Cycode, the software supply chain security leader, announced that it has been named a 2022 Cool Vendor in Application Security: Protection for Cloud Native Applications by Gartner.
Cycode’s platform is the most complete software supply chain security solution providing visibility, security, and integrity across all phases of the software development life cycle (SDLC). Cycode integrates with DevOps tools and infrastructure providers, hardens their security postures by implementing consistent governance, and reduces the risk of breaches with a series of scanning engines that look for issues like hardcoded secrets, infrastructure as code misconfigurations, code leaks, and more.
Read More: SAS Viya On Microsoft Azure Can Deliver 204% Return On Investment According To Independent Study
According to Gartner, “attacks on the software supply chain have increased considerably, leading to loss of sensitive data and tampering with code prior to its release.” Gartner recommends to “harden the software delivery pipeline by configuring security controls in continuous integration/continuous delivery (CI/CD) tools, securing secrets, and signing code and container images.”1
Cycode’s core technology is a graph database called the Knowledge Graph. The Knowledge Graph structures and correlates data from the tools and phases of the SDLC. The Knowledge graph provides the context that traditional security tools lack and enables scanning tools to work better together on Cycode’s platform. For example, not just detecting hard coded secrets and detecting source code leaks, but determining when leaks contain secrets and whether exposed secrets are used in production or test. By first seeking to understand customers’ SDLCs the Knowledge Graph creates the context to connect seemingly disparate events and prioritize based on actual risk.
“The key to modern AppSec is centralizing and mapping events and metadata across the SDLC such that it becomes easy to determine when disparate activities add meaningful context to each other,” said Lior Levy, co-founder & CEO of Cycode. “With each new integration, our knowledge graph becomes smarter. Hence, one of our goals is to integrate with every software delivery and AppSec tool to determine how each dot is connected and when it’s relevant.”
Read More: SalesTechStar Interview with Debra Cancro, SVP of Data Products at Bigtincan
Cycode enables enterprise security, DevOps and engineering teams to:
- Enforce enterprise-wide policies across your SDLC to strengthen source control & CI/CD security
- Reduce code tampering risk by combining integrity verification, anomaly detection, critical code monitoring & governance
- Identify, block & remediate hard coded secrets across all phases of their SDLCs including code repositories, build logs, registries, containers and cloud environments
- Prevent cloud misconfigurations and apply security standards to Kubernetes, Terraform, CloudFormation
- Detect proprietary code leakage and identify suspicious behavior from developer accounts