May
11
2021
--

Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronen Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

Aug
19
2020
--

A pandemic and recession won’t stop Atlassian’s SaaS push

No company is completely insulated from the macroeconomic fallout of COVID-19, but we are seeing some companies fare better than others, especially those providing ways to collaborate online. Count Atlassian in that camp, as it provides a suite of tools focused on working smarter in a digital context.

At a time when many employees are working from home, Atlassian’s product approach sounds like a recipe for a smash hit. But in its latest earnings report, the company detailed slowing growth, not the acceleration we might expect. Looking ahead, it’s predicting more of the same — at least for the short term.

Part of the reason for that — beyond some small-business customers, hit by hard times, moving to its new free tier introduced last March — is the pain associated with moving customers off of older license revenue to more predictable subscription revenue. The company has shown that it is willing to sacrifice short-term growth to accelerate that transition.

We sat down with Atlassian CRO Cameron Deatsch to talk about some of the challenges his company is facing as it navigates through these crazy times. Deatsch pointed out that in spite of the turbulence, and the push to subscriptions, Atlassian is well-positioned with plenty of cash on hand and the ability to make strategic acquisitions when needed, while continuing to expand the recurring-revenue slice of its revenue pie.

The COVID-19 effect

Deatsch told us that Atlassian could not fully escape the pandemic’s impact on business, especially in April and May when many companies felt it. His company saw the biggest impact from smaller businesses, which cut back, moved to a free tier, or in some cases closed their doors. There was no getting away from the market chop that SMBs took during the early stages of COVID, and he said it had an impact on Atlassian’s new customer numbers.

Atlassian Q4FY2020 customer growth graph

Image Credits: Atlassian

Still, the company believes it will recover from the slow down in new customers, especially as it begins to convert a percentage of its new, free-tier users to paid users down the road. For this quarter it only translated into around 3000 new customers, but Deatsch didn’t seem concerned. “The customer numbers were off, but the overall financials were pretty strong coming out of [fiscal] Q4 if you looked at it. But also the number of people who are trying our products now because of the free tier is way up. We saw a step change when we launched free,” he said.

Jun
02
2020
--

Atlassian launches new DevOps features

Atlassian today launched a slew of DevOps-centric updates to a variety of its services, ranging from Bitbucket Cloud and Pipelines to Jira and others. While it’s quite a grab-bag of announcements, the overall idea behind them is to make it easier for teams to collaborate across functions as companies adopt DevOps as their development practice of choice.

“I’ve seen a lot of these tech companies go through their agile and DevOps transformations over the years,” Tiffany To, the head of agile and DevOps solutions at Atlassian told me. “Everyone wants the benefits of DevOps, but — we know it — it gets complicated when we mix these teams together, we add all these tools. As we’ve talked with a lot of our users, for them to succeed in DevOps, they actually need a lot more than just the toolset. They have to enable the teams. And so that’s what a lot of these features are focused on.”

As To stressed, the company also worked with several ecosystem partners, for example, to extend the automation features in Jira Software Cloud, which can now also be triggered by commits and pull requests in GitHub, GitLab and other code repositories that are integrated into Jira Software Cloud. “Now you get these really nice integrations for DevOps where we are enabling these developers to not spend time updating the issues,” To noted.

Indeed, a lot of the announcements focus on integrations with third-party tools. This, To said, is meant to allow Atlassian to meet developers where they are. If your code editor of choice is VS Code, for example, you can now try Atlassian’s now VS Code extension, which brings your task like from Jira Software Cloud to the editor, as well as a code review experience and CI/CD tracking from Bitbucket Pipelines.

Also new is the “Your Work” dashboard in Bitbucket Cloud, which can now show you all of your assigned Jira issues, as well as Code Insights in Bitbucket Cloud. Code Insights features integrations with Mabl for test automation, Sentry for monitoring and Snyk for finding security vulnerabilities. These integrations were built on top of an open API, so teams can build their own integrations, too.

“There’s a really important trend to shift left. How do we remove the bugs and the security issues earlier in that dev cycle, because it costs more to fix it later,” said To. “You need to move that whole detection process much earlier in the software lifecycle.”

Jira Service Desk Cloud is getting a new Risk Management Engine that can score the risk of changes and auto-approve low-risk ones, as well as a new change management view to streamline the approval process.

Finally, there is new Opsgenie and Bitbucket Cloud integration that centralizes alerts and promises to filter out the noise, as well as a nice incident investigation dashboard to help teams take a look at the last deployment that happened before the incident occurred.

“The reason why you need all these little features is that as you stitch together a very large number of tools […], there is just lots of these friction points,” said To. “And so there is this balance of, if you bought a single toolchain, all from one vendor, you would have fewer of these friction points, but then you don’t get to choose best of breed. Our mission is to enable you to pick the best tools because it’s not one-size-fits-all.”

