Secure your software.

Secure your future.

Digital is the new battle ground. You rely on your applications and web properties to compete. Protect them.

Tell Me More




When cybersecurity breaches happen, your company makes the headlines but not in the way you want. These stories happen every single day. Increasingly these breaches are caused by deficiencies in the Application Security (AppSec) and Software Composition Analysis (SCA) layers of enterprise systems. Today, security vulnerabilities from external software components are a major contributing factor in more than 24% of all cybersecurity breaches.

And let’s face it –  your organization’s operations, reputation, and clientele cannot afford to become collateral damage from these breaches. 

Applications and web services, whether purchased or developed internally, play a critical role in your enterprise’s day-to-day operations. Today, external components such as third-party open source or proprietary libraries, make up about 80-90% of an application’s codebase. These external components that your organization relies on is a complex ecosystem with many layers of components. These components have bugs, like all software, or can even house malicious code which are easy targets for cybercriminals. 

Meet MergeBase 


An application security service that detects dangerous vulnerabilities in your enterprise applications. These vulnerabilities have been created by the underlying open source or commercial libraries that the application is using.


MergeBase can detect 20-100% more vulnerabilities than any other tool on the market making it the most accurate tool in its class.


Just as important, MergeBase minimizes the reporting of false positives so you only need to worry about true vulnerabilities.


Your processes will be streamlined through MergeBase’s ability to integrate into your existing build, issue/bug tracking software.


Additionally, you’ll have peace of mind knowing that MergeBase protects you and your applications from vulnerabilities that cannot be fixed. MergeBase empowers you to block access to the vulnerable libraries or monitor them for suspicious access.


Detection: Surfacing the Real Risks

Minimizing risk is crucial. The first step in any risk management framework is to have a complete understanding of your vulnerabilities. MergeBase’s Software Component Analysis (SCA) service protects you throughout the software development lifecycle (SDLC).

Other scanners will generate a report with a large number of false positives. This negatively impacts the real risks for your organization. False positives waste valuable analyst triage time and cause dangerous alert fatigue This increases the chance of your security team missing rare critical risks in the midst of having too much noise.




Best Competitor9676
Typical Competitor8133



Integration: Seamless Security

MergeBase has been developed to work with your existing security operations. Our SaaS technology seamlessly integrates into your security workflow.


Source Code Management Systems (SCM)

Development Environments (DE)

Build Pipeline & Continuous Integration Tools
Jenkins, Teamcity, & Bamboo

Containerization Technology

Event Notification Services
IBM QRadar, Splunk, & Slack


Best Competitor~
Typical CompetitorX~XX

Protection: Live Countermeasures

MergeBase does more than just detecting vulnerabilities like other SCA scanners. It also protects against vulnerabilities that have yet to be remediated in your environments.

Traditionally, you must fix all the vulnerability findings to correct your security posture. In the hardware and operating system area, vendors like Microsoft and Cisco publish high-quality patches that you can apply without a second thought. Unfortunately, the same diligence and quality is not generally available for applications. Even when a patch is available, you cannot always install it. Fixing a vulnerability in an application can be costly, risky, and time-consuming.
That’s where MergeBase can help. For a wide range of published known-vulnerabilities, MergeBase can help you short-circuit complex patching cycles to provide immediate protection.


Our SaaS technology allows you to protect vulnerabilities through two options:

  1. Monitor the vulnerability libraries closely and receive alerts when there is suspicious access, or the usage differs from the usual activity.
  2. Get fine-grained control allowing you to stop access to the library completely. This reduces your attack surface immediately by eliminating libraries that are never used.


Alert New
Best CompetitorX
Typical CompetitorXXX

 Stop BuildStop Execution
Best CompetitorX
Typical CompetitorX

It’s Time to Prioritize Risk Mitigation

With MergeBase, you can finally prioritize risk mitigation. Our continuous protection allows you to keep up with ever-changing cybersecurity needs. You’ll be able to reduce risks through more accurate vulnerability detection. By streamlining the way you protect and fix vulnerabilities, you’ll reduce costs and save valuable time. MergeBase empowers you to take control of your application security posture, protect your enterprise, and minimize its exposure to cyberattacks.


MergeBase Vulnerability Dashboard


Configuring MergeBase Integrations (Jira, Slack, Syslog, etc)


MergeBase’s Advanced “Double-Push” Git Integration

About Us

MergeBase is focused on application security. It provides a second-generation cybersecurity tool, offering protection from the largest single cause of data breaches. It provides the strongest protection by detecting a wider range of vulnerabilities and assessing the risks more accurately as it takes more factors into account than traditional solutions.



Our Team


Oscar van der Meer

Co-Founder, CEO

Technology executive experienced in growing organisations. Brings global and industry perspectives.


Julius Musseau

Co-Founder, CTO

Accomplished software architect, academic, and open source contributor with 20 years experience.


Ken Warkentyne

Principal Engineer

Experienced software architect. Previously laid foundation for a mission critical system used by hundreds of financial institutions. PhD in computer science.


Delan Elliot

Software Engineer

Bright software engineer. Specialties include application security, build pipelines, and vue.js.





Please enter a valid email address.


Message (optional):

Book A Demo Now

To see how MergeBase can secure your enterprise applications using revolutionary new technology!

MergeBase can:

  • Detect known vulnerabilities in software libraries and components more accurately than any other SCA tool.
  • Protect vulnerable areas in your application that remain to be patched. See how MergeBase can thwart an attack against an unpatched library in real time!
  • Integrate smoothly with other key tools in your security operation to make life easier for your security analysts and DevSecOps staff.



MergeBase Software Inc.

201-4501 Kingsway
Burnaby, BC, V5H 0E5