Alternatives to DepsHub
Compare DepsHub alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to DepsHub in 2025. Compare features, ratings, user reviews, pricing, and more from DepsHub competitors and alternatives in order to make an informed decision for your business.
-
1
Revenera SCA
Revenera
Take control of your open source software management. Empower your organization to manage open source software (OSS) and third-party components. FlexNet Code Insight helps development, legal and security teams to reduce open source security risk and manage license compliance with an end-to-end system. FlexNet Code Insight is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk while you build your products and during their entire lifecycle. Manage open source license compliance, add automation to your processes, and implement a formal OSS strategy that balances business benefits and risk management. Integrate with build tools, CI/CD and SCM tools, artifact repositories, external repositories or build your own integrations using the FlexNet Code Insight REST API framework to make code scanning easy and effective. -
2
Dependabot
GitHub
Dependabot is an automated dependency management tool that integrates seamlessly with GitHub repositories to keep project dependencies up-to-date and secure. By regularly scanning for outdated or vulnerable libraries, Dependabot proactively generates pull requests to update these dependencies, ensuring that projects remain secure and compatible with the latest releases. Its core logic is designed to handle various package managers and ecosystems, making it versatile for diverse development environments. Developers can customize Dependabot's behavior through configuration files, allowing for tailored update schedules and specific dependency rules. By automating the dependency update process, Dependabot reduces the manual effort required to maintain project dependencies, thereby enhancing overall code quality and security.Starting Price: Free -
3
JFrog Xray
JFrog
DevSecOps Next Generation – Securing Your Binaries. Identify security vulnerabilities and license violations early in the development process and block builds with security issues from deployment. Automated and continuous governance and auditing of software artifacts and dependencies throughout the software development lifecycle from code to production. Additional functionalities include: - Deep recursive scanning of components drilling down to analyze all artifacts and dependencies and creating a graph of relationships between software components. - On-Prem, Cloud, Hybrid, or Multi-Cloud Solution - Impact analysis of how an issue in one component affects all dependent components with a display chain of impacts in a component dependency graph. - JFrog’s vulnerabilities database, continuously updated with new component vulnerability data, includes VulnDB, the industry’s most comprehensive security vulnerability database. -
4
Bytesafe
Bitfront
Increase your open source security posture with automated best practices, with a unified workflow for security and developer teams. The cloud-native security platform reduces risk and protects revenue, without slowing down developers. The dependency firewall quarantines malicious open source before reaching developers and infrastructure, protecting data, assets, and company reputation. Our policy engine evaluates threat signals such as known vulnerabilities, license information, and customer-defined rules. Having insight into what open-source components are used in applications is crucial to avoid exploitable vulnerabilities. Software Composition Analysis (SCA) and dashboard reporting give stakeholders a holistic overview with immediate insights into the current situation. Discover when new open-source licenses are introduced in the codebase. Automatically track license compliance issues and restrict problematic or unlicensed packages.Starting Price: €1100 per month -
5
Mend Renovate
Mend.io
Save time and reduce risk by automating dependency updates in software projects. Fully customizable with a setting to suit every workflow. Renovate runs continuously to detect the latest available versions. Multiple languages and file types are supported in order to detect dependencies wherever you use them. Changelogs and commit histories are extracted and included with each update. Run your existing suite of tests on every update to avoid regression errors.Starting Price: Free -
6
CodeDD
CodeDD
CodeDD uses AI to automate technical Due Diligence on software investments. Set to increase security via transparency, it allows self-serviced software stack auditing of own or external code stack. Used by M&A professionals, Investment Managers and in software procurement, it leverages the power of Large Language Models to provide actionable insights, easy and understandable reports and a cost-effective alternative to manual review. Key features: Audit Any Repository: Review entire code stacks with over +40 quality parameters. Review Security Flags: Get detailed reports on security vulnerabilities, with estimated fix times. View Project Dependencies: Gain insights into external dependencies, including licenses and vulnerabilities, backed by a database of over 2 million software packages. File-Level Insights: Dive deep into each file for a comprehensive overview of the entire codebase, without revealing any code.Starting Price: $250 per software audit -
7
Moderne
Moderne
