Tuneable, end to end security scanning.

Whether you’re just getting started on your application security journey or your a seasoned pro, we’ve got you covered with our end to end security platform

Codefortify logo light shadow
Vulnerability!
Fix issue

Vulnerability in Python versions before 3.8.1 related to improper handling of URLs

Vulnerability!
Fix issue

This vulnerability affects Node.js due to improper handling of untrusted objects in the http module.

Vulnerability!
Fix issue

This vulnerability affects .NET Core and ASP.NET Core applications potentially allowing cross-site lor   

Vulnerability!
Fix issue

This vulnerability affects the Linux kernel and can impact C++ applications where improper handling of

Vulnerability!
Fix issue

This vulnerability affects the TypeScript Compiler (tsc) in versions prior to 4.8 leading to potential damage

Vulnerability!
Fix issue

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, lo....

Scanning agentSearchlightbackground code

All your app’s security vulnerabilities in one place.

Detect, remediate and monitor all of your applications dependencies, misconfigurations, secrets and compliance issues in one, streamlined application

home page video
Meet your team where they are

In the cloud, on prem, local workstations and hybrid environments we have products to support you where you work best

By Developers, For Developers

Born out of first hand experience using multiple tools for every security acronym under the sun, we built a tool with developers in mind

Priced per user

Pay per seat with month to month and annual options. Never feel trapped or buy more than you need

Security at every step

Whether you have a full suite of tools or your just getting started, ship code fast and leave worrying about security to us

Product Overview

Secret Detection

The ultimate tool for detecting and managing secrets in your codebase with superior accuracy and seamless integration. Scan for hidden API keys and sensitive data to prevent breaches in real-time.

Secret detection shield Secret detection shield Secret detection shield Secret detection shield Secret detection shield secret detection shield with stars
grid with code bugs
SAST bug before remediationSAST bug after remediation
SAST bug before remediationSAST bug after remediation
SAST bug before remediationSAST bug after remediation
SAST

Comprehensive code analysis to uncover vulnerabilities before they become issues, with easy integration into your development workflow. Stay ahead of threats and secure your code with every commit.

Infrastructure as Code

Detect misconfigurations, compliance issues, and security risks in your IaC files. Customize scans to your needs and safeguard your cloud environments before deployment.

infrastructure going into server
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
Container before remediationContainer after remediation
SBOMs

Generate on-demand SBOMs for your applications to mitigate vulnerabilities faster, improve your security posture and breeze through compliance requirements.

Integrations with your favorite tools.

No matter which cloud or version control tools you use we’ve got you covered. Enjoy streamlined workflows and real-time vulnerability detection without interrupting your existing processes.

integrations with azure, aws, google, gitlab, github and semgrepintegrations with azure, aws, google, gitlab, github and semgrep for mobile design

Pricing for every budget.

Whether you're a solo professional or a global enterprise we’ve got a pricing plan to fit your budget.

FREE
Free

We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional

1 Project
5 Repos
1 Scanner
See complete feature list (+4 features)
Close complete feature list
Dev Vuln Dashboard
Issues Detail Working Page
Chat GPT CVE Description and suggested remediation
SAST Scanning
Close complete feature list
TEAMS
$182.40 /yr

$15.20/mo - 20% discount vs monthly!

We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional

10 Projects
50 Repos
2 Scanners
See complete feature list (+8 features)
Close complete feature list
Everything in Free, plus...
CF Advanced Secrets & SAST Rulesets
Custom Vulnerability Scoring (secrets)
Advanced Permissions
Close complete feature list
FREE
Free

We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional

1 Project
5 Repos
1 Scanner
See complete feature list (+4 features)
Close complete feature list
Dev Vuln Dashboard
Issues Detail Working Page
Chat GPT CVE Description and suggested remediation
SAST Scanning
Close complete feature list
TEAMS
$19.00 /mo

Or pay annually for a 20% discount!

We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional

10 Projects
50 Repos
2 Scanners
See complete feature list (+8 features)
Close complete feature list
Everything in Free, plus...
CF Advanced Secrets & SAST Rulesets
Custom Vulnerability Scoring (secrets)
Advanced Permissions
Close complete feature list

Get started now!

Secure your applications in minutes! Getting started is as simple as signing up, activating your scanners and begin remediating vulnerabilities

1
Create free account and try Codefortify at a trial level
2
Upgrade to Teams or Enterprise at any time in the app

See what our users have to say...

“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt.”

“Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate.”

testimonial avatar
John Smith
CTO at Company Name
“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt.”

“Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate.”

testimonial avatar
John Smith
CTO at Company Name
“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt.”

“Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate.”

testimonial avatar
John Smith
CTO at Company Name
“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt.”

“Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate.”

testimonial avatar
John Smith
CTO at Company Name

Frequently Asked Questions

We offer a range of pricing plans to fit every budget and level of need. Whether you're a solo professional

Product overview

We're on a mission to build the world's most comprehensive Application and Cloud Security Posture management system. While we recognize great things take time, we've focused on delivering as much value as possible immediately for development and security teams. Secret Detection, Static Application Security Testing, Infrastructure as Code scanning, and SBOM generation are generally available, with more scanners being released every month. Enterprise authentication is available via Google and GitHub, with Okta and others on our road map.

What’s included?

