigating risks early. Real-time dashboards and customizable metrics provide deep insights into quality KPIs, enabling mission-critical decision making. Centralized testing efforts improve collaboration and consistency, while integrated release processes streamline software deployment. OpenText Software Delivery Management offers flexible, analytics-focused tools to help teams maintain continuous quality and accelerate time-to-market.

Enhance the efficiency of API development for individuals, teams, and large organizations using the Swagger open-source and professional suite of tools. Discover how Swagger can assist in designing and documenting APIs effectively on a large scale. The strength of Swagger tools is rooted in the OpenAPI Specification, which serves as the industry standard for designing RESTful APIs. There are various tools available to create, modify, and share OpenAPI definitions with different stakeholders. For comprehensive support of OpenAPI workflows, SwaggerHub serves as the platform solution that scales effectively. Millions of API developers, teams, and enterprises have benefited from Swagger's tools to create exceptional APIs. With Swagger, you gain access to the most robust and user-friendly tools that leverage the full potential of the OpenAPI Specification, ensuring a seamless development process that can adapt to evolving needs.

Safeguard cloud-native applications while minimizing the potential attack surface by identifying vulnerabilities, concealed malware, sensitive information, compliance breaches, and additional risks throughout both the build and runtime phases, thereby guaranteeing that only compliant containers are deployed in production. Seamlessly incorporate security measures early in the continuous integration and continuous delivery (CI/CD) process, automating protections that enable DevSecOps teams to launch production-ready applications without hindering build timelines. With the confidence that applications are secure, developers can focus on building and deploying their projects. Leverage a unified platform that provides automated discovery, runtime protection, continuous threat detection and response for cloud workloads and containers, as well as managed cloud threat hunting. This comprehensive solution aids in uncovering hidden malware, embedded secrets, configuration errors, and other vulnerabilities in your images, ultimately contributing to a significantly reduced attack surface and enhanced security posture. Empower your team to innovate while maintaining the highest security standards.

Tromzo creates a comprehensive understanding of environmental and organizational factors spanning from code to cloud, enabling you to swiftly address significant risks within the software supply chain. By focusing on the remediation of risks at each layer, from code to cloud, Tromzo constructs a prioritized risk assessment that encompasses the entire supply chain, providing essential context. This contextual information aids users in identifying which specific assets are vital for the business, safeguarding those critical components from potential risks, and streamlining the remediation process for the most pressing issues. With a detailed inventory of software assets, including code repositories, software dependencies, SBOMs, containers, and microservices, you gain insight into what you possess, who manages it, and which elements are crucial for your business's success. Additionally, by assessing the security posture of each team through metrics such as SLA compliance and MTTR, you can effectively promote risk remediation efforts and establish accountability throughout the organization. Ultimately, Tromzo empowers teams to prioritize their security measures, ensuring that the most important risks are addressed promptly and effectively.

Maverix seamlessly integrates into the current DevOps workflow, providing all necessary connections with software engineering and application security tools while overseeing the application security testing process from start to finish. It utilizes AI-driven automation to manage security issues, covering aspects such as detection, categorization, prioritization, filtering, synchronization, fix management, and support for mitigation strategies. The platform features a premier DevSecOps data repository that ensures comprehensive visibility into advancements in application security and team performance over time. Security challenges can be efficiently monitored, assessed, and prioritized through a unified interface designed for the security team, which also connects with third-party tools. Users can achieve complete transparency regarding application readiness for production and track improvements in application security over the long term, fostering a proactive security culture within the organization. This allows teams to address vulnerabilities promptly, ensuring a more resilient and secure application lifecycle.