DevOps security startup Cycode Ltd. today unveiled ConnectorX, an open, click-and-consume application security posture connector capability that features several cybersecurity solutions, as well as enhancements to its Risk Intelligence Graph for more intelligent, risk-based prioritization.

Launching with support for Wiz Inc. and Black Duck by Synopsys Inc., in addition to the more than 40 existing software development lifecycle integrations, ConnectorX provides companies with the choice to use Cycode’s native ASPM tools or maximize their investments in their existing AppSec tools. Using ConnectorX, companies can plug in any AppSec solution and gain accurate, real-time visibility into their security posture within minutes.

ConnectorX seeks to address conflicts between security and developer teams, creating what Cycode calls “AppSec Chaos.”

“Today, many organizations face hefty application security backlogs packed with mis-prioritized security findings and inadequate resources to address them while the application attack surface continues to expand,” said Jim Mercer, research vice president of DevOps and DevSecOps at IDC. “These organizations can improve visibility and agility across application security and the pipelines supporting those applications by using solutions such as the Cycode ASPM platform, which takes a multidimensional approach tracking the risk posture of the application.”

Enhancements to Cycode’s RIG, which leverages Cycode’s native security solutions and ConnectorX, provide complete code to cloud traceability and automate vulnerability discovery, prioritization and remediation. The release includes enhancements to the RIG’s risk scoring capabilities, a core component of its prioritization engine that bolsters its ability to hone in on the 1% of critical vulnerabilities that matter most to the enterprise.

With the two new announcements, Cycode notes, consolidation is now possible. With the Cycode Complete ASPM, companies can use Cycode’s native scanning solutions such as Static Application Security Testing, Sofware Composition Analysis, Infrastructure as Code and Secrets, or continue using their existing solutions. By being able to choose, companies can manage the burden, cost, inefficiencies and choices from developers of having too many siloed and vendor-locked security tools from code to cloud.

“We believe developer security is a team sport not just between security and development teams, but industry-wide,” Lior Levy, co-founder and chief executive officer of Cycode, said ahead of the announcement. “This belief fuels our research and development efforts and was core to our decision to create ConnectorX, which ensures companies can finally have the visibility always needed in a single platform.”

Based in Israel and founded in 2019, Cycode is a venture capital-backed startup that has raised $80.6 million in funding, including a round of $56 million in November 2021. Investors include Insight Partners Management LLC and YL Ventures GP Ltd.

Image: Cycode