SAN FRANCISCO, June 12, 2023 – Cycode, the leading application security platform, today announced the launch of Cimon, a seamless solution that enhances the security of CI/CD pipelines to prevent software supply chain attacks such as those that targeted SolarWinds and Codecov.
CI/CD pipelines currently lack visibility, making them the most sensitive link in the SDLC, and many organizations have thousands of unmonitored pipelines prone to supply chain attacks. Cimon stops these attacks by utilizing the innovative solution of eBPF (extended Berkeley Packet Filter), a technology that provides visibility into the build system, including thwarting malicious behavior, with minimal disruption.
With this visibility, Cimon can inspect - network connections, running processes and file modifications within the CI pipeline — to learn standard behaviors. This knowledge enables Cimon to detect and prevent abnormalities, including real-time threats and zero-day attacks.
"We offer free and easy integration with many CI/CD tools for organizations to secure their pipelines without delay time or errors," said Ronen Slavin, co-founder and CTO of Cycode. "As Cimon saves time in vulnerability and threat response procedures, teams can implement and adopt security measures without worry of error or exhaustion."
With Cimon, organizations can expect:
● Prevention of CI Attacks: With low effort and seamless integration, users remain protected against all possible attacks on the CI pipeline, including zero-day attacks
● Instant Threat Detection: Cimon prevents attacks such as malicious package installation, typosquatting, repojacking, dependency confusion, dependency hijacking and other dependency attacks
● Easy Integration: Cimon is developer friendly and is easily integrated with popular CI/CD tools, comprehensive documentation requiring minimal configuration and integration with the development environment, such as GitHub
Cycode's modern approach to application security enables organizations to effectively secure their cloud-native applications with cost-efficient use of tooling and staff across the SDLC. The Cycode platform makes AppSec tools better through its Knowledge Graph, which provides complete context of the SDLC to improve accuracy and reduce mean-time-to-remediation (MTTR). Cycode merges the top eight AppSec tools into the industry’s most advanced and comprehensive AppSec platform. By correlating data across these tools Cycode offers new capabilities, like Pipeline Composition Analysis which identifies vulnerable dependencies and security issues missed by legacy tools like SCA and SAST — across the entire SDLC; pinpoints vulnerable dependency locations; and prioritizes threats by exploitability.