Alternatives to DORA 360
Compare DORA 360 alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to DORA 360 in 2026. Compare features, ratings, user reviews, pricing, and more from DORA 360 competitors and alternatives in order to make an informed decision for your business.
-
1
Proton Drive
Proton AG
Proton Drive is the all-in-one workspace for storing sensitive data and collaborating with your teams, clients, and partners. Collaborate securely without compromising control: Share client files, contracts, and sensitive business documents with full end-to-end encryption. You control who can access what. Set passwords, add expiry dates, or revoke access anytime. Protect all your business data: Plans come with 1 TB of storage allowance per user, giving your team enough space for all their files and docs. You can always add more storage later if needed. Simplify compliance across industries: Proton Drive supports GDPR, HIPAA, NIS2, DORA, and ISO 27001 compliance out of the box, and has been successfully audited for SOC 2 Type II. There's no need for custom configurations or third-party tools, as this helps you meet regulatory standards with minimal effort. -
2
Diplomat Managed File Transfer
Coviant Software
Diplomat MFT by Coviant Software is a secure, reliable managed file transfer solution designed to simplify and automate SFTP, FTPS, and HTTPS file transfers. Built for seamless integration, Diplomat MFT works across major cloud storage platforms, including AWS S3, Azure Blob, Google Cloud, Oracle Cloud, SharePoint, Dropbox, Box, and more. With over two decades of proven, breach-free performance, Diplomat MFT supports compliance with HIPAA, HITECH, GLBA, PCI/DSS, GDPR, and DORA. It features robust capabilities such as PGP encryption, multi-factor authentication, IP-based access rules, and built-in threat intelligence. If you're still relying on manual scripts or outdated FTP tools and you're concerned about audit failures, security gaps, or compliance risks, Diplomat MFT offers a scalable, secure solution you can trust. Start your free trial today. -
3
Securden Unified PAM
Securden
Securden Unified PAM is a privileged access security solution that lets you discover, centrally store, organize, share, manage, and keep track of all privileged identities, passwords, keys, documents, and other identities. It helps you establish a centralized password management system, automate management with approval workflows, control ‘who’ can access ‘what’, monitor, and record all access to critical IT assets, and enforce password security best practices. The major modules of Securden Unified PAM are password management, privileged account management, secure remote access, application control, endpoint privilege management, privileged session management, and SSH key management. The platform supports compliance with NIS2, DORA, NIST, PCI-DSS, HIPAA, and ISO-IEC 27001. Installation typically takes only a few minutes, and a complete production-ready PAM can be achieved in less than a month with Securden Unified PAM. -
4
Hacken
Hacken
Hacken is a trusted blockchain security auditor on a mission to make Web3 a safer place. With a team of 60+ certified engineers, Hacken provides solutions covering all aspects of blockchain security, such as Smart Contract Audit, Blockchain Protocol Audit, dApp Audit, Penetration Testing, CCSS Audit, Proof of Reserves, DORA Compliance, Tokenomics Audit and design. From security audits and bug bounties to DORA Compliance, AML Monitoring, and Threat-Led Penetration Testing, Hacken delivers solutions that bridge innovation and compliance. Through collaborations with institutions like the European Commission and ADGM, Hacken sets security standards. Since 2017, Hacken has been raising the bar for blockchain security. They have already worked with 1,500+ Web3 projects to enhance their security standards. Hacken clients and partners include top-industry players, such as BNB chain, NEAR, Avalanche, Polygon, Cronos, Klaytn, and Venom, to name a few. -
5
Faros AI
Faros AI
Faros AI connects the dots between your engineering data sources – ticketing, source control, CI/CD, and more – giving unprecedented visibility and insight into your engineering processes. Be amazed at what you can achieve with Faros AI. With Faros AI, engineering leaders can scale their operations in a more data-informed way — using data to identify bottlenecks, measure progress towards organizational goals, better support teams with the right resources, and accurately assess the impact of interventions over time. DORA Metrics come standard in Faros AI, and the platform is extensible to allow organizations to build their own custom dashboards and metrics so they can get deep insights into their engineering operations and take intelligent action in a data-driven manner. Leading organizations including Box, Coursera, GoFundMe, Astronomer, Salesforce, etc. trust Faros AI as their engops platform of choice. -
6
Runecast
Runecast Solutions
Runecast is an enterprise CNAPP platform that saves your Security and Operations teams time and resources by enabling a proactive approach to ITOM, CSPM, and compliance. It automates vulnerability assessment, configuration drift management and continuous compliance – for VMware, Cloud and Containers. By proactively using our agentless scanning in real-time admins discover potential risks and remediation solutions before any issues can develop into a major outage. It provides continuous audits against vendor best practices, common security standards, and frameworks such as BSI IT-Grundschutz, CIS, Cyber Essentials, DISA STIG, DORA, Essential 8, GDPR, HIPAA, ISO 27001, KVKK, NIST, PCI DSS, TISAX, VMware Security Hardening Guidelines, and the CISA KEVs catalog. Detect and assess risks and be fully compliant across your hybrid cloud in minutes. Runecast has been recognized with Frost & Sullivan's 2023 European New Product Innovation Award in the CNAPP industry. -
