Tuneable, end to end security scanning.
Whether you’re just getting started on your application security journey or your a seasoned pro, we’ve got you covered with our end to end security platform
Vulnerability in Python versions before 3.8.1 related to improper handling of URLs
This vulnerability affects Node.js due to improper handling of untrusted objects in the http module.
This vulnerability affects .NET Core and ASP.NET Core applications potentially allowing cross-site lor
This vulnerability affects the Linux kernel and can impact C++ applications where improper handling of
This vulnerability affects the TypeScript Compiler (tsc) in versions prior to 4.8 leading to potential damage
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, lo....
All your app’s security vulnerabilities in one place.
Detect, remediate and monitor all of your applications dependencies, misconfigurations, secrets and compliance issues in one, streamlined application
In the cloud, on prem, local workstations and hybrid environments we have products to support you where you work best
Born out of first hand experience using multiple tools for every security acronym under the sun, we built a tool with developers in mind
Pay per seat with month to month and annual options. Never feel trapped or buy more than you need
Whether you have a full suite of tools or your just getting started, ship code fast and leave worrying about security to us
Product Overview
The ultimate tool for detecting and managing secrets in your codebase with superior accuracy and seamless integration. Scan for hidden API keys and sensitive data to prevent breaches in real-time.
Comprehensive code analysis to uncover vulnerabilities before they become issues, with easy integration into your development workflow. Stay ahead of threats and secure your code with every commit.
Detect misconfigurations, compliance issues, and security risks in your IaC files. Customize scans to your needs and safeguard your cloud environments before deployment.
Generate on-demand SBOMs for your applications to mitigate vulnerabilities faster, improve your security posture and breeze through compliance requirements.
Integrations with your favorite tools.
No matter which cloud or version control tools you use we’ve got you covered. Enjoy streamlined workflows and real-time vulnerability detection without interrupting your existing processes.
Pricing for every budget.
Whether you're a solo professional or a global enterprise we’ve got a pricing plan to fit your budget.
We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional
$15.20/mo - 20% discount vs monthly!
We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional
$31.20/mo - 20% discount vs monthly!
We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional
We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional
Or pay annually for a 20% discount!
We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional
Or pay annually for a 20% discount!
We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional
Get started now!
Secure your applications in minutes! Getting started is as simple as signing up, activating your scanners and begin remediating vulnerabilities
Frequently Asked Questions
We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional
We're on a mission to build the world's most comprehensive Application and Cloud Security Posture management system. While we recognize great things take time, we've focused on delivering as much value as possible immediately for development and security teams. Secret Detection, Static Application Security Testing, Infrastructure as Code scanning, and SBOM generation are generally available, with more scanners being released every month. Enterprise authentication is available via Google and GitHub, with Okta and others on our road map.
Enjoy the simplicity of having your favorite open source scanners in one application. With centralized reporting and dashboards to view vulnerabilities detected across all scanners in one place - spend more time remediating and less time debugging and aggregating data across multiple reports. Google and Github single sign on options are generally available with Okta on the way. Lastly our email digest sends you and your team a daily summary of vulnerabilities found so you can take action even when you're not at your computer.
Codefortify was built with intuition at the core of our system. Application and cloud security are complex, and managing multiple vendors and scanners can be problematic. We've built an integration with GitHub so you can securely authenticate and scan your code directly in GitHub, while aggregating your vulnerability results in Codefortify. Simply set up a project in Github with the repositories you want scanned, authenticate to Codefortify using your GitHub credentials, set up a project in Codefortify that points to your Github project and enable your preferred scanners. When Codefortify identifies a vulnerability our app will take you back into GitHub to remediate so you can rest assured your data is safe.
We take your privacy seriously. We adhere to Microsoft Azure Security best practices for items related to identity management, data protection, backup recovery, threat monitoring, network security and much more. We're currently in the process of applying for our SocII type 1 attestation so you can rest assured that we take security as seriously as you do. We don't take it for granted that our clients trust us to protect their business and we practice what we preach.
