Application security testing firm Checkmarx Ltd. has acquired open-source supply chain security startup Dustico Ltd. for an undisclosed price.

Founded in 2020, Dustico offers a platform for code packages behavioral analysis and detection of open-source software supply chain attacks. The technology is built to go beyond traditional source vulnerability analysis and look at the behavior and reputation of open source packages.

The company’s platform uses a three-pronged approach to open-source code vulnerability analysis. The solution factors in trust to provide visibility into the credibility of package providers and individual contributors in the open-source community. Secondly, the platform assesses the health of packages to determine their update cadence and level of maintenance. Finally, Dustico applies an advanced behavioral analysis engine to inspect the package to look for attacks hiding within, such as backdoors, ransomware, multi-stage attacks and Trojans.

Key features of Dustico’s platform included advanced machine learning and threat intelligence to automatically detect abnormal behaviors in code packages; ahead-of-time analytics that fetches packages for analysis as soon as they are published online; and a developer-first approach.

The technology will be integrated with vulnerability results from Checkmarx’s AST solutions to give organizations and developers a unified and effective approach for managing the risks associated with open source and the supply chains dependent on them.

“Today’s adversaries have zoned-in on software supply chains – many of which rely heavily on open source,” Maty Siman, chief technology officer of Checkmarx, said in a statement. “As the threat of tampering in third-party packages increases, development teams must operate with the proactive assumption that all code may have been maliciously manipulated.”

Dustico had not raised any venture capital funding before its acquisition. According to Startup Nation Central, the company is described as being bootstrapped since it was founded.

Checkmarx has raised $92 million in venture capital in the past. A listing on Crunchbase reports that investors in the company include Insight Partners, XT Investments, Salesforce Ventures, K1 Investment Management and Ofer Hi-Tech.

Photo: Dustico