Cycode, a renowned application security platform, has announced the launch of its latest solution, Cimon, aimed at boosting the security of CI/CD pipelines. The solution is designed to prevent software supply chain attacks, similar to the ones that targeted SolarWinds and Codecov recently. By utilizing the innovative solution of eBPF (extended Berkeley Packet Filter), Cimon provides visibility into the build system within the pipeline, continually thwarting malicious behavior with minimal disruption.
The most sensitive link in the SDLC is CI/CD pipelines because they currently lack visibility. Many organizations have thousands of unprotected pipelines prone to supply chain attacks, making it essential to secure them. Cimon ensures the protection of CI pipelines and detects threats in real-time. This knowledge enables Cimon to detect and prevent abnormalities, including zero-day attacks.
“We offer free and easy integration with many CI/CD tools for organizations to secure their pipelines without delay time or errors,” said Ronen Slavin, co-founder and CTO of Cycode. “As Cimon saves time in vulnerability and threat response procedures, teams can implement and adopt security measures without concern of error or exhaustion.”
Cimon aims to fill the gap in the security of CI/CD pipelines that is typically created by a lack of visibility. The solution focuses on prevention and detection of CI attacks and offers low effort and seamless integration with most CI/CD tools. Cimon instantaneously detects and prevents attacks such as malicious package installation, typosquatting, repojacking, dependency confusion, dependency hijacking, and other dependency attacks.
The new solution is developer-friendly and easy to integrate with popular CI/CD tools, and its comprehensive documentation requires minimal configuration and integration with the development environment, such as GitHub. Cimon represents a new superhero for organizations’ CI/CD pipelines and is available free of charge. More information about Cycode and Cimon is available online.
Cycode’s modern approach to application security enables organizations to secure their cloud-native applications effectively. The Cycode platform makes AppSec tools better through its Knowledge Graph, which provides a complete context of the SDLC to improve accuracy and reduce mean-time-to-remediation (MTTR). Cycode merges the top eight AppSec tools into the industry’s most advanced and comprehensive AppSec platform. By correlating data across these tools, Cycode offers new capabilities, like Pipeline Composition Analysis, which identifies vulnerable dependencies and security issues missed by legacy tools like SCA and SAST across the entire SDLC. It pinpoints vulnerable dependency locations and prioritizes threats by exploitability.