Reduce 1000s of hours of static code analysis fixes to minutes. Patch security vulnerabilities across 100s of repositories at once. Moderne automates code remediation tasks for you, enabling developers to deliver more business value all the time. Automatically make safe, sweeping changes to your codebase that improve the quality, security, and cost of code. Manage dependencies of your software supply chain, keeping software up to date continuously. Alleviate code smells automatically without all the scanning noise of SAST and SCA tools. Work in high-quality code all the time. Find and fix CVEs automatically across repositories, it's the ultimate shift left for security. The reality of modern applications is that they naturally accrue technical debt. They are composed of large and diverse codebases and ecosystems, and a supply chain of custom, third-party, and open-source software. -
8
Endor Labs
Endor Labs
Simplified dependency lifecycle management lies at the heart of both supply chain security and developer productivity. Endor Labs helps security and dev teams accelerate development by safely maximizing software reuse. Reduce the overall amount of dependencies with a better selection process, and eliminate of unused dependencies. Identify the vulnerabilities that matter, and use dozens of leading indicators of risk to defend against software supply chain attacks. Get out of dependency hell faster by identifying and remediating bugs and security issues in your dependency chain. Increased productivity for dev and security teams. By maximizing software reuse, minimizing false positives, and making it easier for security and development teams to select, secure, and maintain dependencies, Endor Labs helps organizations focus on shipping value-adding code. Get complete visibility into your dependency network across repos. Who is using what, and who depends on who. -
9
Coana
Socket
Traditional SCA tools do not distinguish between exploitable and unexploitable vulnerabilities. As a consequence, up to 95% of the vulnerabilities that developers are remediating 'are irrelevant and can be safely ignored. Coana employs reachability analysis to eliminate up to 95% false positives. As a consequence, developers only need to remediate the remaining few vulnerabilities that are relevant. With up to 95% of vulnerabilities being unreachable, you save time and resources by focusing only on the remaining few that pose a real threat. Pinpoint the exact locations in your code affected by reachable vulnerabilities. See exactly which dependency updates are necessary to remediate reachable vulnerabilities. Identify reachable vulnerabilities in both direct and indirect dependencies.Starting Price: $20 per user per month -
10
Mendel
Mendel
Mendel is an AI-powered code intelligence platform designed to automate pull request reviews, flag complexity and compliance issues, and surface team insights. By leveraging agentic AI workflows, Mendel enhances engineering efficiency through features like automated code reviews, real-time performance analytics, intelligent repository and code analysis, and smart dependency and compliance checks. It provides actionable insights from repositories and developer contributions, enabling teams to track performance and resolve bottlenecks effectively. With capabilities such as docstring detection, complexity analysis, and issue classification, Mendel streamlines repository scans. It also automates scans for outdated libraries and vulnerable dependencies, ensuring robust security across the codebase. Mendel's integration with existing Git workflows allows for seamless adoption, delivering context-rich AI reviews instantly.Starting Price: Free -
11
SWE-Kit
Composio
SweKit let’s you build PR agents to review code, suggest improvements, enforce coding standards, identify potential issues, automate merge approvals, and provide feedback on best practices, streamlining the review process and enhancing code quality. Automate writing new features, debug complex issues, create and run tests, optimize code for performance, refactor for maintainability, and ensure best practices across the codebase, accelerating development and efficiency. Use highly optimized code analysis, advanced code indexing, and intelligent file navigation tools to explore and interact with large codebases effortlessly. Ask questions, trace dependencies, uncover logic flows, and gain instant insights, enabling seamless communication with complex code structures. Keep your documentation in sync with your code. Automatically update Mintlify documentation whenever changes are made to the codebase, ensuring that your docs stay accurate, up-to-date, and ready for your team and users.Starting Price: $49 per month -
12
Sonatype Repository Firewall
Sonatype
Sonatype Repository Firewall is a security solution that provides proactive protection for your software supply chain by intercepting malicious open-source components before they enter your development process. Utilizing AI-powered behavioral analysis, it detects and prevents known and unknown vulnerabilities across dependencies. The platform offers real-time policy enforcement, allowing users to set customizable policies based on risk levels, such as the age or popularity of open-source components. With automated vulnerability prevention, Sonatype Repository Firewall helps businesses maintain compliance, enhance security, and reduce risk, while boosting developer productivity by avoiding unnecessary disruptions. -
13
Docusnap
itelio
Docusnap inventories your network infrastructure, hardware, and software as well as common application servers. With Docusnap, you can easily create network maps and evaluation reports as well as operation manuals and contingency plans. Docusnap shows you who has access to which data and if your software is correctly licensed. You can also identify existing IT dependencies. Docusnap captures information of the network infrastructure, hardware and software as well as common application servers. Let Docusnap generate reports and maps of your network. Create contingency plans and operation manuals. Learn who has access to which data and whether your software is licensed correctly. Identify IT dependencies. At itelio, the focus is on the team! The company’s success is fueled by our highly skilled and motivated employees. By now, itelio GmbH has been able to secure the skills of about 90 experts from various nations. -
