DevOps security startup Cycode Ltd. today announced a new solution called Cimon designed to enhance the security of continuous integration and delivery or CI/CD to prevent software supply chain attacks such as those that targeted SolarWinds and Codecov.

Cycode argues that CI/CD pipelines lack visibility, making them a highly sensitive link in the software development lifecycle and that many organizations have thousands of unmonitored pipelines prone to supply chain attacks. Cimon is said to stop these attacks by using an extended Berkeley Packet Filter, a technology that can run sandboxed programs in an operating system’s kernel, to provide visibility into the build system that prevents malicious behavior.

Cimon inspects network connections, running processes and file modifications within the CI pipeline to learn standard behaviors. The knowledge allows the service to detect and prevent abnormalities, including real-time threats and zero-day or unpatched attacks.

The service’s key features include low effort and seamless integration, protecting users against all possible attacks. Instant threat detection in Cimon prevents attacks such as malicious package installation, typosquatting, repo jacking, dependency confusion, dependency hijacking and other dependency attacks.

Cimon is claimed to be developer-friendly and is easily integrated into popular CI/CD tools. The documentation requires minimal configuration and integration within the development environment, such as with GitHub.

The new service is being offered by Cycode free of charge.

“We offer free and easy integration with many CI/CD tools for organizations to secure their pipelines without delay time or errors,” explained Ronen Slavin, co-founder and chief technology officer of Cycode. “As Cimon saves time in vulnerability and threat response procedures, teams can implement and adopt security measures without worry of error or exhaustion.”

Based in Israel and founded in 2019, Cycode is a venture-capital-backed startup that has raised $80.6 million in funding, according to Crunchbase. The company’s last round of $56 million was raised in November 2021. Investors include Insight Partners Management LLC and YL Ventures GP Ltd.

Photo: Cycode