Xygeni Reviews

I most often use Xygeni for monitoring our applications. When monitoring our applications, I use Xygeni when I see changes in code flow and codebase, and I compare the old codebase with the current codebase in terms of changes.

What stands out most about Xygeni is the breadth and depth of its ASPM capabilities, all delivered through a single, unified platform. Its AI-driven SAST engine provides highly accurate detections, while the AI autofix and Xygeni bot streamline remediation by generating secure fixes and automating workflows across our preferred AI models. The platform's unified dashboard gives us real-time visibility across code, pipelines, dependencies, infrastructure as code, and deployments. Its alert duplication, reachability analysis, and risk-based prioritization significantly reduce the noise. Developers benefit from the IDE plugin for in-context remediation and from the smart dependency upgrade analysis that identifies breaking changes before they affect builds. Combined with early malware warning for zero-day supply chain threats and seamless integration with GitHub, GitLab, Bitbucket, Jenkins, Azure DevOps, and others, Xygeni provides a comprehensive and developer-friendly approach to securing the entire software supply chain.

Since adopting Xygeni, I see some changes. Before implementing this product, our application security process felt scattered. We depended on a collection of separate tools to handle SAST, SCA, CI/CD pipeline security, secrets detection, and general vulnerability scanning. Each solution worked in isolation, which meant duplicated findings, inconsistent reporting, and a lot of wasted time trying to make sense of overlapping alerts. Managing all of this caused operational overhead and made it harder for both development and security teams to stay aligned. Adopting Xygeni changed that dynamic almost immediately. The platform brings every key component of software supply chain security into a single place: code, dependencies, infrastructure as code, pipelines, builds, and user activity. We finally have a unified view of what actually matters across the entire SDLC process. Instead of jumping between dashboards and reconciling results manually, everything is correlated and prioritized automatically.

One of the most impactful improvements has been the noise reduction. Xygeni's native detection and prioritization engine identifies what is reachable, exploitable, and relevant to our environment, cutting out the majority of unnecessary alerts. The AI-driven features extend this even further because AI-SAST significantly improves accuracy, AI autofix provides safe and context-aware fixes, and Xygeni bot automates remediation by working directly with our preferred AI models while keeping our data private. This has shifted our posture from reactive to proactive, giving teams more time to focus on high-value work instead of sorting through false positives.

From a workflow perspective, Xygeni has made collaboration at DevSecOps smoother. Developers can address issues directly in their IDE before committing code, and the dependency upgrade analysis helps teams avoid breaking changes when patching vulnerabilities. Security teams, meanwhile, gain real-time situational awareness from a single ASPM dashboard that correlates assets, users, findings, and posture. The overall effect is that both groups operate more efficiently and with a clearer, shared context. Xygeni has also strengthened our ability to defend against supply chain threats. Features including early malware warning and exploitability analysis help us catch emerging risks early, including zero-day malware and malicious packages at publication, with a gigantic ecosystem support through MSP and MCP. The platform also protects us from vulnerabilities introduced by AI-generated code, an increasingly important capability as more of our teams rely on coding assistance.

Xygeni was highly effective for us, but there are areas where improvements could be made. More customization options for dashboards and reports would help teams tailor the platform to their specific metrics and workflows. I also occasionally encounter DevOps tools that are not yet supported natively. Expanded coverage for niche or emerging tools would make onboarding even smoother. These points, however, are minor compared to the overall value the platform delivers, especially given the strength of its AI-driven detection, remediation, and supply chain protection capabilities.

It would also be an improvement for licensing with regard to on-premise variants. Perhaps we could have an on-premise option for standard subscription.

I have been using Xygeni for about three or four months.

Xygeni is really stable.

Its scalability is very great.

Customer support is also great and always responds to our requests.

Positive

I used SAST, SCA, and other solutions before switching to Xygeni.

I spend at least two times less time on review of our projects.

I would recommend considering this solution if you have a range and a massive number of applications and you need to provide information security for those applications. I can say this solution is very interesting among all ASPM vendors, so it definitely should be reviewed by many customers. I give this solution a rating of nine out of ten.

I use Xygeni to perform SAST and SCA analysis, and to gain better understanding of how my deployment pipelines are configured.

Xygeni helps me understand what I am deploying and the level of integration with production. It also helps me understand how my vulnerabilities are exposed to the internet. Xygeni provides a filtering mechanism that helps me prevent vulnerabilities and keep focus on which vulnerabilities are actually exploitable.

The best Xygeni feature is the ability to filter what is truly important. This really helps me focus on the key vulnerabilities in the software that I am building.

Xygeni filters information about whether a vulnerability is reachable, whether it is exposed to the internet, or whether it exists only in a niche microservice that is not exploitable. This helps me prioritize and establish a risk index that helps me direct my teams to work on meaningful actions to reduce risk.

