Israeli DevOps security startup Cycode Ltd. announced today it has raised $20 million in new funding to expand sales and marketing efforts and build out its enterprise DevOps tools.

The Series A round was led by Insight Partners and included YL Ventures. Including the new funding, Cycode has raised $25 million to date.

Founded in 2019 and launched out of stealth mode the same year, Cycode offers a source code control, detection and response solution designed for visibility and protection across code repositories. The company’s Source Path Intelligence engine delivers comprehensive visibility into all code and automatically detects and responds to anomalies in its access, movement and usage, Cycode says.

The solution is aimed at tackling security processes in the software development lifecycle that have become faster and more automated, resulting in application security processes getting lower priority in favor of feature velocity. Cycode argues that many of the new tools that drive the automation and efficiency in application development have opened up new attack surfaces and created new security challenges, noting that the adoption of “everything as code” means attacks no longer have to start in production.

In development, gaining access to source control management systems enables code tampering, finding passwords to critical systems and modifying cloud configurations through code to allow unauthorized access.

“Modernizing the SDLC has created new security gaps that attackers are readily exploiting,” Ronen Slavin, co-founder and chief technology officer of Cycode, said in a statement. “Recent supply chain attacks like SolarWinds and Codecov, major source code leaks from Microsoft and Nissan, and attacks targeting developers like Sawfish and XcodeSpy demonstrate that the battlefield is already shifting.”

Cycode provides workflows to automate remediation with customers able to seamlessly integrate remediation into their developers’ workflows via pre-built integrations with pull requests, alerting and ticketing systems.

Recent new Cycode customers include Grubhub Inc., Databricks Inc., Flexport Inc., Rapyd Financial Network (2016) Ltd., Copart Inc. and The Cobalt Co.

Along with the funding announcement, Cycode also announced the launch of its knowledge graph to derive security insights from the rapidly increasing volumes of data and alerts that are overwhelming security teams.

Using agentless architecture, Cycode collects asset information and user activity from DevOps tools, infrastructure and security scanners, which is then mapped in its knowledge graph. The knowledge graph creates contextual insights, helps prioritize remediation, reduces false positives and ensures the integrity of the pipeline to prevent code tampering incidents, such as the breaches at SolarWinds and Codecov.

Image: Cycode