7
SAI360
SAI360
The most powerful, agile approach to risk management. The decisions you make today can help mitigate the risks you may encounter tomorrow. SAI360 is cloud-first software and modern ethics and compliance learning content designed to help your organization effectively navigate risk with a flexible, agile approach. Intelligent solutions, global expertise all in one award-winning platform. Solution configurability, extensible data model with configurable UI/forms, fields, relationships to extend solutions. Process modeling, easily modify or create new processes to automate and streamline risk, compliance, and audit activities. Data visualization and analysis, many out of the box and easy to configure dashboards to visualize and analyze data. Learning and best practice content – preloaded frameworks, control libraries, and regulatory content along with values-based ethics and compliance learning content. System integration – Integration framework with APIs and other protocols. -
8
Copla
Copla
Copla is a compliance automation platform designed to help organizations manage complex regulatory requirements more efficiently. The platform supports frameworks such as DORA, NIS2, ISO 27001, SOC2, and other security and governance standards. Copla automates tasks like evidence collection, control monitoring, and policy generation to reduce the manual workload involved in compliance management. By continuously monitoring systems and collecting documentation automatically, the platform ensures businesses remain audit-ready at all times. Copla also cross-maps controls across multiple frameworks, allowing companies to complete compliance work once and apply it to several standards. In addition to automation, the platform provides guidance from experienced CISOs who help organizations build effective compliance strategies. Through a combination of expert support and intelligent automation, Copla enables companies to meet regulatory requirements with less effort and greater confidence. -
9
CERRIX
CERRIX
CERRIX is an integrated GRC software platform that helps organizations manage governance, risk, compliance, and internal audit in one cloud-based solution. With over 10 years of experience, CERRIX supports more than 100 clients across 20+ countries, including banks, insurers, pension funds, audit companies. Key capabilities include: Risk assessment workflows and dynamic risk scoring, Regulatory compliance management (e.g. DORA, ISQM, GDPR), Audit management and real-time dashboards, Third-party and incident risk tracking. CERRIX empowers teams to improve control, automate tasks, and stay compliant with evolving EU regulations.Starting Price: €1000/month -
10
BCMLogic Next
BCMLogic
BCMLogic Next is a revolutionary, API-first platform designed for organizations that have outgrown rigid, monolithic GRC tools. Built for the era of Digital Operational Resilience (DORA) and NIS2, BCMLogic Next decouples the complex GRC business logic from the presentation layer, acting as a "resilience engine" that integrates seamlessly with your existing enterprise ecosystem. Why Choose BCMLogic Next? Unlike legacy GRC platforms that feel like "compliance graveyards," BCMLogic Next provides a modular, domain-driven architecture. Whether you need to automate Business Continuity, manage Third-Party Risk, or streamline Internal Audits, you can now embed these processes directly into your own applications, portals, or CI/CD pipelines. Key Functional Modules: Advanced TPRM (Third-Party Risk Management), Dynamic BCM & BIA, Modular Risk Engine, Incident & Crisis Management, Audit & Compliance Automation Transform your GRC from a static obligation into a competitive advantage.Starting Price: $350/month -
11
BULL Forms
BULL Forms
The easiest way to generate all of your Colorado Real Estate Commission DORA Forms online with no hassle. Get Started now to see why everyone is talking about BULL Forms. Generate all of your Colorado Real Estate DORA Forms from one simplified location without struggling with pdf programs or manually filling them out. Setup your account and start generating your Real Estate contracts in minutes. Try the demo below now and see how easy it is. Regardless where you are, you will have access to all your forms and the ability to send them to a client from the road. Use your iPad, laptop or public computer as everything is stored online. Send your forms directly from the program or save them to your local computer for printing or filing. Its fast and simple. If Colorado upgrades their DORA forms, its included. New features and functionality all included. Stop having to upgrade every year when new features are released. Its all included at one affordable subscription price.Starting Price: $14.99 per month -
12
Dora Studio
Dora Studio
Dora Studio is an AI-powered motion-graphics platform that transforms plain conversation or text prompts into polished animated visuals, no traditional motion-design software or steep learning curve required. You simply describe what you want, and the system generates the animation and transform your ideas into stunning motion graphics with just a chat. It supports uploading your own data (e.g., charts, maps, numbers) which it then converts into animated stories or visualizations automatically, enabling users to create presentation-ready motion visuals quickly. The tool is tailored for people who want to craft engaging content for social media, presentations, or marketing without needing to master layers, key-frames or timeline management. By automating the heavy lifting of animation design behind the scenes, Dora Studio allows original ideas to be expressed visually with minimal manual effort. -
