Introducing MergeBase

In this video, MergeBase CEO Oscar van der Meer introduces MergeBase. Our mission is to protect the software supply chain. We provide a full-featured, developer oriented SCA solution with the lowest false positives in the industry and complete coverage of the DevOps process from coding, building to deployment and run-time.

Software Supply Chain

80 to 90% of the code base of a typical application consists of third party libraries. Most of these libraries are open source software. Known vulnerabilities in these libraries are very attractive targets for cyber adversaries and have become the largest cause of data breaches today.

Read more

MergeBase’s SCA

Lowest False Positives

At MergeBase we understand that false positives have a huge impact on productivity and morale. Not only is trying to fix a false positive a huge waste of time, it often takes a developer more time to proof that it is false than it would have taken to fix a true positive.
That is why we put consistent effort in reducing false positives and are proud to have the lowest false positive ratio in the industry.

Full Featured

MergeBase covers all major languages and environments from Javascript/NPM, .NET, C/C++ to Java and much more (link to detailed features). It integrates with all major build environments and repositories through dedicated plug-ins.
MergeBase keeps your development running at top speed through sophisticated developer guidance that enables your developers to find the best upgrade path in seconds and through suppression management that keeps pipelines running smoothly while maintaining full security governance.
In addition, MergeBase gives you full insight and control over licensing and technical debt, so you can manage your legal and technical risk as well.

Complete DevOps Coverage

Shift Left with CodeGreen

MergeBase analyses the code developers want to add to your repositories for known-vulnerabilities and triggers warnings, rejections, and mandatory code reviews. You can configure it to extend full enterprise control over these potentially catastrophic risks to your organization.

  • Engage developers
  • Create awareness
  • Enforce enterprises controls
  • Keep the enterprise code-base clean
  • Integrates seamlessly into software development tools that developers use every day. You can use us if you are using for instance GitHub or BitBucket.
Start Free with Bitbucket Start Free with GitHub

Build a Secure Future

Empower your developers and security analysts to effectively secure your enterprise applications.

  • Build pipeline integration with the ability to stop the build on policy violation.
  • Cloud-based dashboard with real-time notifications. If new known vulnerabilities are uncovered in the industry that apply to scans you have done, you automatically get notified.
  • Advanced developer guidance. Enables you to choose the right upgrade for your project based on risk, popularity and compatibility
  • Analyze binaries (For software that is purchased, or when no source code is available)
  • Software bill of materials
Start Free Trial

Container Scanning

  • Inspect images
  • Find vulnerabilities and take action to fix it
  • Integrate to our CI/CD pipeline

MergeBase provides complete DevSecOps coverage and reliable container security.

Sechedule a Demo

Open Source Runtime Protection

MergeBase can instrument Java application, giving you full visibility on what is deployed in the cloud or your data centers with an immediate risk assessment.

When it is not possible to quickly upgrade a vulnerable library, open source run-time protection can be a lifesaver. It also shrinks your attack surface by up to 90% and dramatically reduces remediation efforts.

  • Full view of all applications and their risks at run-time
  • Block or monitor access
  • Shrink attack surface, improve time to market
  • Mitigate legacy application risk
Sechedule a Demo

Software as a Service, On-Premises, or Hybrid Deployment

MergeBase is a cloud-native solution. However it is architected such that clients can deploy not only in the cloud, but also on-prem or in a private cloud. Regardless of the size of your company, our enterprise licensing does not put constraints on how your deploy. You can deploy an unlimited number of instances if you choose to.

For instance, you can deploy one instance for a test environment and a different instance for production because there are separate controls around these environments and different people have access to those environments as well.

There are also other hybrid deployment options. For instance, you could deploy MergeBase in your cloud instances rather than in ours. You get the benefits of the cloud and can leverage your own corporate controls at the same time.

Remediation Guidance

Unlike many security tools, Mergebase doesn't just give you a list of problems; instead, we actually help you fix them and make better design choices so that you can actually increase the pace of your development. MergeBase offers several remediation options:

Prevention through smart repository controls.
Advanced Developer Guidance.
Integration with your process.
Run-time code coverage insights, allowing you to ignore inert vulnerabilities with confidence.
Run-time Protection to give you ultimate control and peace of mind.

The best option, as in most scenarios, is prevention. You achieve prevention with MergeBase by integrating early on in your development process through your repositories. That way you can keep vulnerable components completely out of your codebase, so there is nothing to remediate. This is the best and the lowest cost option for companies; however, it might not always be practical or even possible. That is where the other options come in.

Onboarding Customers

Onboarding is based on customer need:

  • How many people will be using MergeBase?
  • How will they use the MergeBase platform?
  • How complex are the code and build environment?
1 hr Workshop
Follow-up Support
Full Runtime Support

Ready to start mitigating risk in your organization?

START A FREE TRIAL