Enjoy the simplicity of having your favorite open source scanners in one application. With centralized reporting and dashboards to view vulnerabilities detected across all scanners in one place - spend more time remediating and less time debugging and aggregating data across multiple reports. Google and Github single sign on options are generally available with Okta on the way. Lastly our email digest sends you and your team a daily summary of vulnerabilities found so you can take action even when you're not at your computer.

Best practices?

Codefortify was built with intuition at the core of our system. Application and cloud security are complex, and managing multiple vendors and scanners can be problematic. We've built an integration with GitHub so you can securely authenticate and scan your code directly in GitHub, while aggregating your vulnerability results in Codefortify. Simply set up a project in Github with the repositories you want scanned, authenticate to Codefortify using your GitHub credentials, set up a project in Codefortify that points to your Github project and enable your preferred scanners. When Codefortify identifies a vulnerability our app will take you back into GitHub to remediate so you can rest assured your data is safe.

Security

We take your privacy seriously. We adhere to Microsoft Azure Security best practices for items related to identity management, data protection, backup recovery, threat monitoring, network security and much more. We're currently in the process of applying for our SocII type 1 attestation so you can rest assured that we take security as seriously as you do. We don't take it for granted that our clients trust us to protect their business and we practice what we preach.

Support

Our US-based team is here to help! Chat directly with us in the app or submit a support ticket for any questions you might have. Most support tickets are answered within the hour. Have a feature you'd love to see? We'd love to hear about it! Feature requests are available natively in our app so as you're working feel free to submit your requests and a member of our product team will follow up with you directly.

Sign Up

Sign up is simple and you can get started for free! Click any of the “Get Started” links on the page to be securely redirected to the sign up page. Simply use your Google or GitHub credentials to create your account. From there you can upgrade your account to Premium or Enterprise, and add team members to start collaborating with you.

Installing your preferred scanners

Codefortify is infinitely configurable so you can have the right scanners for the job. Start by setting up a project in Codefortify on the projects page, add your preferred GitHub repositories with the code and applications you’d like to scan. From there we’ll redirect you to Github to authenticate your desired repositories. Once your repos are connected, head to the integrations page to activate the desired scanners for each project. And you’re done! Start committing code and remediate vulnerabilities in Codefortify.

Configuring your first scan

One of the biggest challenges development teams face is remembering to use the right CI template with the right scanners configured. Codefortify takes the pain out of config management and let’s you easily activate and deactivate your desired scanners per project. Once you’ve connected your GitHub repos to Codefortify, head to the integrations page and activate your desired scanners for the project. Commit code and watch the vulnerabilities appear in Codefortify.

Reviewing and remediating results

The dashboard on the home page shows all scans completed and vulnerabilities by severity. You can filter by a number of parameters including code contributor, project, date range and severity level. To remediate a vulnerability simply click the link to the item in question, review the code in question and click the link to the specific item to be redirected directly into the commit in GitHub that needs attention. Save time trying to remember which branch and project your CVEs, and use our custom GPT to interpret what the problem is and how to remediate it quickly.

Adding team members

Adding team members to help you review and tackle remediation is easy! Head to the “My Company” tab and add a users email address, we’ll send them an invite to your instance. Removing them is just as easy, under “My Team” click on actions and remove the user.

Setting up your free account

Every plan starts out free. Click on the sign up button or use your Google or GitHub credentials to activate your account.

Upgrading your plan

Once you’re in the application you can select “Update Plan” at the bottom left side of the screen or select the same button under “My Company” → “My Subscription” to select the plan that fits your needs.

Adding additional seats

The free plan allows you to add up to three team members, two open source scanners and 1 project with 5 repos, when you’ve hit your limits the app will automatically prompt you to upgrade.

Differences between free and teams

Teams offers everything in Free including unlimited team members, 4 scanners with advanced rulesets, 10 projects with 50 repos, and custom vulnerability scoring. Teams is best for growing companies expanding their security posture.

Differences between teams and enterprise

Enterprise offers everything in teams including unlimited team members with all scanners and advanced rulesets, unlimited projects and repos, custom vulnerability scoring and a dedicated customer support team. Enterprise is best for customers who want a complete security posture and dedicated support.

Setting up your scanners

Codefortify is infinitely configurable so you can have the right scanners for the job. Start by setting up a project in Codefortify on the projects page, add your preferred GitHub repositories with the code and applications you’d like to scan. From there we’ll redirect you to Github to authenticate your desired repositories. Once your repos are connected, head to the integrations page to activate the desired scanners for each project. And you’re done! Start committing code and remediate vulnerabilities in Codefortify.

Reviewing Results

After committing your code you’ll automatically start seeing scan results on the home page in Codefortify. User the filters to drill into the subset of vulnerabilities you want to review and click the link either on the home page or issues page to review the specific vulnerability in question. We’ve integrated a GPT-augmented assistant to help you interpret the CVE in question with recommended remediation steps where available. When you’re ready to remediate, click the link in the issue to take you back to GitHub to remediate your issue real time.

Integrating with Github

Codefortify integrates seamlessly with GitHub, you can use your GitHub credentials to setup your account, authenticate repositories you’d like to scan and initiate a session to work on remediating your vulnerabilities.

Integrating with Slack

Coming soon

Adding Team Members

Adding team members to help you review and tackle remediation is easy! Head to the “My Company” tab and add a users email address, we’ll send them an invite to your instance. Removing them is just as easy, under “My Team” click on actions and remove the user.

Consent Preferences