Cider Security, a startup helping companies secure the systems they use to develop software, today exited stealth mode and disclosed that it has raised $38 million in funding.

Tiger Global led the Series A investment. Cider Security will use its newly raised funding to accelerate its engineering efforts and establish more offices worldwide. The startup, which launched in late 2020, says dozens of companies already rely on its platform to secure their software development environments.

In the enterprise, creating an application involves more than just writing code. After developers write a piece of code, they have to test it to ensure that there are no security vulnerabilities or other issues. Then, they have to deploy the software to their company’s production infrastructure, which can involve a significant number of steps.

The process of testing and deploying code was historically performed manually by software teams. Today, many enterprises carry out the process automatically using a complex collection of software tools that often varies from company to company. This collection of software tools is known as a CI/CD, or continuous integration and continuous deployment, pipeline.

Tel Aviv-based Cider Security, incorporated as Cider Ltd., has developed a platform that helps companies protect their CI/CD pipelines from cyberattacks. An organization’s CI/CD pipeline is a target for hackers because it manages the source code for business applications. Gaining access to a company’s source code potentially allows hackers to introduce security vulnerabilities into its technology environment, or find existing vulnerabilities and use them to launch cyberattacks.

Cider Security’s platform can scan a company’s CI/CD pipeline to map out all the software tools that the pipeline includes. Then, the platform finds potential security vulnerabilities that could be used by hackers to access or modify code.

In some of the software tools that companies commonly use to build CI/CD pipelines, certain security settings are not enabled by default. Developers must change the default settings to minimize the risk of a cyberattack. Cider Security detects if a software tool has an insecure configuration or another type of vulnerability and suggests ways to remediate the issue. 

Cider Security’s platform can find security issues not only in a CI/CD pipeline, but also the software code that it’s used to develop. The startup’s platform provides access to a catalog of third-party code scanning tools that are capable of detecting various types of vulnerabilities, such as unpatched open-source components. Cider Security aggregates results from a company’s code scanning tools in a centralized interface to help developers more easily find and fix security issues.

“By removing the barriers to implementing protection – in essence, democratizing security for AppSec teams – we are changing processes that many felt were set in stone,” said Cider Security co-founder and Chief Executive Officer Guy Flechter.

Image: Unsplash