Flying Eze and its trusted partners need your
permission to store and access cookies, unique identifiers, personal data, and information on your
browsing behaviour on this device. This only applies to Flying Eze. You don’t have to accept, and
you
can change your preferences at any time via the Privacy Options link at the bottom of this screen. If
you don’t accept, you may will still see some personalised ads and content.
Cookies, device identifiers, or other information can be stored or accessed on
your device for the purposes presented to you.
Ads and content can be personalised based on a profile. More data can be added
to better personalise ads and content. Ad and content performance can be
measured. Insights about audiences who saw the ads and content can be derived.
Data can be used to build or improve user experience, systems and software.
Precise geolocation and information about device characteristics can be used.
If you don’t want to accept, please select Read More option below where you can also see how and
why your data may be used. You can also see where we or our partners claim a legitimate interest and
object to the processing of your data.
Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investorYL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.
Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.
“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronin Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”
Cycode Dashboard. Image Credits: Cycode
The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.
“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.
“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”
What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.
“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”
The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.