14
Sonatype Vulnerability Scanner
Sonatype
Sonatype’s Vulnerability Scanner is a tool designed to help developers identify security risks and compliance issues in their open-source components. It provides users with a comprehensive Software Bill of Materials (SBOM), which lists all open-source dependencies and highlights vulnerabilities and license risks. The platform offers real-time scanning and actionable insights, allowing teams to assess the severity of risks and implement fixes swiftly. With automated scans and detailed reports, Sonatype’s Vulnerability Scanner helps organizations secure their applications, manage third-party dependencies, and maintain compliance across their software environments. -
15
MyGet
MyGet
The Secure Universal Package Manager. Continuously govern and audit all packages in your DevOps lifecycle. Thousands of teams worldwide trust MyGet with their package management and governance. Accelerate your software team with cloud package management, robust security controls and easy continuous integration build services. MyGet is a Universal Package Manager that integrates with your existing source code ecosystem and enables end-to-end package management. Centralized package management delivers consistency and governance to your DevOps workflow. MyGet real-time software license detection tracks your teams’ package usage and detects dependencies across all of your packages. Customized usage policies ensure your teams are only using approved packages while reporting vulnerabilities and outdated packages early in your software build and release cycles.Starting Price: $15 per month -
16
Ostorlab
Ostorlab
Uncover your organization's vulnerabilities with ease using Ostorlab. It goes beyond subdomain enumeration, accessing mobile stores, public registries, crawling targets, and analytics to provide a comprehensive view of your external posture. With a few clicks, gain valuable insights to strengthen security and protect against potential threats. From insecure injection and outdated dependencies to hardcoded secrets and weak cryptography, Ostorlab automates security assessments and identifies privacy issues. Ostorlab empowers security and developer teams to analyze and remediate vulnerabilities efficiently. Experience hands-off security with Ostorlab's continuous scanning feature. Automatically trigger scans on new releases, saving you time and effort while ensuring continuous protection. Access intercepted traffic, file system, function invocation, and decompiled source code with ease using Ostorlab. See what attackers see and save hours of manual tooling and grouping of outputs.Starting Price: $365 per month -
17
Aptitude
Debian
Aptitude is an Ncurses and command-line based front-end to numerous Apt libraries, which are also used by Apt, the default Debian package manager. Aptitude is text-based and run from a terminal. A mutt-like syntax for matching packages in a flexible manner. Mark packages as "automatically installed" or "manually installed" so that packages can be auto-removed when no longer required (feature available in Apt, too, since quite a few Debian releases). Preview of actions about to be taken with different colors marking different actions. The ability to interactively retrieve and display the Debian changelog of all available official packages. Score-based dependency resolver which is more suitable for interactive dependency resolution with additional hints from the user like "I don't want that part of the solution but keep that other part of the solution for your next try". Apt's dependency resolver on the other hand is optimized for good "one-shot" solutions.Starting Price: Free -
18
CAST SBOM Manager
CAST
CAST SBOM Manager enables users to automatically create, customize, and maintain Software Bill of Materials (SBOMs) with the ultimate level of control and flexibility. It detects open source dependencies and related risks (vulnerabilities and security advisories, licenses, obsolescence) directly from scanning source code, and allows you to create and maintain SBOM metadata over time (proprietary components, custom licenses, vulnerabilities) and much more.Starting Price: Free -
19
Red Sift ASM
Red Sift
Red Sift ASM (formerly Hardenize) provides a managed service that combines automated internet asset discovery with continuous network and security monitoring. Internet Asset Discovery Multiple sources of information feeds our custom search engine to help you find your websites. Background searches find new properties that belong to you and automatically add them to your inventory. Host and Network Monitoring We continuously monitor your entire network perimeter with fresh data updated daily. We combine scanning of domains, hostnames, and IP addresses. Certificate Inventory and Expiration Monitoring We monitor your certificates and notify if they're about to expire. Crucially, we also monitor the certificates of third-party services, helping you avoid problems via dependencies and services you don't control directly. -
20
UserJot
UserJot
