SAN FRANCISCO, May 10, 2022 (GLOBE NEWSWIRE) — Cycode, the software supply chain security leader, today announced that it has been named a 2022 Cool Vendor in Application Security: Protection for Cloud Native Applications by Gartner.
Cycode’s platform is the most complete software supply chain security solution providing visibility, security, and integrity across all phases of the software development life cycle (SDLC). Cycode integrates with DevOps tools and infrastructure providers, hardens their security postures by implementing consistent governance, and reduces the risk of breaches with a series of scanning engines that look for issues like hardcoded secrets, infrastructure as code misconfigurations, code leaks, and more.
According to Gartner, “attacks on the software supply chain have increased considerably, leading to loss of sensitive data and tampering with code prior to its release.” Gartner recommends to “harden the software delivery pipeline by configuring security controls in continuous integration/continuous delivery (CI/CD) tools, securing secrets, and signing code and container images.”1
Cycode’s core technology is a graph database called the Knowledge Graph. The Knowledge Graph structures and correlates data from the tools and phases of the SDLC. The Knowledge graph provides the context that traditional security tools lack and enables scanning tools to work better together on Cycode’s platform. For example, not just detecting hard coded secrets and detecting source code leaks, but determining when leaks contain secrets and whether exposed secrets are used in production or test. By first seeking to understand customers’ SDLCs the Knowledge Graph creates the context to connect seemingly disparate events and prioritize based on actual risk.
“The key to modern AppSec is centralizing and mapping events and metadata across the SDLC such that it becomes easy to determine when disparate activities add meaningful context to each other,” said Lior Levy, co-founder & CEO of Cycode. “With each new integration, our knowledge graph becomes smarter. Hence, one of our goals is to integrate with every software delivery and AppSec tool to determine how each dot is connected and when it’s relevant.”
Cycode enables enterprise security, DevOps and engineering teams to:
- Enforce enterprise-wide policies across your SDLC to strengthen source control & CI/CD security
- Reduce code tampering risk by combining integrity verification, anomaly detection, critical code monitoring & governance
- Identify, block & remediate hard coded secrets across all phases of their SDLCs including code repositories, build logs, registries, containers and cloud environments
- Prevent cloud misconfigurations and apply security standards to Kubernetes, Terraform, CloudFormation
- Detect proprietary code leakage and identify suspicious behavior from developer accounts
To learn more about Cycode and Gartner’s Cool Vendor award please read Cycode’s blog here.
Cycode is a complete software supply chain security solution that provides visibility, security, and integrity across all phases of the SDLC. Cycode integrates with DevOps tools and infrastructure providers, hardens their security postures by implementing consistent governance, and reduces the risk of breaches with a series of scanning engines that look for issues like hardcoded secrets, infrastructure as code misconfigurations, code leaks and more. Cycode’s knowledge graph tracks code integrity, user activity, and events across the SDLC to prioritize risk, find anomalies, and prevent code tampering.
 Gartner, Cool Vendors in Application Security: Protection of Cloud-Native Applications, Ravisha Chugh, Joerg Fritsch, Jeremy D’Hoinne, Mark Wah, 12 April 2022.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of the Gartner Research and Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.