Cycode raises $20M to secure DevOps pipelines – TechCrunch

Israeli security startup Cycode, which specializes in helping companies secure their DevOps pipelines and prevent code tampering, announced today that it has received a Series A funding round of Has launched $ 20 million. Seed investor YL Ventures also participated in this round, bringing the company’s total funding to $ 24.6 million.

In its beginnings, Cycode concentrated exclusively on securing the source code. Thanks to the introduction of the infrastructure as code (IaC), the guidelines as code and similar processes, the scope of Cycode has been expanded. In this context, it should be noted that the Cycode tools are language and application-independent. To his tools, code is code.

“That all-as-code term offers an opportunity as the code repositories become a single source of truth about what the operation should look like and how everything should work,” said Cycode CTO and co-founder Ronin Slavin. “When we look at this and understand it, the next stage is to see if it really is. Then if anything is different, you should probably look at it and investigate.”

Cycode dashboard. Image credit: Cycode

The company’s service already provides the tools to manage code governance, leak detection, secret identification and access management. Recently, functionality was added to secure code that defines an organization’s infrastructure. Looking ahead, the team plans to add features like drift detection, integrity monitoring, and alert prioritization.

“Cycode is here to protect the entire CI / CD pipeline – development infrastructure – from end to end, from code to cloud,” said Lior Levy, CEO and co-founder of Cycode.

“If we look at the landscape today, we can say that just like the previous stages of DevOps, the solutions out there are kind of isolated,” said Levy. “They don’t really see the big picture, they don’t look at the pipeline from a holistic perspective. This essentially leads to them generating thousands of alerts, compounding the problem even further as not only are you not getting a holistic view, but the level of noise emanating from those thousands of alerts takes a lot of valuable time to waste with tracking down some irrelevant topics. “

Cycode would then like to dissolve these silos and integrate the relevant data from the CI / CD infrastructure of a company, starting with the source code itself, whereby the company can ideally anticipate problems early in the software life cycle. To do this, Cycode can pull data from services like GitHub, GitLab, Bitbucket, and Jenkins (among others) and search for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI / CD tools like GitHub, Jenkins and AWS is a loophole for virtually any business,” said Jon Rosenbaum, principal at Insight Partners who will join Cycode’s board of directors. “Cycode secures CI / CD pipelines in an elegant, developer-centric way. This puts the company at the forefront of the next generation of application security companies – companies that are rapidly expanding the market with solutions that secure every version without sacrificing speed. “

The company plans to use the new funds to accelerate its research and development efforts and expand its sales and marketing teams. Levy and Slavin anticipate that the company will grow to around 65 employees this year, divided between the development team in Israel and sales and marketing activities in the USA

Leave a Comment