UserJot centralizes customer feedback from Slack threads, support tickets, emails, and spreadsheets into public or private boards where users and team members can vote, discuss, and prioritize ideas in one place. Smart grouping automatically clusters similar requests, while vote counts surface feature trends so engineering teams know exactly what to build next. It generates a public roadmap that updates as ideas advance and produces synchronized changelogs that notify users when features ship, closing the feedback loop. It supports anonymous guest submissions, seamless setup with no credit card required, and intuitive management of boards, votes, and discussions without manual effort. By unifying feedback collection, prioritization, roadmap publication, and release communication into a single, easy-to-use interface, UserJot empowers SaaS product teams to make data-driven decisions, ship the right features faster, and reduce customer churn.Starting Price: $29 per month -
21
Legit Security
Legit Security
Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Automatically discover security issues, remediate threats and ensure the integrity and compliance of software releases. Comprehensive, visual SDLC inventory that's continually updated. Reveal unknown, misconfigured and vulnerable SDLC systems and infrastructure. Centralized visibility over location, coverage and configuration of your existing security tools and scanners. Catch insecure build actions before they can embed vulnerabilities downstream. Centralized, early prevention of sensitive data leaks, secrets and PII, before being pushed into the SDLC. Track security trends across teams and product lines to improve security posture and incentivize behavior. Get security posture at-a-glance with Legit Security Scores, Integrate your own alert and ticketing tools or use ours. -
22
Timesys Vigiles
Timesys Corporation
The timesys vigiles vulnerability management suite is a best-in-class Software Composition Analysis (sca) and vulnerability management solution optimized for embedded systems built on top of the linux operating system. Vigiles will reveal your exposure for every product and software release, and provide clear engineering guidance on how to remediate vulnerabilities. Now your customers can receive software updates sooner and stay secure throughout the lifecycle. Automatically monitors thousands of reported vulnerabilities and provides unique targeted vulnerability detection for your specific product components, including alerts of new vulnerabilities, summaries of severities and status, and on-demand reports for your projects. Gives you all of the Free version’s vulnerability monitoring features along with powerful vulnerability analysis, triage, and collaboration tools, to enable your team to rapidly prioritize, assess and mitigate security issues. -
23
ThreatMapper
Deepfence
Open source, multi-cloud platform for scanning, mapping, and ranking vulnerabilities in running containers, images, hosts, and repositories. ThreatMapper discovers the threats to your applications in production, across clouds, Kubernetes, serverless, and more. What you cannot see, you cannot secure. ThreatMapper auto-discovers your production infrastructure. It identifies and interrogates cloud instances, Kubernetes nodes, and serverless resources, discovering the applications and containers and mapping their topology in real-time. Use ThreatMapper to discover and visualize the external and internal attack surface for your applications and infrastructure. Exploiting known vulnerabilities in common dependencies is one of the easiest ways for bad actors to gain a foothold within your infrastructure. ThreatMapper scans hosts, containers, and applications for known vulnerable dependencies, taking threat feeds from over 50 different sources. -
24
Backslash Security
Backslash
Ensure the security of your code and open sources. Identify externally reachable data flows and vulnerabilities for effective risk mitigation. By identifying genuine attack paths to reachable code, we enable you to fix only the code and open-source software that is truly in use and reachable. Avoid unnecessary overloading of development teams with irrelevant vulnerabilities. Prioritize risk mitigation efforts more effectively, ensuring a focused and efficient security approach. Reduce the noise CSPM, CNAPP, and other runtime tools create by removing unreachable packages before running your applications. Meticulously analyze your software components and dependencies, identifying any known vulnerabilities or outdated libraries that could pose a threat. Backslash analyzes both direct and transitive packages, ensuring 100% reachability coverage. It outperforms existing tools that solely focus on direct packages, accounting for only 11% of packages. -
25
Visual Expert
Novalys
Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking changes. Automatically scan your code to detect and fix security vulnerabilities, bugs and maintenance Issues. Implement continuous code inspection Understand the inner workings of your code with call graphs, code diagrams, CRUD Matrix and Object Dependency Matrix (ODM). Automatically generate an HTML Source Code documentation. Explore your code exploration with hyperlinks Compare applications, databases or pieces of code. Improve maintainability. Clean up code. Comply with dev standards. Analyze and Improve DB code performance: Find slow objects and SQL queries, Optimize a slow object, a Chain of calls a slow SQL, Get a query Execution Plan. And much more.Starting Price: $495 per year -
26
Augoor
Augoor