13
Cyberday
Cyberday
Cyberday splits chosen frameworks (e.g. ISO 27001, NIS2, DORA, ISO 27701) down to prioritized security tasks and guides you in implementing them directly inside Microsoft Teams. Set your goals by activating your most relevant frameworks from our library. Requirements are instantly turned into policies you can start implementing. Choose the first theme and start evaluating how your current measures cover requirements. You’ll quickly see your starting compliance and understand the gap. Tasks are proven to be implemented (for auditors, top management, or your own team) through assurance information. Assurance info differs according to task type. With the report library's dynamic templates, you can create the desired summaries of cyber security with "one-click". Once you have a clear plan, you can start improving it smartly. You can utilize our tools for risk management, internal auditing, and improvement management to get better every day.Starting Price: €680 per month -
14
Rocket Secure Host Access
Rocket Software
Rocket® Secure Host Access is a security-first terminal emulation solution designed to protect access to critical host and mainframe applications. It extends modern identity and access management (IAM) controls directly to green screen environments. The platform enables phishing-resistant, passwordless authentication to reduce credential-based threats. Rocket Secure Host Access supports compliance with regulations such as HIPAA, PCI-DSS, and DORA. It works across desktop, web, and hybrid environments for flexible deployment and consolidated ongoing administration. Strong encryption standards like TLS 1.3 and SSH help safeguard sensitive data. The solution strengthens enterprise security without disrupting existing workflows. -
15
Perium
Perium BV
Perium; the most user-friendly platform for complete risk management Perium is the all-in-one platform for risk management. In no time at all you will be equipped with an intuitive and flexible system for risk management and reporting. From now on, meet all standards for security, privacy, and digital resilience. Protect the data of your employees, customers, suppliers, and your organization quickly, simply, and smartly with Perium. Standards available (new ones added all the time): ISO27001, ISO27002, BIO, NEN7510, NTA7516, NEN7512, NEN7513, ISO27701, HKZ, ISO9001, ISO50001, DigiD, DNB Good Practice, BIC, ISQM, PCI-DSS, Suwinet, Wpg, IBP Onderwijs, NIS2 Directive, DORA, PIMS, ISMS, NCSC Handreiking, NIST CSF, NIST AI, NVZ Gedragslijn, Cloud Control Matrix, Horizontaal ToezichtStarting Price: $500 -
16
Kopexa
Kopexa
Kopexa is a modern European GRC platform built for small and medium-sized businesses that want to achieve compliance without expensive consultants or endless spreadsheets. It centralises all aspects of compliance into one powerful, intuitive platform: Frameworks: ISO 27001 · TISAX · GDPR · NIS 2 · DORA · BSI IT-Grundschutz Risks & Actions: Identify and track risks, create mitigation actions, calculate residual risk Evidence: Manage and verify documents with versioning and status (draft, review, approved, published) Assets: Manage IT, data, human and service assets with classification and retention metadata Automated Checks: Verify compliance with framework controls automatically AI Guidance: Get AI-powered recommendations on the most effective next step Kopexa integrates with Microsoft 365, Azure AD, GitHub, Slack and more, delivering automation across your compliance workflows.Starting Price: 249€ / Company -
17
Swarmia
Swarmia
Swarmia is an engineering effectiveness platform that gives software development leaders, managers, and teams visibility across three key areas: business outcomes, developer productivity, and developer experience. It connects with the platforms your engineering teams are already using: source code hosting, issue tracker, and chat. With Swarmia, you'll stay on top of strategic initiatives, measure key engineering metrics (including DORA and SPACE), and drive continuous improvement in teams.Starting Price: $20 per month -
18
Orbiq
Orbiq GmbH
Orbiq is a Trust Center platform that turns internal compliance work into external, verifiable proof for buyers, auditors, and regulators. Companies connect their existing ISMS, SharePoint, Confluence, or Drive to a branded Trust Center (trust.yourcompany) with layered access — public, restricted, or NDA-gated — so every stakeholder sees the right level of detail. Built for the NIS2 and DORA era, Orbiq goes beyond document sharing: live vendor registers, incident reporting with audit-logged timestamps, AI-powered questionnaire responses, and continuous monitoring give regulated enterprises the ongoing third-party visibility that modern procurement demands. Unlike tools focused on reducing questionnaire volume, Orbiq provides the structured, always-current proof layer that banks, regulators, and enterprise buyers now expect — hosted in the EU, with watermarking, download tracking, and full audit trails.Starting Price: $85/month -
19
Maiky
Maiky
Maiky is an AI-driven governance, risk, and compliance (GRC) tool designed to help organizations automate security and compliance workflows, reduce manual tasks, and maintain real-time visibility across risk and control frameworks. It unifies governance, risk, compliance, and customizable workflows into one system that makes risks instantly visible, prioritizes mitigation, and supports continuous monitoring and evidence collection without fragmented spreadsheets or manual reporting. Maiky enables users to automate repetitive tasks, collect and validate evidence, and prepare audit-ready reports with minimal effort, transforming compliance into a proactive, ongoing process instead of a periodic scramble. Its flexible architecture lets workflows run locally or in the cloud and adapt as businesses grow, with pre-built templates and controls mapped to standards such as ISO 27001, SOC 2, NIS2, DORA, HIPAA, and more, reducing duplication and supporting multiple frameworks simultaneously.Starting Price: €250 per month -