I have fewer vulnerabilities in production and my time to patch has decreased.

Xygeni can be more automated. The team is currently working on auto-remediation pipelines, which could be really helpful.

There is probably room for improvement, but for me, it is one of the best tools available right now.

I have been using Xygeni for two years.

Xygeni has not presented any stability issues.

Xygeni is really integrated with the most common platforms like GitHub and GitLab. It also supports the most common languages.

As a SaaS solution, it is really scalable.

The customer service is excellent. For those of us based in Spain, the support is particularly strong.

I have used previous solutions, but I do not want to share what solution I used before.

Xygeni did not require complex initial setup.

I cannot share specific numbers. I do not have a concrete number to provide, but I have the general impression that we have improved our security at the software level.

The pricing is reasonable. Xygeni provided me with the pricing list that is already public on the web, so it is very clear.

I evaluated the most common options on the market, including Veracode and QRadar.

Xygeni is used to monitor and watch the status of applications with regard to information security.

For example, there is a project where a previous version of a codebase needs to be compared with the current version, and when libraries are updated, there can be threats and malware. Xygeni can provide information about supply chain security and vulnerabilities with standards of information security.

There are some applications, such as basic applications, and within Xygeni's user interface, the status of information security of these applications can be viewed.

The best features Xygeni offers are Exploitable and Reachability.

They stand out because they show which vulnerabilities should be worked on among thousands of vulnerabilities.

Also worth mentioning is the very extensive range of instruments that this platform has, including CI/CD security, infrastructure as code security, malware protection model, supply chain security, SAST, and SCA models.

Xygeni impacts the organization positively as it shows where there is a lack of information security.

Since using Xygeni, the time to review vulnerabilities has decreased.

Xygeni could be improved if on-premise options were available starting from the starter packages, not only the enterprise models.

For a perfect score, Xygeni would need to include a DAST model.

Xygeni has been used for about three to four months.

SAST, DAST, and SCA instruments were used before Xygeni, though the exact solutions cannot be specified. DevSecOps instruments were definitely used before.

With Xygeni, money is saved and time is saved, though the specific numbers of changes cannot be stated strictly.

The experience with pricing, setup cost, and licensing for Xygeni was great, as it suits the requests.

We use Xygeni to harden our CI/CD pipelines in Azure DevOps. Our software is mainly in Python, but we also use Javascript and Csharp.

Xygeni detects issues on our open-source third-party dependencies and shows them in an easy-to-use dashboard.

We also use Xygeni to analyze our code repositories. The scanner analyzes the repository configuration and the code within and detects potential security issues.

Finally, it is important for us to secure the DevOps configuration and our deployment pipelines in search of potential vulnerabilities.

Xygeni offers a powerful combination of features: 

• ASPM with its centralized view and prioritization


• Open-source security features help us identify and manage vulnerabilities in real time within our open-source dependencies. This proactive approach prevents security breaches that could originate from third-party code. 


• Secrets security, its secrets management features prevent accidental exposure of sensitive data, such as API keys or passwords, within our codebase. This eliminates a major security risk and protects our infrastructure from unauthorized access. 

Xygeni provides us with efficient security management without sacrificing operational speed. This empowers our team to build secure software with confidence and focus on core development activities.

The visibility of our open-source supply chain dependencies and real-time detection of vulnerabilities have been invaluable. 

The ease of integration and the efficiency of the prioritization process have saved us countless hours. It has a risk score for each project calculated on the basis of the issues discovered in the repository. It is easy to navigate and classify the issues that are more relevant to you.

Xygeni’s proactive analysis and notification of suspicious code give us peace of mind, ensuring our CI/CD processes are secure.

There should be more configuration options that make it easier to target the issues that are more important in your organization's context.

There are different kinds of scanners, each of them targeted at detecting certain issues. As expected, scanners are agnostic and classify issues according to sensible defaults. But those default risk levels may or may not be a priority in your context. The ability to have more configurable options in this sense is desirable.

The descriptions for the issues found can also be improved.

I have been using Xygeni for about one year.

At the moment, we have not found any problems using the tool.

There have been no issues so far. I'm not worried about that.

Customer service is great. Any problem you have is solved really fast. We do not remember waiting more than a couple of days maximum for a response.

Positive

We tested some open-source tools that can be integrated into our pipelines to detect different security issues in your code.

Xygeni offers a more holistic approach integrating the functionalities of many of them. The dashboards are better and the integration is easier. 

It was very easy. We had good support from Xygeni professionals in case there is a problem.

The setup is very easy. I highly recommend Xygeni to any organization looking to bolster its SDLC security.

We looked at open-source solutions. There are many. Bandit and Audit for Python for example. Microsoft also integrates some of these tools in Defender for DevOps Pipelines.