Augoor transforms static code into dynamic knowledge, enabling teams to navigate, document, and optimize complex systems effortlessly. By extracting structures, relationships, and context, Augoor builds a living knowledge graph that accelerates the development lifecycle. Its AI-driven code navigation tool accelerates new developer productivity, integrating them into projects from day one. Augoor reduces maintenance efforts and enhances code integrity by pinpointing problematic code segments, saving costs, and reinforcing your codebase. It automatically generates clear, updated code explanations, preserving knowledge, especially for complex legacy systems. The AI navigation system cuts down time spent searching through code, allowing developers to focus more on coding, speeding up feature development, and fostering innovation in large codebases. Augoor's advanced AI-driven visualizations uncover hidden patterns, map complex dependencies, and reveal critical relationships. -
27
Apache Ivy
Apache Software Foundation
Apache Ivy™ is a popular dependency manager focusing on flexibility and simplicity. Find out more about its unique enterprise features, what people say about it, and how it can improve your build system! Ivy is a tool for managing (recording, tracking, resolving, and reporting) project dependencies. Ivy is essentially process agnostic and is not tied to any methodology or structure. Instead, it provides the necessary flexibility and reconfigurability to be adapted to a broad range of dependency management and build processes. While available as a standalone tool, Ivy works particularly well with Apache Ant providing a number of powerful Ant tasks ranging from dependency resolution to dependency reporting and publication. Ivy has a lot of powerful features, the most popular and useful being its flexibility, integration with Ant, and strong transitive dependencies management engine. Ivy is open source and released under a very permissive Apache License.Starting Price: Free -
28
WP Guardian
WP Guardian
Keep your entire WordPress fleet up-to-date and protected. Embrace proactive security to maintain control and visibility over the status of both sites and servers, all in one place. Stay ahead of WordPress threats with continuous vulnerability monitoring and effective mitigation strategies. Gain control over the security state for all WordPress sites. Scan connected servers, and identify & report vulnerabilities to keep your infrastructure secure. Manual & auto-updates, virtual patches, and continuous vulnerability monitoring. Designed to secure any control panel other than cPanel and Plesk, or no panel. Perform checks before, during, and after updates for a smooth and safe updating process. Block malicious requests, and mitigate vulnerabilities without modifying website code or affecting site performance. Protect servers and WordPress sites without installing any updates. Embrace the ultimate solution to actively block the exploitation of identified threats.Starting Price: $5 per month -
29
DNF
DOCS
DNF is a software package manager that installs, updates, and removes packages on Fedora and is the successor to YUM (Yellow-Dog Updater Modified). DNF makes it easy to maintain packages by automatically checking for dependencies and determining the actions required to install packages. This method eliminates the need to manually install or update the package, and its dependencies, using the rpm command. DNF is now the default software package management tool in Fedora. Removes packages installed as dependencies that are no longer required by currently installed programs. Checks for updates, but does not download or install the packages. Provides basic information about the package including name, version, release, and description.Starting Price: Free -
30
Sonatype Nexus Repository
Sonatype
Sonatype Nexus Repository is a robust binary repository manager designed to store, manage, and distribute open-source components, dependencies, and artifacts across the software development lifecycle (SDLC). It supports over 20 formats, including Maven, npm, PyPI, and Docker, allowing for seamless integration with build tools and CI/CD pipelines. With advanced features like high availability, disaster recovery, and scalability across cloud platforms, Nexus Repository ensures secure and efficient management of your software artifacts. The platform enhances collaboration, automates workflows, and improves visibility into your software supply chain, helping teams manage dependencies and improve software quality. -
31
Seal Security
Seal Security
Redefine open source vulnerability and patch management with Seal Security. Easy integration directly into your existing SDLC, and workflows. Standalone security patches for immediate resolution of critical security issues. Predictable remediation and optimal resource allocation, with centralized control and reduced R&D dependency. Streamline your open source vulnerability remediation without introducing the risk of breaking changes. Say goodbye to alert fatigue and start patching with Seal Security. Pass every product security scan with confidence. Seal Security provides immediate remediation for open source vulnerabilities. By meeting your customers' SLAs and offering a vulnerability-free product, you can ensure customer trust and fortify your market standing. Seal Security seamlessly integrates with various coding languages, patch management systems, and open source platforms through powerful APIs and CLI.Starting Price: Free -
32
GitHub Advanced Security for Azure DevOps is an application security testing service that is native to the developer workflow. It empowers Developer, Security, and Operations (DevSecOps) teams to prioritize innovation and enhance developer security without sacrificing productivity. Detect and prevent secret leaks from your application development processes with secret scanning. Take advantage of a partner program of more than 100 service providers and scanning for more than 200 token types. Adopt secret scanning quickly and easily without the need for additional tooling via the Azure DevOps UI. Protect your software supply chain by identifying any vulnerable open source components you may be using with dependency scanning. Get straightforward guidance on how to update component references so you can fix issues in minutes.Starting Price: $2 per GiB
