ZeroPath
ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with deep program analysis to deliver intelligent security testing that finds real vulnerabilities while dramatically reducing false positives.
Unlike traditional SAST tools that rely on pattern matching, ZeroPath understands code context, business logic, and developer intent. This enables identification of sophisticated security issues including business logic flaws, broken authentication, authorization bypasses, and complex dependency vulnerabilities.
Our comprehensive security suite covers the application security lifecycle:
1. AI-powered SAST
2. Software Composition Analysis with reachability analysis
3. Secrets detection and validation
4. Infrastructure as Code scanning
5. Automated PR reviews
6. Automated patch generation
and more...
ZeroPath integrates seamlessly with GitHub, GitLab, Bitbucket, Azure DevOps and many more. The platform handles codebases with millions of lines across Python, JavaScript, TypeScript, Java, Go, Ruby, Rust, PHP, Kotlin and more.
Our research team has been successful in finding vulnerabilities like critical account takeover in better-auth (CVE-2025-61928, 300k+ weekly downloads), identifying 170+ verified bugs in curl, and discovering 0-days in production systems at Netflix, Hulu, and Salesforce.
Trusted by 750+ companies and performing 200k+ code scans monthly.
Learn more
Parasoft
Parasoft's mission is to provide automated testing solutions and expertise that empower organizations to expedite delivery of safe and reliable software.
A powerful unified C and C++ test automation solution for static analysis, unit testing and structural code coverage, Parasoft C/C++test helps satisfy compliance with industry functional safety and security requirements for embedded software systems.
Learn more
Opengrep
Opengrep serves as an open-source static code analysis tool aimed at uncovering security vulnerabilities in various codebases. Being a fork of Semgrep, it shares a common goal of delivering rapid and effective code pattern searching across over 30 programming languages, such as Python, JavaScript, and Go. The platform allows developers to create personalized rules for pattern detection, which aids in identifying potential security flaws while also encouraging compliance with coding standards. Incorporating Opengrep into the development process empowers teams to take a proactive stance on vulnerabilities, significantly improving the security and reliability of their software projects. Additionally, its user-friendly interface and customizable features make it an appealing choice for developers seeking to enhance their coding practices.
Learn more
DeepSource
DeepSource is a modern AI-driven code review and code quality platform built to help engineering teams deliver secure and maintainable software. The platform combines deterministic static analysis with intelligent AI agents to automatically review code changes across repositories. Developers can integrate DeepSource with popular version control systems such as GitHub, GitLab, Bitbucket, and Azure DevOps to analyze pull requests as they are created. During each review, the system scans code for potential bugs, security vulnerabilities, performance issues, and architectural problems. It provides inline feedback directly inside pull requests, allowing developers to resolve issues before merging code into production. DeepSource also offers automated patch suggestions through its Autofix feature, helping teams fix problems faster without interrupting development workflows. Security-focused capabilities include secrets detection, open-source dependency vulnerability scanning, and infrastructure-as-code configuration analysis. The platform tracks code coverage to highlight untested areas and ensures teams maintain testing standards before releasing updates. Compliance reporting aligned with major security frameworks helps organizations stay audit-ready. With automated insights and actionable feedback, DeepSource helps development teams improve code quality while accelerating software delivery.
Learn more
