Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.
Securing the software supply chain is one of the security industry’s top priorities at the moment. Since President Biden’s Executive Order on Improving the Nation’s Cybersecurity in 2021, vendors of all sizes have begun to invest in improving the open source software ecosystem.
One of the challenges of securing software development is ensuring that developers have the automated capabilities necessary to assess the security of code before they push it live.
Providers like DevSecOps automation platform BoostSecurity, which announced it has raised $8.5 million as part of a funding round led by Sorenson Capital, enable developers to identify vulnerabilities and misconfiguration in their code, so they can optimize the CI/CD pipeline without putting the software supply chain at risk.
Automating vulnerability discovery
The announcement comes as many organizations are continuing to ship insecure software components, with research showing that 50% of apps have security vulnerabilities.
Event
Intelligent Security Summit
Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.
By providing developers with a solution to automatically identify vulnerabilities and misconfigurations, BoostSecurity is designed to help verify the integrity of the software supply chain.
“BoostSecurity helps customers easily and rapidly transform their existing software supply chains into more secure software supply chains,” said founder and CEO at BoostSecurity, Zaid Al Hamami.
“It does so by injecting the right security technologies at the various layers in the technology stack, implementing the various necessary workflows for dealing with security issues as they emerge daily, and providing security champions and teams the control and visibility they need to ensure that the software supply chain is indeed secure,” Hamami said.
Hamami also notes that the solution directly addresses weaknesses in the software chain itself, identifying vulnerabilities in Development, Build, Test, and Release infrastructure so that developers can harden the software development lifecycle against potential threats.
Solutions securing the software development lifecycle
However, BoostSecurity isn’t the only provider aiming to secure the software development lifecycle. Competitors like Legit Security, confront this challenge with an SaaS-based solution that provides risk scoring for vulnerabilities across CI/CD pipelines, code, and SDLC systems.
Legit Security’s solution offers the ability to automatically discover SDLC assets, dependencies, and pipeline flows and most recently raised $30 million as part of a Series A funding round.
Another competitor is Apiiro, which offers its own CI/CD security platform, designed to visualize the software development lifecycle. Through a single risk graph, users can monitor application components, developer identities, and pipelines to view a map of their entire attack surface, while scanning code with AI to identify potential risks.
Apiiro most recently raised $100 million as part of a Series B funding round.
One of the key differentiators between BoostSecurity and other competitors, is its focus on the developer experience.
“The developer does not have to create new accounts, login to portals, use an IDE plugin, or run a tool locally. They continue to work the way they did in the past. With BoostSecurity, they can expect to get relevant information in a timely manner, with very low false positives, and easily understandable, actionable documentation,” Hamami said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.