-
33
Socket
Socket
Secure your supply chain. Ship with confidence. Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies. Find and compare millions of open source packages. Socket is not a traditional vulnerability scanner. Socket proactively detects and blocks 70+ signals of supply chain risk in open source code, for comprehensive protection. Prevent compromised or hijacked packages from infiltrating your supply chain by monitoring changes to package.json and more in real-time. Socket is built by a team of prolific open source maintainers whose software is downloaded over 1 billion times per month. We understand how to build tools that developers love. But don’t take our word for it.Starting Price: $8 per user per month -
34
ActiveState
ActiveState
ActiveState delivers Intelligent Remediation for vulnerability management, which enables DevSecOps teams to not only identify vulnerabilities in open source packages, but also to automatically prioritize, remediate, and deploy fixes into production without breaking changes, ensuring that applications are truly secured. Existing tools overwhelm DevSecOps teams with excessive vulnerability data, false positives, and a lack of prioritization, often leading to inaction and increased exposure to exploits. ActiveState’s solution provides your DevSecOps with a comprehensive view of open source vulnerability status across your application portfolio, enabling them to prioritize the vulnerabilities that matter, assess the risk of updates, and choose recommended remediation paths. The ActiveState platform centers on open source languages packaged as runtimes that can be deployed in various form factors. Low-to-no CVE container images are also available for plug-in and play needs. -
35
Simple Malware Protector
Simplestar Software
Simple Malware Protector identifies threats and vulnerabilities on your PC and will neutralize them quickly and easily. It then constantly monitors your PC to ensure you’re protected against future infection. Simple Malware Protector is continuously updated to ensure you’re protected against the latest threats and vulnerabilities. You can schedule Simple Malware Protector to run at startup or any other time of day, ensuring you are in control of your protection. You can also choose a quick, deep, or custom scan depending on your needs and preferences. Simple Malware Protector will scan your PC and identify security threats and vulnerabilities. Simple Malware Protector can quickly and safely remove these threats and prevent them from reoccurring. Protect your computer from malware, spyware, and other security threats. Restore optimum security to your PC.Starting Price: $3.03 per month -
36
Packagist
Packagist
Packagist is the main composer repository. It aggregates public PHP packages installable with Composer. Put a file named composer.json at the root of your project, containing your project dependencies. Packagist is the default Composer package repository. It lets you find packages and lets Composer know where to get the code from. You can use Composer to manage your project or libraries' dependencies. First of all, you must pick a package name. This is a very important step since it can not change and it should be unique enough to avoid conflicts in the future. The package name consists of a vendor name and a project name joined by a/. The vendor name exists to prevent naming conflicts. The composer.json file should reside at the top of your package's git/svn/ repository and is the way you describe your package to both packagist and composer. New versions of your package are automatically fetched from tags you create in your VCS repository. -
37
Bazel
Bazel
Bazel is an open-source build and test tool designed for multi-language, multi-platform software projects that delivers fast, incremental builds by rebuilding only what’s necessary and leveraging advanced local and remote caching, optimized dependency analysis, and parallel execution. It natively supports Java, C++, Go, Android, iOS, and many other languages, scaling seamlessly from small repositories to massive monorepos and complex Continuous Integration environments. Its declarative extension language lets teams add or customize rules for new languages and platforms, tapping into a growing community ecosystem. Bazel offers query capabilities to inspect and understand dependency graphs, comprehensive versioned documentation and release notes, and robust support via GitHub, Slack, and monthly community updates. Trusted by industry leaders like Google, Stripe, and Dropbox to build heavy-duty, mission-critical infrastructure and applications.Starting Price: Free -
38
Artifact Registry is Google Cloud’s unified, fully managed package and container registry designed for high-performance artifact storage and dependency management. It centralizes hosting of container images (Docker/OCI), Helm charts, language packages (Java/Maven, Node.js/npm, Python), and OS packages, offering fast, scalable, reliable, and secure handling with built-in vulnerability scanning and IAM-based access control. Integrated seamlessly with Google Cloud CI/CD tools like Cloud Build, Cloud Run, GKE, Compute Engine, and App Engine, it supports regional and virtual repositories with granular security via VPC Service Controls and customer-managed encryption keys. Developers benefit from standardized Docker Registry API support, comprehensive REST/RPC interfaces, and migration paths from Container Registry. Daily updated documentation includes quickstarts, repository management, access configuration, observability tools, and deep-dive guides.
