Acunetix 360

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits web applications by checking for vulnerabilities accessible via web browser.

Acunetix 360

Acunetix 360 is a best-of-breed enterprise web vulnerability solution designed to be a part of complex environments.

AppScan Enterprise

HCL AppScan Enterprise mitigates application security risk, strengthen application security program management initiatives and achieve regulatory compliance.

AppScan on Cloud (ASoC)

HCL AppScan on Cloud (ASoC) is a cloud app security offering that helps secure your organization’s Web, cloud, mobile, and other applications.

Black Duck

Black Duck integrates with ThreadFix to automatically scan, identify and inventory open source software, allowing you to understand license obligations, conflicts and risks.


Bugzilla is a free bug tracking software, supported by a dedicated team, to help manage software development.


Brakeman is an open source static analysis vulnerability scanner tailored for Ruby on Rails applications designed to spot security vulnerabilities.

AppScan Source

HCL AppScan Source identifies web-based and mobile application source code vulnerabilities early in the software development cycle, so they can be fixed before deployment.


Checkmarx’s CxSAST is a tool that discovers and documents application layer security vulnerabilities.


Contrast IAST Scanner Integration uses sensors to passively monitor the behavior of applications and discover vulnerabilities quickly and accurately.

Contrast OSS

Contract OSS delivers automated open-source risk management by embedding security and compliance checks in applications throughout the development process while performing continuous monitoring in production.


Coverity® identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix.


FindBugs is a static analysis open source program that detects bugs in Java code.

AppScan Standard

HCL AppScan Standard Integration ThreadFix allows HCL AppScan users to import and track AppScan DAST results and merge DAST and SAST scan results.

AppSpider Enterprise

Rapid7 AppSpider creates custom attacks based on the architecture of your specific application to provide the most accurate testing results.

Rational ClearQuest

IBM Rational ClearQuest is change management software that helps improve developer productivity while accommodating the methodologies, processes and tools that best fit the project and the people on the team.

Burp Suite Pro

Portswigger BurpSuite Pro is a testing platform that maps and analyzes an applications attack surface then discovers and exploits security vulnerabilities.

Dependency Check​

OWASP Dependency-Check identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.

Jira Software

Atlassian Jira lets teams capture, plan and fix software bugs together with centralized management for greater visibility and tracking.

Micro Focus Quality Center/ALM

Micro Focus Quality Center/ALM helps reduce defects, increase quality and ship applications more quickly with greater quality assurance.

Dependency Track

OWASP Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Microsoft Azure Services

Azure DevOps Services is the cloud offering that provides a scalable, reliable, and globally available hosted service. Azure DevOps provides developer services to support teams to plan work, collaborate on code development, and build and deploy applications.

Fortify on Demand

Micro Focus Fortify on Demand gives you the tools to create, supplement, and expand a Software Security Assurance program with no infrastructure investments or security staff required.

Microsoft Azure

Azure DevOps Server is a set of collaborative software development tools, hosted on-premises. Azure DevOps Server integrates with your existing IDE or editor, enabling your cross-functional team to work effectively on projects of all sizes.

Fortify SCA

Micro Focus Fortify SCA Integration Maximize your investment in Micro Focus Fortify by integrating with ThreadFix to import and merge scan results and schedule regular scans.

Fortify SSC

Micro Focus Fortify Software Security Center enables organizations to automate an application security program.

Nessus (AppSec)

Tenable Nessus identifies network vulnerabilities and configurations, then prevents attacks on the network.

Netsparker Enterprise

Netsparker Enterprise Import and track Netsparker DAST results and merge DAST and SAST scan results with the ThreadFix Netsparker integration.


Micro Focus WebInspect Integration Use Micro Focus WebInspect with ThreadFix to merge and track SAST and DAST scan results.


NowSecure Platform fully automates security and privacy testing for mobile apps you build and use within one easy-to-use portal. Test pre-prod and/or published iOS/Android binaries while monitoring the apps that power your workforce.

Rally Software

Rally’s ALM, integrated with test and defect tracking tools, allows team members to synchronize the testing and QA progress.


OWASP ZAP Integration Import scan results, merge them with other scanning results and track the results of scans over time using ThreadFix’s OWASP ZAP integration.

Qualys Web Application Scanning (WAS)

Qualys Web Application Scanning (WAS) is an automated service that performs regular testing of web applications with automated crawling that scales and minimizes false positives.


SonarQube is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.


Sonatype Nexus help organizations improve the quality, security, and speed of their software supply chains.

Veracode Analysis Center

Veracode Software Composition Analysis detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes.

WhiteHat Sentinel​

WhiteHat Security Sentinel Dynamic Analysis accurately identifies and verifies vulnerabilities in your websites and web applications.


VersionOne is a tool that helps companies scale agile across each level of enterprise program management.

WhiteHat Source

WhiteHat Security Sentinel Static Analysis scans your entire source code, identifies vulnerabilities and provides detailed vulnerability descriptions and remediation advice.

Veracode Static Analysis

Veracode Static Analysis provides fast, automated security feedback to developers, conducts a full policy scan before deployment, and gives clear guidance on what issues to focus on and how to fix them faster. Results have high accuracy without manual tuning based on 10 trillion lines of code scanned through our SaaS-based engines.

Veracode Dynamic Analysis

Veracode Dynamic Analysis helps you scan your web applications for exploitable vulnerabilities at scale. With an ability to test thousands of applications simultaneously and a less than 1% false positive rate coupled with comprehensive remediation guidance, customers are able to rapidly reduce their risk of a breach across their web applications.