Israel-based Spectral Inc., maker of a developer-friendly code security scanner, is exiting stealth mode today armed with $6.2 million from a seed funding round led by Amiti and MizMaa.

Spectral has built a DevSecOps tool that can be used to scan for mistakes such as misconfigurations or API keys and passwords that have been accidentally left behind in a company’s software codebase. Spectral uses what it says is the world’s first hybrid engine that combines hundreds of detectors with artificial intelligence to seek out, prioritize and then block these kinds of mistakes, which can be extremely costly to enterprises if they’re exploited by bad actors.

The company says that in today’s rapidly moving technology world, developers are under growing pressure to produce more software and do it faster than before. When that happens, mistakes will happen, so developers need an easy way to ensure that their code is kept secure so they’re not exposing things such as access credentials inside software repositories or cloud services.

Spectral works by scanning code inside a software repository for these kinds of errors. It’s compatible with any programming language, and it can be used to audit existing codebases and also provide active protection in real-time. When a mistake is detected, it is immediately flagged so developers can take action to fix it.

What’s more, Spectral claims that its tool works extremely quickly too, capable of scanning “an average-sized repository” in “a matter of seconds.”

Spectral co-founder and Chief Executive Dotan Nahum told SiliconANGLE that in comparison, existing scanning tools typically take long minutes, or even hours in some cases, to run. He said most developers don’t have that kind of time.

Moreover, he said, many don’t have the funds to pay for such long scans either, as the continuous integration development platforms they use are often priced on a “metering by the minute.” More time scanning code means more money spent on those CI platforms, he explained.

“When a solution is very slow, it becomes costly for the end user,” Nahum said. “One of Spectral’s values is to ensure a lightning-fast analysis and scan so it never becomes an issue for the end user in their CI systems.”

Besides scanning code repositories, Spectral can also search for mistakes in other sources used by developers, such as Slack channels, npm and logs that are often forgotten about when companies consider their active threat models.

“We observe that with so many tech stacks, SaaS vendors and integrations, mistakes in private repositories end up appearing in public repos too,” Nahum explained. “It’s these things, the things you don’t know that you don’t know about, that really keep you up at night.”

Analyst Holger Mueller of Constellation Research Inc. said Spectral’s tool looks very promisin, since code scanning has always been a tedious and time consuming task.

“What with it being 2021, Spectral is of course using AI to enhance its tool and make it faster and more efficient,” he said. “It’s good to see more options in DevOps security, but like all new products, company executives will want to see more validation with customers.”

That may come soon, since Spectral’s tool is now generally available. What’s more, Spectral is planning to add even more capabilities soon.

“Next up in our product roadmap is building more integrations for touch points throughout the software development lifecycle, such as scanning live containers, to make sure nothing falls between the cracks,” Nahum said. “We will also build more workflow integrations to make fixing issues easy and simple.”

Image: Spectral