Our US-based team is here to help! Chat directly with us in the app or submit a support ticket for any questions you might have. Most support tickets are answered within the hour. Have a feature you'd love to see? We'd love to hear about it! Feature requests are available natively in our app so as you're working feel free to submit your requests and a member of our product team will follow up with you directly.
Sign up is simple and you can get started for free! Click any of the “Get Started” links on the page to be securely redirected to the sign up page. Simply use your Google or GitHub credentials to create your account. From there you can upgrade your account to Premium or Enterprise, and add team members to start collaborating with you.
Codefortify is infinitely configurable so you can have the right scanners for the job. Start by setting up a project in Codefortify on the projects page, add your preferred GitHub repositories with the code and applications you’d like to scan. From there we’ll redirect you to Github to authenticate your desired repositories. Once your repos are connected, head to the integrations page to activate the desired scanners for each project. And you’re done! Start committing code and remediate vulnerabilities in Codefortify.
One of the biggest challenges development teams face is remembering to use the right CI template with the right scanners configured. Codefortify takes the pain out of config management and let’s you easily activate and deactivate your desired scanners per project. Once you’ve connected your GitHub repos to Codefortify, head to the integrations page and activate your desired scanners for the project. Commit code and watch the vulnerabilities appear in Codefortify.
The dashboard on the home page shows all scans completed and vulnerabilities by severity. You can filter by a number of parameters including code contributor, project, date range and severity level. To remediate a vulnerability simply click the link to the item in question, review the code in question and click the link to the specific item to be redirected directly into the commit in GitHub that needs attention. Save time trying to remember which branch and project your CVEs, and use our custom GPT to interpret what the problem is and how to remediate it quickly.
Adding team members to help you review and tackle remediation is easy! Head to the “My Company” tab and add a users email address, we’ll send them an invite to your instance. Removing them is just as easy, under “My Team” click on actions and remove the user.
Every plan starts out free. Click on the sign up button or use your Google or GitHub credentials to activate your account.
Once you’re in the application you can select “Update Plan” at the bottom left side of the screen or select the same button under “My Company” → “My Subscription” to select the plan that fits your needs.
The free plan allows you to add up to three team members, two open source scanners and 1 project with 5 repos, when you’ve hit your limits the app will automatically prompt you to upgrade.
Teams offers everything in Free including unlimited team members, 4 scanners with advanced rulesets, 10 projects with 50 repos, and custom vulnerability scoring. Teams is best for growing companies expanding their security posture.
Enterprise offers everything in teams including unlimited team members with all scanners and advanced rulesets, unlimited projects and repos, custom vulnerability scoring and a dedicated customer support team. Enterprise is best for customers who want a complete security posture and dedicated support.
Codefortify is infinitely configurable so you can have the right scanners for the job. Start by setting up a project in Codefortify on the projects page, add your preferred GitHub repositories with the code and applications you’d like to scan. From there we’ll redirect you to Github to authenticate your desired repositories. Once your repos are connected, head to the integrations page to activate the desired scanners for each project. And you’re done! Start committing code and remediate vulnerabilities in Codefortify.
After committing your code you’ll automatically start seeing scan results on the home page in Codefortify. User the filters to drill into the subset of vulnerabilities you want to review and click the link either on the home page or issues page to review the specific vulnerability in question. We’ve integrated a GPT-augmented assistant to help you interpret the CVE in question with recommended remediation steps where available. When you’re ready to remediate, click the link in the issue to take you back to GitHub to remediate your issue real time.
Codefortify integrates seamlessly with GitHub, you can use your GitHub credentials to setup your account, authenticate repositories you’d like to scan and initiate a session to work on remediating your vulnerabilities.
Coming soon
Adding team members to help you review and tackle remediation is easy! Head to the “My Company” tab and add a users email address, we’ll send them an invite to your instance. Removing them is just as easy, under “My Team” click on actions and remove the user.
Support
Our team is here to help! Join us on slack, browse our documentation or simply reach out for whatever you need
Meet more like minded security-forward professionals like yourself in our Slack community
Check out our documentation to get started, configure additional scanners, add team members and more
Have a question about our products, pricing or anything else? Reach out to us we’d love to chat!