-
39
Headway
Headway App
Every update that you can share with your users, you should. They will love you for this, we promise. Customise your changelog to match your company branding and host it on your own domain. We'll be happy to help you set it up. Connect Slack and Twitter so both your team and customers are in the loop with latest changes in your product. Your whole team can post to your changelog if you need. It's always better to see the face of a person next to changelogs. Privacy is important. Your changelog can be public or private, or just disallow search bots from crawl it. Not every product fit to a single glove, which is why you can fully customize categories for changelogs. The cleanest formatting imaginable, along with easy image uploading and multimedia embedding. A subtle widget badge animations inside of your product, just so users don't miss some important updates.Starting Price: $29 per month -
40
SiteLock
SiteLock
We secure websites by automatically finding and fixing threats. Automatically protect your website, reputation, and visitors against cyberthreats. Comprehensive website security software protects your website from malicious cyber threats. This includes the protection of your site code and web applications. Depending on your website security package, you’ll receive daily website scans, automated malware removal, and vulnerability/CMS patching, as well as a web application firewall to block harmful traffic before it ever reaches your site. Our website security scan instantly checks your website from malware, viruses and other cyber threats and alerts you to found issues. Detect and automatically remove malicious content from your website, creating a safe experience for your customers. Easily check for website vulnerabilities in your CMS with our vulnerability scanner before they are exploited. -
41
Arctic Data Canadian Payroll
Arctic Data Canadian Payroll
Arctic Data Corporation has been supplying Canadian businesses with payroll software since 1982. The Canadian Payroll Software, designed for WINDOWS XP/Vista/7/8/10, can be integrated with Arctic Data's Multi-user accounting system or used in a stand-alone environment. With the ability to print cheques, do direct bank deposits, generate T4s and Record of Employement (ROEs) ADC's Canadian Payroll system will help streamline your small or medium size business payroll. The system can handle up to 99 separate companies. The costs for payroll updates are $99.95 per update. The government releases tax changes for January 1 every year. On occasion, an additional update is released for July 1. Depending upon the changes you may wish to purchase the update if it affects your employees. The system will allow up to 32,000 employees per payroll company or dependant upon disk space. The system has the ability to create customer reports from the data you have entered into the system.Starting Price: $99.95 one-time payment -
42
Mbed Studio
Mbed Studio
Mbed Studio is a free IDE for Mbed OS application and library development, including all the dependencies and tools you need in a single package so that you can create, compile and debug your Mbed programs on the desktop. Develop your applications using Mbed OS, switching between pre-defined build profiles for development, debug or release. With API auto-completion, you'll find code authoring easier, likewise you can inspect hardware-dependent settings such as pin mappings based on your selected platform. As new features, code size improvements and fixes are added to Mbed OS in each release, your application can benefit from them, with Mbed Studio notifying you of available updates. Likewise, other drivers and libraries, such as those available on mbed.com can be updated. Develop IoT products that can be managed throughout their lifecycle. Mbed accounts allow you to access the free tier of pelion device management services, allowing you to connect and manage up to 100 devices. -
43
Dependency Track SaaS
YourSky.blue
Dependency Track SaaS provided by YourSky.blue is the managed cloud solution of the popular open-source Dependency-Track. Always up to date with the latest security bulletins, it allows to easily monitor all the chain of software components through powerful dashboards and configurable alerts. It periodically scans already uploaded SBOMs for new security issues, outdated versions or licenses at risk. YourSky.blue Dependency Track SaaS is one of the most powerful and essential tool to manage software assets conveniently. The SaaS product also includes Single-Sign-On technology to facilitate integration with any enterprise identity provider.Starting Price: USD 10.08 per user per month -
44
Last9
Last9
Visualize your microservices end-to-end, from your CDN all the way to your databases, including external dependencies. Automatically measure baselines and get recommendations of SLIs and SLOs. Understand and measure the impact across microservices. Every change introduces a ripple through your connected system. Did a security group change affect Login API? Last9 makes it easy to locate the ‘last change’ that triggered an incident. Last9 is a modern reliability stack. It’s designed to leverage your existing observability tricks and allow you to build and enforce mental models on top of your data to help you cover infrastructure, service, and product metrics with minimal effort and distractions. With all the love and passion for reliability, we address the challenges of every layer to make running systems at scale fun and embarrassingly easy! Last9 leverages the knowledge graph to automatically generate a map view of known infrastructure and service components. -
