Update README.md

README.md

@@ -6,9 +6,6 @@ These findings are **not** discoverable through SAST/code review tools like Semg
 
 The findings are also **not** discoverable through other Dynamic Application Security Testing (DAST) and API Security tools because the API is undocumented and those DAST tools do not understand how to communicate with the API. This affects roughly 80% of REST APIs, so roughly 80% of APIs are not testable with other DAST tools.
 
-> [!NOTE]
-> Disclaimer: We've created a product that can auto-document those APIs and test them with dynamic scanning to fill this gap. If you're interested in learning more, please reach out to me at kinnaird@nightvision.net. `</end advertisement>`
-
 ![Architecture](./docs/images/architecture.png)
 
 # Motivation
@@ -19,6 +16,28 @@ The Application Security industry as a subset is also heavily focused on SAST -
 
 _The **only** thing that matters is **exploitability**_. If a 3rd party package or SAST finding exists in your codebase, and it's not exploitable, does it matter? **No**. It doesn't.
 
+# Comparison
+
+> [!NOTE]
+> Disclaimer: We've created a product that can auto-document those APIs and test them with dynamic scanning to fill this gap. If you're interested in learning more, please reach out to me at kinnaird@nightvision.net. `</end advertisement>`
+
+| Category         | Tool                   | SQL Injection - Frontend API | SQLi - Backend API |
+|------------------|------------------------|------------------------------|--------------------|
+| Code-Aware DAST  | NightVision            | ✅                            | ✅                  |
+| SAST             | CodeQL                 | ✅                            | ❌                  |
+| SAST             | Coverity               | ❌                            | ❌                  |
+| SAST             | Semgrep                | ❌                            | ❌                  |
+| DAST             | Bright Security        | ❌                            | ❌                  |
+| DAST             | StackHawk              | ❌                            | ❌                  |
+| DAST             | ZAP OSS                | ❌                            | ❌                  |
+| Dependency Scans | Dependabot             | ❌                            | ❌                  |
+| Dependency Scans | Snyk                   | ❌                            | ❌                  |
+| Infra-as-Code    | Checkov                | ❌                            | ❌                  |
+| Infra-as-Code    | tfsec                  | ❌                            | ❌                  |
+| CSPM             | Palo Alto Prisma Cloud | ❌                            | ❌                  |
+| CSPM             | Prowler                | ❌                            | ❌                  |
+| CSPM             | Wiz                    | ❌                            | ❌                  |
+
 # Getting Started
 
 ## Local Setup