20
IOMETE
IOMETE
IOMETE is a self-hosted data lakehouse platform built on Apache Iceberg, Apache Spark, and Kubernetes. Run it on-premises or in your private cloud — your infrastructure, your data, your control. Built for enterprises in regulated industries, IOMETE eliminates third-party ICT risk at the data layer by architecture — not by contract. No SaaS dependencies. No data leaving your perimeter. Compliance with GDPR, DORA, and NIS2 is structural, not contractual. Included in one platform: - Data Lakehouse(s) - Data Catalog - SQL Editor - Apache Spark Jobs - ML Notebooks - Orchestration Engine - Spark Connect Key capabilities: Apache Iceberg-native storage, Kubernetes-native deployment (K8s + OpenShift), row/column/tag-based access control, Data Mesh support, air-gapped and zero-trust compatible. Transparent pricing — CPU-based, no per-query fees, no billing surprises.Starting Price: Free -
21
Typo
PeopleMint AI
Typo is an AI-driven software delivery management platform that enables tech teams with real-time SDLC visibility, automated code reviews & DevEx insights to code better, deploy faster & stay aligned with business goals. It connects with your existing tool stack (Git, Project management, CI/CD, Incidents, Slack, etc) within 30 seconds & provides: - Real-time SDLC visibility, DORA Metrics & Delivery Intelligence - Automated code reviews, vulnerabilities & auto-fixes - DevEx insights & predictive burnout zones Start your 14-day free trial today & join 1000+ high-performing engineering teams across the globe that are using Typo to ship reliable software faster.Starting Price: $16/month/user -
22
WIZE
WIZE
Wize is a Swiss-made, all-in-one wealth and asset management platform tailored for external asset managers, family offices, fund and asset managers, securities firms, pension funds, and private banks. It seamlessly integrates portfolio management, consolidated reporting, digital onboarding, AML compliance, order management, and CRM under one cloud-native system, supporting both deposited and non-deposited assets. With over 250 global banking connectors and linkages to market data providers, Wize ensures daily automated reconciliation of transactions and positions for accurate data quality. Its robust security framework includes MFA, OTP, SSO, role-based access, audit logging, end-to-end encryption, multi-layered infrastructure protection, ISAE 3402 certification, and DORA compliance. Users can choose deployment via private cloud in Switzerland or Singapore or on-premises. -
23
Oobeya
Oobeya
Oobeya is an engineering intelligence platform that helps software development teams accelerate their value delivery performance. Oobeya works with code repositories, issue tracking, testing, application performance monitoring (APM), and incident management tools to measure engineering metrics, like cycle time, lead time, sprint planning accuracy, pull request metrics, and value stream metrics (VSM), and DevOps DORA metrics. Oobeya's goal is to help software engineering teams to make a shift from an intuition-driven approach to a data-driven approach by plugging into the SDLC toolset. Oobeya connects to Git repositories like GitHub, GitLab, Bitbucket, Azure DevOps, issue tracking systems like Jira and Azure Boards, and CI/CD platforms like Github Actions, GitLab CI, Azure Pipelines, and Jenkins.Starting Price: $12 per dev / month -
24
Compass
Atlassian
Catalog everything, improve software health, and keep everyone in the flow with Atlassian’s Developer Experience Platform. Track all of your services and systems, improve your software health and engineering standards, and create a better developer experience with Compass Track software health metrics, apply security and health scorecards, and empower teams to improve their developer experience. Never get stuck searching during an incident. Quickly identify who owns a service and critical details including recent changes, dependencies, errors, and more. Easily track DORA, SPACE and DevEx metrics across teams and services to identify bottlenecks and improve your Developer Experience. Don’t get lost in the wilderness of repos, channels, or docs. Whether on-call or building a new service, reduce time spent searching with all of the details you need in one catalog. -
25
DX
DX
DX is the developer intelligence platform designed by leading researchers. Get the insights you need to lead with confidence and drive higher impact per developer. DORA metrics and pull requests don't tell the full story. DX augments metrics with developer experience insights, giving you a complete view. DX unifies qualitative and quantitative data across channels, giving you a comprehensive view of developer productivity. A research-backed platform for measuring developer experience. The data and analytics platform is made for engineering. Build better platform tools with real-time intelligence into developer usage. Streamline developer onboarding with real-time insights from new hires. Leverage our expert guidance and services to lead high-impact DevEx initiatives. DX is designed by the world's foremost experts on developer productivity. -
26
Hatica
Hatica
