Protection of cloud-native applications
SAN FRANCISCO, May 10, 2022 (GLOBE NEWSWIRE) — Cycodethe leader in software supply chain security, today announced that it has been named Cool Vendor 2022 in the Application Security: Protection for Cloud Native Applications category by Gartner.
Cycode’s platform is the most comprehensive software supply chain security solution, providing visibility, security and integrity across all phases of the software development lifecycle (SDLC). Cycode integrates with DevOps tools and infrastructure providers, strengthens their security postures by implementing consistent governance, and reduces the risk of breaches with a series of scanning engines that look for issues such as hard-coded secrets. hard, infrastructure as code misconfigurations, code leaks, etc.
According to Gartner, “Attacks against the software supply chain have increased dramatically, resulting in loss of sensitive data and tampering with code before it is released.” Gartner recommends “hardening the software delivery pipeline by configuring security controls in continuous integration/continuous delivery (CI/CD) tools, securing secrets, and signing container code and images.”1
Cycode’s core technology is a graph database called Knowledge Graph. The Knowledge Graph structures and correlates data from SDLC tools and phases. The Knowledge Graph provides the context that traditional security tools lack and enables analytics tools to work better together on Cycode’s platform. For example, not only detecting hard-coded secrets and detecting source code leaks, but also determining when leaks contain secrets and whether exposed secrets are used in production or testing. By first seeking to understand customer SDLCs, the Knowledge Graph creates the context to connect seemingly disparate events and prioritize based on actual risk.
“The key to modern AppSec is centralizing and mapping events and metadata into the SDLC so it becomes easy to determine when disparate activities add meaningful context to each other,” said Lior Levy, co-founder and CEO of Cycode. “With each new integration, our knowledge graph becomes smarter. Therefore, one of our goals is to integrate every software delivery and AppSec tool to determine how each dot is connected and when it is relevant.
Cycode enables enterprise security, DevOps and engineering teams to:
Apply enterprise-wide policies in your SDLC to enforce source control and CI/CD security
Reduce the risk of code tampering by combining integrity checking, anomaly detection, monitoring and governance of critical code
Identify, block, and remediate hard-coded secrets across all phases of their SDLCs, including code repositories, build logs, registries, containers, and cloud environments
Prevent cloud misconfigurations and enforce security standards in Kubernetes, Terraform, CloudFormation
Detect proprietary code leaks and identify suspicious behavior of developer accounts
To learn more about Cycode and the Gartner Cool Vendor Award, please read Cycode’s blog here.
Cycode is a comprehensive supply chain security software solution that provides visibility, security, and integrity across all phases of the SDLC. Cycode integrates with DevOps tools and infrastructure providers, strengthens their security postures by implementing consistent governance, and reduces the risk of breaches with a series of scanning engines that look for issues such as hard-coded secrets. hard, infrastructure as code misconfigurations, code leaks and more. Cycode’s Knowledge Graph tracks code integrity, user activity, and events in the SDLC to prioritize risk, find anomalies, and prevent code tampering.
 Gartner, Cool Vendors in Application Security: Protection of Cloud-Native Applications, Ravisha Chugh, Joerg Fritsch, Jeremy D’Hoinne, Mark Wah, April 12, 2022.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner Research and Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Montner Tech PR