45
Squire AI
Squire AI
Get away from essay writing, Squire writes pull request descriptions for you. Keep your team in sync with a clear description and changelog. With an agentic workflow, Squire has a team reviewing your PR with the full context of your codebase. Able to catch many issues like systemic breaking changes, security concerns, and even small spelling mistakes. We improve code quality and get your PR into production. Squire is a context-aware agent who works with you to write pull request descriptions, review PRs, and learn how you like your code reviewed. Squire learns how your team reviews code and fits your style with explicit configuration and learning from your team's interactions. Map and synchronize ownership and responsibility across your entire engineering stack. Maintain compliance by applying and maintaining rules on your engineering components.Starting Price: $20 per month -
46
Diamond
Diamond
Diamond is an advanced AI code review tool that provides immediate, actionable feedback on every pull request, enhancing code quality and accelerating development cycles. It automatically identifies potential issues such as logic bugs, security vulnerabilities, performance bottlenecks, and documentation inconsistencies, allowing teams to focus more on building and less on manual reviews. With zero setups required, Diamond integrates seamlessly with your repository, offering high-signal, codebase-aware insights without the noise often associated with other AI tools. Users can customize review standards by importing their own style guides, filtering out unwanted comments to maintain a focused review experience, and benefiting from codebase awareness that enhances comment quality. It also provides review insights with analytics on comment metrics, including issue categories, and offers suggested fixes that can be accepted with a single click.Starting Price: $20 per month -
47
Snapcraft
Snapcraft
This is the code repository for snapd, the background service that manages and maintains installed snaps. Snaps are app packages for desktop, cloud, and IoT that update automatically. Easy to install, secure, cross-platform, and dependency-free. They're being used on millions of Linux systems every day. Alongside its various service and management functions, snapd provides the snap command that's used to install and remove snaps and interact with the wider snap ecosystem, implements the confinement policies that isolate snaps from the base system and from each other, governs the interfaces that allow snaps to access specific system resources outside of their confinement. If you're looking for something to install, such as Spotify or Visual Studio Code, take a look at the Snap Store. And if you want to build your own snaps, start with our creating a snap documentation.Starting Price: Free -
48
VerifyWise
VerifyWise
VerifyWise is an open-source AI governance platform that helps organizations document, assess, and manage their AI systems in a transparent and structured way. Built to support compliance with frameworks like ISO/IEC 42001, NIST AI RMF, and the EU AI Act, it offers a centralized registry where teams can log every AI system, along with its purpose, model type, deployment details, and risk classification. Whether it’s a large language model, a computer vision system, or a rules-based tool, VerifyWise helps you keep track of everything in one place. The platform’s open-source nature means it’s fully self-hostable and adaptable. Organizations can audit the code, contribute improvements, and extend functionality to meet specific needs. Security is built-in, with automated checks for credential leaks, license issues, and dependency vulnerabilities. It supports external contributions while maintaining high code quality standards, making it ideal for both public and private sector use.Starting Price: $129/month -
49
Check Point IPS
Check Point IPS
Intrusion Prevention Systems detect or prevent attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Check Point IPS protections in our Next Generation Firewall are updated automatically. Whether the vulnerability was released years ago, or a few minutes ago, your organization is protected. Check Point IPS delivers thousands of signature and behavioral preemptive protections. Our acceleration technologies let you safely enable IPS. A low false positive rate saves your staff valuable time. Enable IPS on any Check Point security gateway reducing total cost of ownership. On-demand hyperscale threat prevention performance providing enterprises cloud level expansion and resiliency on premises. Provide users with secure, seamless remote access to corporate networks and resources when traveling or working remotely. -
50
Jaisocx
Jaisocx
Since 2024 Jaisocx supports PHP over HTTP/3, intuitively switching among HTTP/1.1, h2 and h3 depending on negotiation with HTTP client. a) Unique feature is Charset detection of published text contents, and making browser showing correctly extended ascii chars like in German or French alphabets. b) It has built-in motor for securing endpoints with Basic Auth and JSON Web Token. c) Proxy Endpoints. d) Also the framework-like solution for publishing SQL queries results in JSON format out of the box with minimal configuration. e) On the same company site this software is well documented. f) Software is free, g) and has the Docker Hub repository h) and Github.com repository with some basic samples for Laravel, Symfony and WordPress apps under Docker Compose.Starting Price: $0