Engineering Analytics to boost developer productivity -- Hatica equips engineering teams with work visibility dashboards, actionable insights, and effective workflows to drive team productivity and engagement in remote and in-office environments alike. Free forever plans to help you get started quickly. Features: - Engineering metrics dashboards - 100+ metrics from 20+ apps including GitHub, Jira, Slack, Zoom, Google Workplace - Remote work insights - Aggregated work overview, sprint and retro dashboards - DORA metrics, CI/CD performance insights and code review analytics - Collaboration analytics - Team Goals based on dev metrics - Async stand-ups and developer check-ins via Slack and Email - Code quality metrics - Automated Code reviewsStarting Price: $15/month/user -
27
iftrue
iftrue
iftrue is an AI-powered, Slack-native assistant designed to give engineering leaders instant visibility into team progress, risks, and capacity without leaving Slack. It aggregates real-time data from tools like GitHub, GitLab, Jira, and Azure, enabling managers to ask natural-language questions and receive context-aware answers and smart alerts directly in chat. With built-in support for DORA metrics and delivery signals, iftrue spots blockers and slipping deadlines early, preps sharper, faster stand-ups by collecting updates across systems, and delivers tailored advice grounded in your team’s workflow and best practices. Its unified dashboard and Slack integration eliminate tab hopping and chasing updates, turning status tracking and sprint planning into an on-demand conversation that keeps teams aligned, unblocks progress, and drives delivery forward.Starting Price: $99 per month -
28
Dora
Dora
Dora is better at creating 3D websites and advanced animated websites. We prefer designing the underlying architecture and building our ability matrix from both horizontal and vertical perspectives, ultimately covering 99% of traditional frontend technology scenarios. We combine interfaces and features (similar to functional programming) and hand over configuration abilities to users through an ecosystem and plugin approach. We have utilized the Flutter technology stack, based on the Skia engine, which ensures a unified cross-platform approach. It will be very smooth to create desktop, mobile, embedded, and other applications with a single no-code project. Also, logic flows, Super Input, and powerful rich text components are all within reach. When compared to Framer Site, which uses frontend technologies, there are still many challenges ahead in migrating towards multi-device applications in the future.Starting Price: Free -
29
Echoes
Echoes HQ
Echoes gives you comprehensive insights into your teams and control over your projects delivery. Visualize your organization's delivery status at a glance. Echoes connects the dots across your different development tools to provide a consolidated overview of your project portfolio. No more need to manually reconcile multiple data sources. Echoes leverages its knowledge of the activity to automatically identify and highlight the factors putting your delivery at risk. Get a live pulse of the execution and improve predictability. Echoes analyzes your team's activity to detect risks and suggest improvements. Don't get drowned in vanity metrics, get alerted when situations requires your attention. Echoes combines data from your roadmap, OKRs, delivery performance metrics (DORA), teams interactions, and more, to reveal what isolated metrics cannot tell you. Visualize your team’s efforts against company priorities and gain an understanding of where energy is being allocated. -
30
Apache DevLake
Apache Software Foundation
Apache DevLake (Incubating) ingests, analyzes, and visualizes the fragmented data from DevOps tools to distill insights for engineering excellence. Your data lives in many silos and tools. DevLake brings them all together to give you a complete view of your Software Development Life Cycle (SDLC). From DORA to scrum retros, DevLake implements metrics effortlessly with prebuilt dashboards supporting common frameworks and goals. DevLake fits teams of all shapes and sizes, and can be readily extended to support new data sources, metrics, and dashboards, with a flexible framework for data collection and transformation. Select, transform and set up a schedule for the data you wish to sync from your prefered data sources in the config UI. View pre-built dashboards of a variety of use cases and learn engineering insights from the metrics. Customize your own metrics or dashboards with SQL to extend your usage of DevLake.Starting Price: Free -
31
DevDynamics
DevDynamics
The all-in-one engineering management platform with metrics, AI insights, developer surveys and automations. Metrics like DORA, cycle time, and flow. Measure velocity, quality, productivity and more. Connect all the tools from your tech stack. Integrations with GitHub, Jira, CI/CD, PagerDuty and more. Create custom metrics easily with our metric builder UI. Set up dashboards to match your engineering org’s needs. Understand things that require attention like bottlenecks, best practices, team issues etc. Get reports covering important metrics and insights for your teams. Configure reports to stay informed on your team’s progress and priorities. Understand how your team’s time is spent—whether on new features, KTLO, or unplanned work. See engineering costs to deliver important initiatives and client work.Starting Price: $15 per contributor per month -
32
Teambit
Teambit
Empower your team with insights that boost productivity and drive quality development. Teambit is a SEI platform that provides complete visibility into team performance, empowering everyone, from leaders to developers, to make data-driven decisions. Seamlessly integrate with your existing tools to gather all essential information in one place. Monitor key metrics like DORA to uncover bottlenecks and identify areas for improvement. Provide unified visibility for leaders, developers, and product managers, ensuring everyone is aligned and working towards the same goals. Teambit adapts to the unique processes of your team, enhancing productivity without disrupting how your team works. Teambit brings together data from all your development tools to provide actionable insights in one central hub. Teambit is easy to implement, pulling in historical data to give your team a complete view from day one.Starting Price: $19 per month -
