Develop Secure
Software.

DevGuard seamlessly integrates security into your software development lifecycle, making security practices accessible and efficient for all, regardless of expertise.

OWASP LogoIkor part of X1 LogoBonn-Rhein-Sieg University of Applied Sciences LogoUniversity of Giessen LogoWheregroup Logo

Security & Compliance

Bridging Software Security and Compliance. With ease.

OWASP DevSecOps

Get AppSec done with ease

No need for hours of configuration or research. DevGuard provides you with a full OWASP DevSecOps pipeline, advanced supply chain security, and more.

Compliance & Audit

Automated Tracking, Documentation & Reporting

As a developer you love to code - probably not hasseling with compliance. DevGuard provides a pre-release checklist, prioritized todos, and a full audit trail.

Automated setup

Get started in seconds

DevGuard is easy to set up. Use the auto setup for your GitLab Instance or GitHub or just add a few lines to your CI pipeline and you're good to go.

Made in Germany & EU

Open Source Licensed

The core team behind DevGuard is based in Bonn, Germany. We are committed to open source. Especially when it comes to security.

Integrations

Use with your favorite tools

Keep using your favorite tools. DevGuard integrates with all major continous integration pipelines & software development tools.

For your Code & Dependencies

Central Vulnerability Management

Insights & Innovation

Advanced Security Features

Advanced Risk Assessment

Based on your Environment (CVSS-BE), additional data about Exploits and exploit probability, and more - DevGuard provides you with a real risk assessment where most findings are deprioritized.

Screenshot of the DevGuard Risk Assessment per CVE

Sharing in your Org & Beyond (VEX)

DevGuard enables you to share your management decisions accross your org. You can easily share to your customers using the VEX standard.

Screenshot of the DevGuard Risk Assessment per CVE

Powerful SBOM & SARIF APIs

Use your arbitrary SBOM or SARIF data (e.g. from your already bought SAST Tool) and manage using DevGuard.

X-Ray your Dependencies

DevGuard provides you with insights into your dependencies. Inlcuding licenses, the location in your dependency tree, OpenSSF Scorecard data, GitHub Stars/ Forks/ Issues and more.

Screenshot of the DevGuard Risk Assessment per CVE

Devs Peace of Mind

Built for developers

CI Components & Workflows

Integrate in your CI

DevGuard is designed to be developer-friendly, with a focus on ease of use and integration.

Sync with GitHub, GitLab & more

Manage in your Tickets

You can easily manage vulnerabilities in your issue tracker. Use slash commands to mitigate vulnerabilities, and stay in your workflow.

Helping FOSS Projects & Enterprises

We're on a mission to transform the way software is developed and secured.

Our mission

DevGuard aims to make application security easier and more accessible for developers. By integrating essential security tools such as SCA, secret scanning, and container scanning into a single CLI, DevGuard is designed to reduce the burden on developers while seamlessly fitting into dev workflows. Our goal is to help developers build secure software without the need for specialized security knowledge.

Our team, L3montree, is a small but highly dedicated startup focused on software security, cloud-native security, and open-source software consulting and implementation. Founded by a group of friends during our computer science studies, we are passionate about building a secure and equitable digital future for everyone. Our strong commitment to open-source values and security drives us to collaborate with the community, public institutions and private organizations alike.

DevGuard is free for other open source projects. Get in touch with us to learn more. We are happy to help. To appreciate the work of FOSS maintainers, we decided to return a part of our revenue of DevGuard to the open source projects we use and rely on.

The Numbers


Aggregated data sources
+10
Records of known vulnerabilities
+250K
Factor of possible cost savings when fixing vulnerabilities early in dev compared to fixing in production
x10
Enterprises currently in alpha programme
1

Ready to dive in?
Become an beta tester today.

We are currently accepting applications for our public beta testing program. Be the first to experience DevGuard, shape it with your feedback, and help us make it better.