ZeroPath
ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with deep program analysis to deliver intelligent security testing that finds real vulnerabilities while dramatically reducing false positives.
Unlike traditional SAST tools that rely on pattern matching, ZeroPath understands code context, business logic, and developer intent. This enables identification of sophisticated security issues including business logic flaws, broken authentication, authorization bypasses, and complex dependency vulnerabilities.
Our comprehensive security suite covers the application security lifecycle:
1. AI-powered SAST
2. Software Composition Analysis with reachability analysis
3. Secrets detection and validation
4. Infrastructure as Code scanning
5. Automated PR reviews
6. Automated patch generation
and more...
ZeroPath integrates seamlessly with GitHub, GitLab, Bitbucket, Azure DevOps and many more. The platform handles codebases with millions of lines across Python, JavaScript, TypeScript, Java, Go, Ruby, Rust, PHP, Kotlin and more.
Our research team has been successful in finding vulnerabilities like critical account takeover in better-auth (CVE-2025-61928, 300k+ weekly downloads), identifying 170+ verified bugs in curl, and discovering 0-days in production systems at Netflix, Hulu, and Salesforce.
Trusted by 750+ companies and performing 200k+ code scans monthly.
Learn more
Parasoft
Parasoft's mission is to provide automated testing solutions and expertise that empower organizations to expedite delivery of safe and reliable software.
A powerful unified C and C++ test automation solution for static analysis, unit testing and structural code coverage, Parasoft C/C++test helps satisfy compliance with industry functional safety and security requirements for embedded software systems.
Learn more
Snyk
Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk is a developer security platform that automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams.
Learn more
CodeQL
Uncover security weaknesses within a codebase using CodeQL, our premier semantic analysis tool for code. CodeQL empowers you to treat code as if it were data, enabling the writing of queries to identify every variant of a vulnerability, thereby eliminating it for good. By sharing your findings, you can assist others in this vital task. CodeQL is available at no cost for both research and open source projects. Execute real queries against widely-used open source codebases with CodeQL integrated into Visual Studio Code, experiencing firsthand the effectiveness of identifying poor coding practices and pinpointing similar issues throughout the entire codebase. You also have the option to create your own CodeQL databases for any project that complies with an OSI-approved open source license. It’s important to note that GitHub CodeQL is restricted to use on codebases that are either released under an OSI-approved open source license, utilized for academic research, or employed to generate CodeQL databases for automated analyses. To get started, simply download and incorporate the project's CodeQL database into VS Code, or generate a CodeQL database using the CodeQL command-line interface, allowing you to enhance your code's security comprehensively. Utilizing CodeQL not only improves your project but contributes to a safer coding environment for everyone.
Learn more