33
CodePulse
CodePulse
CodePulse is a software engineering analytics platform that connects to your GitHub repositories with read-only access to automatically track and analyze development activity so teams can see where time is spent, measure delivery health, and make data-driven improvements without accessing actual source code. It uses a metadata-first approach, analyzing pull request activity, commit history, review interactions, and repository patterns, to produce visibility into engineering velocity, cycle time, review wait times, team health scores, DORA metrics, and trend forecasts, helping identify bottlenecks, collaboration gaps, and opportunities for process improvements across your workflow. It emphasizes security and privacy by never accessing source code contents, secrets, or environment variables while providing dashboards, executive-ready summaries, and built-in playbooks that contextualize metrics into actionable guidance so leaders can communicate impact.Starting Price: $166 per month -
34
GitView
GitView
GitView is a git analytics solution for engineering leaders. Get the status of work across your engineering organization all in one view. You'll see code changes, pull requests, and reviews. Leverage meaningful metrics that help measure which code changes are actually impactful. Easy to read graphs and tables display impact scores and whether code changes are new work, churn, a legacy change (refactor), or a simple removal. Dig into DORA insights like deployment frequency, lead time for changes, and change failure rate. Visual displays of velocity, and extensive cycle time breakdown, help spot bottlenecks and improve efficiency. All data can be filtered by teams, contributors, repositories and more. We emphasize transparency & customizability. You have the ability to see how each data point is calculated. Plus, using Raw SQL, we offer you the power to create custom reports, dashboards, emailers, and notifications so you get the information you need the way you want!Starting Price: $13 per developer per month -
35
OneTrust Tech Risk and Compliance
OneTrust
Scale your risk and security functions so you can operate through challenges with confidence. The global threat landscape continues to evolve each day, bringing new and unexpected risks to people and organizations. The OneTrust Tech Risk and Compliance brings resiliency to your organization and supply chain in the face of continuous cyber threats, global crises, and more – so you can operate with confidence. Manage increasingly complex regulations, security frameworks, and compliance needs with a unified platform for prioritizing and managing risk. Gain regulatory intelligence and manage first- or third-party risk based on your chosen methodology. Centralize policy development with embedded business intelligence and collaboration capabilities. Automate evidence collection and manage GRC tasks across the business with ease. -
36
ALTO
Brilliant Consulting
ALTO is an app for Slack that integrates with GitHub, Gitlab, and JIRA to improve your dev team productivity, gain visibility into the day-to-day work, and help build up healthy habits from day one! Receive Slack messages (DM or channel) about merge requests and pull requests that are pending merge to default branch and been waiting for too long. Promote one of the key Continuous Delivery practices - smaller changes shipped more frequently. ALTO collects Merge Request analytics and feedback about day-to-day work, combined with DORA metrics, giving YOU a full view of the dev team in a single place. This means you don’t have to waste time digging through this data. Set YOUR goals based on YOUR historical data, not some “industry standard”. This baseline helps team to be 5% better this sprint, then last sprint. Continuously improve team’s ways of working and align with the entire tech organization.Starting Price: $8 per user per month -
37
AnalyticsVerse
AnalyticsVerse
Increase visibility, eliminate blockers, and deliver faster. We correlate data from your Git repositories and project management tools and generate easy-to-understand reports with actionable metrics and insights. Spot bottlenecks within your teams and resolve them before they affect delivery. Look at things like cycle time of MRs, risky MRs, and higher team inactivity. Track process improvements and avoid having to guess whether your changes are actually working. Run a truly agile engineering team. You can easily identify overburdened or blocked developers in your team and help them out! Get the power of a BI tool without having to define and compute metrics. Also, create your own customized dashboards with metrics and visualizations that matter to you. Focus more on improving things at a team and project level without trying to improve and manage developer productivity. Understand the speed and stability of your projects through research-backed DORA Metrics.Starting Price: $13.70 per month -
38
MetricStream
MetricStream
Reduce losses and risk events with forward-looking risk visibility. Enable a modern and integrated risk management approach with real-time aggregated risk intelligence and their impact on business objectives and investments. Protect brand reputation, lower the cost of compliance, and build regulators and board’s trust. Stay on top of evolving regulatory requirements, proactively manage compliance risks, policies, cases, and controls assessments. Drive risk-aware decisions and accelerate business performance by aligning audits to strategic imperatives, business objectives and risks. Provide timely insights on risks and strengthen collaboration across various functions. Reduce exposure to third-party risks, make superior sourcing decisions. Prevent third-party risk incidents with continuous third-party risk, compliance and performance monitoring. Simplify and streamline entire third-party risk management lifecycle. -
