Attribute
|
Essential
|
Advanced
|
Codacy
|
Focus
|
|||
Extras
|
None
|
None
|
None
|
Headcount
|
|||
Headcount
Distribution
|
|||
Headcount
Growth
|
|||
Headquarters
|
|||
Countries
|
Same
|
||
Reputation
|
Same
|
||
Followers
|
Same
|
||
Research firms
|
None
|
None
|
|
Founded
|
2001 | ||
Funding
|
Bootstrapped
|
Same
|
$29.4M
USD in 5 round from 10 investors
|
Acquisitions
|
None
|
None
|
None
|
Revenue
|
|||
CVE
|
257 CVEs
reported to MITRE, ranked in the top 10
CVE labs
worldwide
|
0 CVEs reported to MITRE
|
|
Compliance
|
SOC 2 Type I and SOC 2 Type II | ||
Bug Bounty
|
|||
Visits
|
|||
Authority
|
|||
Vulnerability
database
|
None
|
||
Content
|
Same
|
||
Knowledge
base
|
13 KB sections, 5
in common and 8 additional
|
5 KB sections, all in common
|
|
Community
|
No
|
||
Sync
training
|
No
|
No
|
No
|
Async
training
|
3 product
use courses, all free
|
No
|
|
Distribution
|
Same
|
||
Marketplaces | AWS and GitHub | ||
Freemium
|
No
|
No
|
|
Free trial
|
|||
Demo
|
|||
Pricing
|
|||
Pricing tiers
|
1 plan
|
1 plan
|
3 plans (team, business,
audit). First transparent
|
Minimum
commit
|
|||
Minimum payment
period
|
|||
Minimum
capabilities
|
|||
Minimum
scope
|
1 group
|
1 author
|
|
Pricing
drivers
|
|||
Minimum monthly
payment
|
Attribute
|
Essential
|
Advanced
|
Codacy
|
PTaaS
|
No
|
No
|
|
Reverse engineering
|
No
|
Yes | No |
Secure code review
|
No
|
No
|
|
Pivoting
|
No
|
No
|
|
Exploitation
|
No
|
No
|
|
Manual
reattacks
|
Not applicable
|
Not applicable
|
|
Zero-day
vulnerabilities
|
None
|
None
|
|
SLA
|
No information available | ||
Min
availability
|
>=99.95% per minute LTM
|
No information available
|
|
After-sale
guarantees
|
No
|
Yes
|
No
|
Accreditations
|
None
|
||
Hacker certifications
|
Not applicable
|
Not applicable
|
|
Type of contract
|
Employee
|
Same
|
|
Endpoint
control
|
Not applicable
|
Total
|
Not applicable
|
Channel
control
|
Not applicable
|
Total
|
Not applicable
|
Standards
|
Some requirements
from 65 standards, 3 in
common and 62 additional
|
All requirements from
the same standards
|
3 standards,
all in common
|
Detection method
|
Automated tools and AI
|
||
Remediation
|
5, 4 in
common and 1 additional
|
Same, plus 1
|
4,
all in common
|
Outputs
|
5,
1 in common and 4 additional
|
Same,
plus 2
|
2,
1 in common and 1 additional
|
Attribute
|
Essential |
Advanced
|
Codacy
|
ASPM
|
Yes | ||
API
|
|||
IDE
|
5 functionalities, 4 in
common and 1 additional
|
Same, plus 1
functionality
|
4 functionalities,
all in common
|
CLI
|
|||
CI/CD
|
|||
Vulnerability
sources
|
4 sources
|
None
|
|
Priority
criteria
|
Same
|
||
Custom prioritization
|
No
|
||
Scanner
origin
|
External (ZAP for DAST; Checkov for IaC; Semgrep, Bandit, Brakeman, Flawfinder, and Gosec for SAST; Checkov and Semgrep for Secrets; and Trivy for Containers, Secrets and SCA) | ||
SCA
|
24 package managers, 15 in common and 9 additional
|
24 package managers, 15 in common and 9 additional
|
|
AI security
|
No
|
No
|
|
Reachability
|
12 languages
|
No
|
|
Reachability
type
|
Not applicable
|
||
SBOM
|
22 package managers, 17 in common and 5 additional
|
24 package
managers, 17 in common and 7 additional
|
|
Malware detection
|
Yes
|
Yes
|
No
|
Autofix on components
|
No
|
No
|
No
|
Containers
|
4 distributions, 2 in common and 2 additional
|
15 distributions, 2
in common and 13 additional
|
|
Source SAST
(languages)
|
12,
all in common
|
29,
12 in common and 17 additional
|
|
Source SAST
(frameworks)
|
22, 6 in
common and 16 additional
|
7, 6 in common and 1 additional |
|
Custom rules
|
No
|
No
|
No
|
IaC
|
6,
4 in common and 2 additional
|
4, 2 in common and 2 additional
|
6,
all in common
|
Binary SAST
|
1 type
of binary
|
Same, plus 2 types of
binaries
|
No
|
DAST
|
7 attack surface
types, 3 in common and 4 additional
|
4 attack surface types, 3 in common and 1 additional |
|
API security
Testing
|
No
|
4 types
of APIs, 3 in common and 1 additional
|
3 types of
APIs, all in common
|
IAST
|
No
|
No
|
No
|
CSPM
|
Yes |
No
|
|
Environments
|
Left & Right
(included)
|
Same
|
|
ASM
|
No
|
No
|
No
|
Secrets
|
15 secrets
types, 11 in common and 4 additional
|
Same, plus verify other attack
vectors and secrets
exploitability
|
31 secrets
types, 11 in common and 20 additional
|
AI
|
4 functions,
all in common
|
||
Open-source
|
Not applicable
|
No
|
|
Provisioning as Code
|
|||
Deployment
|
SaaS and on-premises
|
||
Regions | |||
Status
|
|||
Incidents
|
Attribute
|
Essential
|
Advanced
|
Codacy
|
SCM
|
4, 3 in
common and 1
additional
|
3,
all in common
|
|
Binary repositories
|
None
|
None
|
|
Ticketing
|
3, 1 in common and 2
additional
|
1 in common |
|
ChatOps
|
None |
None
|
|
IDE
|
3, all in common
|
19, 3 in common and 16 additional |
|
CI/CD
|
20, 3 in
common and 17 additional
|
3,
all in common
|
|
SCA
|
Native powered by Trivy |
||
Container
|
Native powered by Trivy |
||
SAST
|
Native powered by Semgrep, Bandit, Brakeman, Flawfinder and Golang |
||
DAST
|
Native powered by ZAP |
||
IAST
|
None |
None
|
None
|
Cloud
|
None
|
||
CSPM
|
None | ||
Secrets
|
Native powered by Checkov, Semgrep and Trivy |
||
Remediation
|
None
|
None
|
None
|
Bug bounty
|
None
|
None
|
None
|
Vulnerability management
|
None
|
None
|
None
|
Compliance
|
None
|
None
|
None
|