Security & Compliance
Bridging Software Security and Compliance. With ease.
OWASP DevSecOps
Get AppSec done with ease
No need for hours of configuration or research. DevGuard provides you with a full OWASP DevSecOps pipeline, advanced supply chain security, and more.
Compliance & Audit
Automated Tracking, Documentation & Reporting
As a developer you love to code - probably not hasseling with compliance. DevGuard provides a pre-release checklist, prioritized todos, and a full audit trail.
Automated setup
Get started in seconds
DevGuard is easy to set up. Use the auto setup for your GitLab Instance or GitHub or just add a few lines to your CI pipeline and you're good to go.
Made in Germany & EU
Open Source Licensed
The core team behind DevGuard is based in Bonn, Germany. We are committed to open source. Especially when it comes to security.
Integrations
Use with your favorite tools
Keep using your favorite tools. DevGuard integrates with all major continous integration pipelines & software development tools.
For your Code & Dependencies
Central Vulnerability Management

Insights & Innovation
Advanced Security Features
Advanced Risk Assessment
Based on your Environment (CVSS-BE), additional data about Exploits and exploit probability, and more - DevGuard provides you with a real risk assessment where most findings are deprioritized.

Sharing in your Org & Beyond (VEX)
DevGuard enables you to share your management decisions accross your org. You can easily share to your customers using the VEX standard.

Powerful SBOM & SARIF APIs
Use your arbitrary SBOM or SARIF data (e.g. from your already bought SAST Tool) and manage using DevGuard.
X-Ray your Dependencies
DevGuard provides you with insights into your dependencies. Inlcuding licenses, the location in your dependency tree, OpenSSF Scorecard data, GitHub Stars/ Forks/ Issues and more.

Devs Peace of Mind
Built for developers
CI Components & Workflows
Integrate in your CI
DevGuard is designed to be developer-friendly, with a focus on ease of use and integration.
Sync with GitHub, GitLab & more
Manage in your Tickets
You can easily manage vulnerabilities in your issue tracker. Use slash commands to mitigate vulnerabilities, and stay in your workflow.
Helping FOSS Projects & Enterprises
We're on a mission to transform the way software is developed and secured.
Our mission
DevGuard aims to make application security easier and more accessible for developers. By integrating essential security tools such as SCA, secret scanning, and container scanning into a single CLI, DevGuard is designed to reduce the burden on developers while seamlessly fitting into dev workflows. Our goal is to help developers build secure software without the need for specialized security knowledge.
Our team, L3montree, is a small but highly dedicated startup focused on software security, cloud-native security, and open-source software consulting and implementation. Founded by a group of friends during our computer science studies, we are passionate about building a secure and equitable digital future for everyone. Our strong commitment to open-source values and security drives us to collaborate with the community, public institutions and private organizations alike.
DevGuard is free for other open source projects. Get in touch with us to learn more. We are happy to help. To appreciate the work of FOSS maintainers, we decided to return a part of our revenue of DevGuard to the open source projects we use and rely on.




The Numbers
- Aggregated data sources
- +10
- Records of known vulnerabilities
- +250K
- Factor of possible cost savings when fixing vulnerabilities early in dev compared to fixing in production
- x10
- Enterprises currently in alpha programme
- 1