39
SOCLY.io
SOCLY.io
SOCLY.io is a compliance automation platform designed to help businesses streamline and manage complex regulatory and security requirements by centralizing evidence, documentation, and tasks into a unified system, reducing manual work and errors while improving audit readiness and operational efficiency. It supports major frameworks such as SOC 2, ISO 27001, GDPR, and other standards, automates risk assessments, compliance tracking, and audit workflows, and provides pre-built policy templates and real-time progress monitoring so teams can stay on top of requirements without disrupting daily operations. SOCLY.io integrates with existing tools and systems to pull evidence automatically, simplifies policy creation, and centralizes compliance documentation to cut weeks or months off traditional compliance timelines. -
40
CyberCompass
CyberCompass
We build Information Security, Privacy, and Compliance Programs to improve your cyber resilience – saving you and your organization time and money. CyberCompass is a cyber risk management consulting and software firm. We navigate organizations through the complexity of cybersecurity and compliance at half the cost of full-time employees. We design, create, implement, and maintain information security and compliance programs. We provide consulting services and a cloud-based GRC workflow automation platform to save our clients over 65% of the time to become and remain cybersecure and compliant. We provide expertise and support for the following standards and regulations – CCPA/ CPRA, CIS-18, CMMC 2.0, CPA, CTDPA, FTC Safeguards Rule, GDPR, GLBA, HIPAA, ISO-27001, NIST SP 800-171, NY DFS Reg 500, Singapore PDPA, SOC 2, TCPA, TPN, UCPA, VCDPA. We also provide third-party risk management within the CyberCompass platform.Starting Price: $5000/year -
41
Kertos
Kertos
Kertos transforms data protection into actual compliance. It has never been so easy to meet legal requirements and automate compliance processes. We enable businesses to achieve full compliance so you can focus on what matters most. Seamlessly integrate both internal and external data sources, whether they’re your own databases, SaaS tools, or third-party services, with our no-code platform and through our proprietary REST API. With our discovery feature, you’ll instantly gain compliance insights and automated categorization of data processes that seamlessly integrate into documents like RoPA, TIA, DPIA, and TOMs. With Kertos, streamline your compliance efforts, maintain constant audit readiness, access daily data protection insights, and leverage our dashboard for predictive analytics and risk management. Discover your data framework, execute regulatory demands, automate your privacy operations, and put reporting on autopilot. -
42
Check Point Security Compliance
Check Point
Boost your security level across your entire Check Point environment with a dynamic security compliance solution that continuously monitors your security infrastructure, gateways, blades, policies, and configuration settings all in real-time. Monitor policy changes in real-time, providing instant alerts and remediation tips. Detects poor configurations against 300+ Check Point security best practices. Translates thousands of complex regulatory requirements into actionable security best practices. Getting started with security compliance is easy. You can even activate SmartEvent for enhanced reporting capabilities. In a single pane of glass, view your security status on regulatory standards and security best practices. Have your own best practice? No problem, with security compliance you can simply create your own. Fine-tune and monitor only what you want to. Easily optimize your security best practices. -
43
RegScale
RegScale
Shift left security with compliance as code. End audit fatigue by automating every phase of your control lifecycle. RegScale’s CCM platform delivers always-on readiness and self-updating paperwork. Integrate compliance as code into the CI/CD pipelines, speed certification, reduce costs, and future-proof your security posture with our cloud-native solution. Determine where to get started on your CCM journey and move your risk and compliance program into the fast lane. Integrate compliance as code to generate outsized ROI and rapid time-to-value in 20% of the time and money of legacy GRC tools. The fastest way to FedRAMP with automated generation of artifacts, simplified assessments, and industry-leading support for compliance as code with NIST OSCAL. With dozens of integrations with leading scanners, cloud hyper-scalers, and ITIL tools, we provide plug-and-play automation for evidence collection and remediation workflows. -
44
Tandem
Tandem
Tandem is a comprehensive information security GRC (Governance, Risk, and Compliance) software designed to help organizations manage regulatory compliance and strengthen their cybersecurity posture. Built by experts, it provides tools for audit management, risk assessment, business continuity planning, vendor management, and policy creation. Tandem simplifies compliance by keeping programs current with evolving regulations while automating document generation, tracking, and reporting. Its platform enables organizations to streamline security processes, prepare for audits, and maintain readiness year-round. Trusted by over 1,600 customers and 41,000 users, Tandem supports banks, credit unions, and other regulated industries in managing complex compliance programs efficiently. With over 17 years of industry experience, Tandem helps teams enter audits with confidence and clarity. -
