SECURITY
SECURITY
SECURITY
New Cycode solution prevents software supply chain attacks in CI/CD
DevOps security startup Cycode Ltd. today announced a new solution called Cimon designed to enhance the security of continuous integration and delivery or CI/CD to prevent software supply chain attacks such as those that targeted SolarWinds and Codecov.
Cycode argues that CI/CD pipelines lack visibility, making them a highly sensitive link in the software development lifecycle and that many organizations have thousands of unmonitored pipelines prone to supply chain attacks. Cimon is said to stop these attacks by using an extended Berkeley Packet Filter, a technology that can run sandboxed programs in an operating system’s kernel, to provide visibility into the build system that prevents malicious behavior.
Cimon inspects network connections, running processes and file modifications within the CI pipeline to learn standard behaviors. The knowledge allows the service to detect and prevent abnormalities, including real-time threats and zero-day or unpatched attacks.
The service’s key features include low effort and seamless integration, protecting users against all possible attacks. Instant threat detection in Cimon prevents attacks such as malicious package installation, typosquatting, repo jacking, dependency confusion, dependency hijacking and other dependency attacks.
Cimon is claimed to be developer-friendly and is easily integrated into popular CI/CD tools. The documentation requires minimal configuration and integration within the development environment, such as with GitHub.
The new service is being offered by Cycode free of charge.
“We offer free and easy integration with many CI/CD tools for organizations to secure their pipelines without delay time or errors,” explained Ronen Slavin, co-founder and chief technology officer of Cycode. “As Cimon saves time in vulnerability and threat response procedures, teams can implement and adopt security measures without worry of error or exhaustion.”
Based in Israel and founded in 2019, Cycode is a venture-capital-backed startup that has raised $80.6 million in funding, according to Crunchbase. The company’s last round of $56 million was raised in November 2021. Investors include Insight Partners Management LLC and YL Ventures GP Ltd.
Photo: Cycode
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
