Highlights:
- The essential attributes of the service include minimum efforts and seamless integration, safeguarding consumers from any potential threats.
- Cimon is advertised as developer-friendly and integrates quickly with well-known CI/CD technologies.
Cycode Ltd., a DevOps security startup, unveiled Cimon, the latest solution to strengthen the security of continuous integration and delivery (CI/CD) for safeguarding susceptibilities in supply chain attacks similar to those that breached Codecov and SolarWinds.
According to Cycode, many organizations have thousands of unmonitored CI/CD pipelines vulnerable to supply chain attacks because they lack visibility, making them a sensitive component in the software development lifecycle. Cimon is believed to thwart these attacks by employing an expanded Berkeley Packet Filter. This technology enables the execution of sandboxed software within the kernel of an operating system to give users visibility into the build system and prevent malicious activities.
To identify common behaviors, Cimon examines the CI pipeline’s network connections, active processes, and file updates. The knowledge enables the service to locate and stop anomalies, such as real-time threats and unpatched or zero-day attacks.
The essential attributes of the service include minimum efforts and seamless integration, safeguarding consumers from any potential threats. Attacks, including malicious package installation, dependency hijacking, repo jacking, typosquatting, dependency confusion, and other dependency breaches, are prevented by Cimon’s instant threat detection.
Cimon is advertised as a developer-friendly solution that quickly integrates with well-known CI/CD technologies. The documentation only needs to be minimally integrated and configured within the development environment, like GitHub. Besides, Cycode is providing the new service free of cost.
Ronen Slavin, Chief Technology Officer and Co-founder of Cycode, said, “We offer free and easy integration with many CI/CD tools for organizations to secure their pipelines without delay time or errors. As Cimon saves time in vulnerability and threat response procedures, teams can implement and adopt security measures without worry of error or exhaustion.”
Israel-based Cycode, established in 2019, has been a venture-capital-supported startup that raised USD 80.6 million in funding. The company’s last funding round, worth USD 56 million, took place in November 2021, with YL Ventures GP Ltd and Insight Partners Management LLC as participating investors.