45
AssurePlus
TechForce Services
AssurePlus is an AI-powered Governance, Risk, and Compliance (GRC) platform designed to help organizations manage risk, regulatory requirements, and operational resilience from a unified system. The platform consolidates key GRC functions such as risk management, compliance monitoring, incident management, and third-party risk oversight into a single connected hub. Using AI-driven automation, AssurePlus analyzes risk data, identifies emerging threats, and supports faster decision-making across the enterprise. Its compliance management tools help organizations continuously track regulatory changes and automatically map them to existing policies and controls. The platform also includes features for internal audits, operational resilience planning, and incident investigation. With a configurable low-code environment and integration capabilities, AssurePlus can adapt to different organizational workflows and connect with existing business systems. -
46
Cyberator
Zartech
IT Governance, Risk and Compliance is the cyclical integration of risk assessment, compliance with standards to mitigate risk, and oversight of continuous compliance monitoring. Cyberator allows you to stay up-to-date with regulatory compliance or industry standards and helps transform your inefficient processes across your organization into a unified Governance, Risk and Compliance (GRC) program. It offers a drastic reduction of time in a risk assessment with a broader range of governance and cybersecurity frameworks to work with. It uses industry expertise, data-driven analysis and industry best practices to transform your security program management. Cyberator also provides automatic tracking of all gap remediation efforts and full control of security road-map development. -
47
ZenGRC
ZenGRC
ZenGRC is a powerful Governance, Risk, and Compliance (GRC) solution designed to simplify and streamline risk management processes for organizations. By offering a unified system to securely store and manage risk and compliance data, ZenGRC provides businesses with an intuitive, user-friendly interface to stay ahead of regulatory requirements and risks. With features like AI automation, seamless integrations, and customizable frameworks, ZenGRC empowers businesses to automate tasks, gain real-time insights, and make informed decisions quickly. Awarded the ISACA Global Innovation Award in 2024, ZenGRC is trusted by organizations to enhance compliance and improve risk management effectiveness.Starting Price: $2500.00/month -
48
Delve
Delve
Delve lets fast-growing companies build security in days, not months. An AI-driven compliance platform designed to streamline and simplify the compliance process. Built with an intuitive, modern UX, Delve tailors a custom compliance program without using one-size-fits-all checklists, helping companies achieve SOC 2, HIPAA, and other regulatory standards quickly, often within a week. The platform’s AI features include automated code scanning on every git push to ensure ongoing security and real-time infrastructure monitoring. Delve also offers seamless onboarding, personalized strategy sessions, and 24/7 support via Slack and Zoom, eliminating the need for external consultants. With integrated tools for vulnerability management, audit preparation, and trust reports, Delve helps maintain compliance and security transparency year-round. This approach empowers companies to focus on growth without the complexity of traditional compliance processes. -
49
Precisely Enforcive
Precisely
Precisely’s Enforcive Enterprise Security Suite is a comprehensive, easy-to-use security and compliance solution for IBM i. With over 20 fully integrated, GUI-controlled modules, the suite enables system administrators and security officers to manage security and compliance tasks efficiently and effectively – even managing multiple systems at a single time. In today’s world of privacy breaches, complex regulatory requirements and evolving threats, the Enforcive Enterprise Security Suite enables a comprehensive ‘hardening’ of your company’s IBM i defenses against unauthorized access. Enforcive Enterprise Security Suite modules cover network security, authority swap, security monitoring, IBM i log transfer, and regulatory compliance. Additional modules can be added to tailor the solution to best meet the needs of your environment. Add a comprehensive layer of protection around IBM i systems and data while supporting compliance with security regulations. -
50
Neumetric
Neumetric
Certification without automation is almost impossible, and compliance should be inexpensive to be effective. Security and compliance are an ongoing journey that needs to be enabled by a reliable partner. Certification is an orderly & organized journey, success begins with a well-planned roadmap. Good execution along all security tracks and automation speeds up reaching milestones. With Neumetric, complex compliance is made easy and is supported by security experts, so you can reduce the need for in-house experts. Neumetric streamlines compliance management with its centralized task management system, simplifying adherence to regulations such as GDPR and ISO certification by consolidating tasks onto one platform. It enhances tracking, ensures effective administration & prepares organizations for diverse regulatory requirements. Simplifies document creation & management across domains, particularly beneficial for systems like ISMS, automating tasks and providing a centralized dashboard.
