DefectDojo Celebrates AppSec Excellence with First Annual Awards

Recognizing the open-source innovations advancing AppSec and DevSecOps

DefectDojo, the pioneer in scalable security, unified vulnerability management and DevSecOps, today announced the winners of its inaugural Open-Source Security Awards. These awards recognize the most impactful open-source security tools that AppSec and DevSecOps teams rely on to achieve meaningful security programs with tight, or no budget. Far too often security is gate-kept by budgets leading to the AppSec industry primarily targeting large enterprises and leaving other organizations between a rock and hard place as they work to create meaningful security programs and protect themselves from exploits.

With cyberattacks surging, and AI-generated code introducing new security blind spots, organizations need effective, budget-friendly, comprehensive solutions to secure their applications and infrastructure. However, traditional security tooling is often cost-prohibitive—leaving teams unable to protect or properly scan their organization for potential vulnerabilities.

The 2025 Open-Source Security Tool Award winners are tools that stand out in their maturity, quality, or provide unique benefits and capabilities not seen in other tools.

• Best Dynamic Application Security Testing (DAST) Tools: Zed Attack Proxy (ZAP), Nikto, Arachni
• Best Static Application Security Testing (SAST) Tools: Semgrep, SonarQube, Horusec
• Best Software Composition Analysis (SCA) Tools: Dependency-Track, Trivy, Checkov
• Best Infrastructure Security Tools: Prowler, OpenVAS, Nmap
• Best Secrets Scanning Tool: TruffleHog
• Contributor of the Year: Tomas Kubla

DefectDojo’s co-founders, security veterans Matt Tesauro and Greg Anderson, applied their decades of experience in vulnerability management, security automation and open-source security to curate this year’s winners. Each honoree was selected based on a tool’s maturity, quality or unique benefits; complete reviews and analysis can be found here.

“Security teams are under immense pressure to manage vulnerabilities faster and more efficiently but aren’t always given the resources they need to accomplish that. Access to good cybersecurity tools shouldn’t be a luxury,” said Greg Anderson, co-founder and CEO at DefectDojo. “The tools recognized in this year’s awards are standouts, staples and cornerstones for security practitioners to bring meaningful and comprehensive security to organizations regardless of budget.”

As an OWASP Flagship Project, DefectDojo has been at the forefront of open-source AppSec, DevSecOps, and vulnerability management since 2014. Security teams use the platform to aggregate security test results from 200+ tools, consolidate the findings from all security tools, prioritize vulnerabilities, and automate remediation workflows—allowing organizations to scale their security programs efficiently.

As an aggregator of vulnerability data, DefectDojo is uniquely positioned to recognize the best open-source tools in the industry, DefectDojo reinforces its commitment to helping organizations shift from reactive security to proactive vulnerability management, where threats are identified, triaged and mitigated before they can be exploited.

To learn more about the award-winning tools and how DefectDojo helps security teams take control of their vulnerability management, visit defectdojo.com.

About DefectDojo

DefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from any security tool, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture, automate operations to increase productivity and improve decision-making. For more information, visit defectdojo.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250417296513/en/

“The tools recognized in this year’s awards are standouts, staples and cornerstones for security practitioners to bring meaningful and comprehensive security to organizations regardless of budget.”