Sep
05
2019
--

Atlassian launches free tiers for all its cloud products, extends premium pricing plan

At our TC Sessions: Enterprise event, Atlassian co-CEO Scott Farquhar today announced a number of updates to how the company will sell its cloud-based services. These include the launch of new premium plans for more of its products, as well as the addition of a free tier for all of the company’s services that didn’t already offer one. Atlassian now also offers discounted cloud pricing for academic institutions and nonprofit organizations.

The company previously announced its premium plans for Jira Software Cloud and Confluence Cloud. Now, it is adding Jira Service Desk to this lineup, and chances are it’ll add more of its services over time. The premium plan adds a 99.9% update SLA, unlimited storage and additional support. Until now, Atlassian sold these products solely based on the number of users, but didn’t offer a specific enterprise plan.

As Harsh Jawharkar, the head of go-to-market for Cloud Platform at Atlassian, told me, many of its larger customers, who often ran the company’s products on their own servers before, are now looking to move to the cloud and hand over to Atlassian the day-to-day operations of these services. That’s in part because they are more comfortable with the idea of moving to the cloud at this point — and because Atlassian probably knows how to run its own services better than anybody else. 

For these companies, Atlassian is also introducing a number of new features today. Those include soon-to-launch data residency controls for companies that need to ensure that their data stays in a certain geographic region, as well as the ability to run Jira and Confluence Cloud behind customized URLs that align with a company’s brand, which will launch in early access in 2020. Maybe more important, though, are features to Atlassian Access, the company’s command center that helps enterprises manage its cloud products. Access now supports single sign-on with Google Cloud Identity and Microsoft Active Directory Federation Services, for example. The company is also partnering with McAfee and Bitglass to offer additional advanced security features and launch a cross-product audit log. Enterprise admins will also soon get access to a new dashboard that will help them understand how Atlassian’s tools are being used across the organization.

But that’s not all. The company is also launching new tools to make customer migration to its cloud products easier, with initial support for Confluence and Jira support coming later this year. There’s also new extended cloud trial licenses, which a lot of customers have asked for, Jawharkar told me, because the relatively short trial periods the company previously offered weren’t quite long enough for companies to fully understand their needs.

This is a big slew of updates for Atlassian — maybe its biggest enterprise-centric release since the company’s launch. It has clearly reached a point where it had to start offering these enterprise features if it wanted to grow its market and bring more of these large companies on board. In its early days, Atlassian mostly grew by selling directly to teams within a company. These days, it has to focus a bit more on selling to executives as it tries to bring more enterprises on board — and those companies have very specific needs that the company didn’t have to address before. Today’s launches clearly show that it is now doing so — at least for its cloud-based products.

The company isn’t forgetting about other users either, though. It’ll still offer entry-level plans for smaller teams and it’s now adding free tiers to products like Jira Software, Confluence, Jira Service Desk and Jira Core. They’ll join Trello, Bitbucket and Opsgenie, which already feature free versions. Going forward, academic institutions will receive 50% off their cloud subscriptions and nonprofits will receive 75% off.

It’s obvious that Atlassian is putting a lot of emphasis on its cloud services. It’s not doing away with its self-hosted products anytime, but its focus is clearly elsewhere. The company itself started this process a few years ago and a lot of this work is now coming to fruition. As Anu Bharadwaj, the head of Cloud Platform at Atlassian, told me, this move to a fully cloud-native stack enabled many of today’s announcements, and she expects that it’ll bring a lot of new customers to its cloud-based services.  

Sep
19
2018
--

GitLab raises $100M

GitLab, the developer service that aims to offer a full lifecycle DevOps platform, today announced that it has raised a $100 million Series D funding round at a valuation of $1.1 billion. The round was led by Iconiq.

As GitLab CEO Sid Sijbrandij told me, this round, which brings the company’s total funding to $145.5 million, will help it enable its goal of reaching an IPO by November 2020.

According to Sijbrandij, GitLab’s original plan was to raise a new funding round at a valuation over $1 billion early next year. But since Iconiq came along with an offer that pretty much matched what the company set out to achieve in a few months anyway, the team decided to go ahead and raise the round now. Unsurprisingly, Microsoft’s acquisition of GitHub earlier this year helped to accelerate those plans, too.

“We weren’t planning on fundraising actually. I did block off some time in my calendar next year, starting from February 25th to do the next fundraise,” Sijbrandij said. “Our plan is to IPO in November of 2020 and we anticipated one more fundraise. I think in the current climate, where the macroeconomics are really good and GitHub got acquired, people are seeing that there’s one independent company, one startup left basically in this space. And we saw an opportunity to become best in class in a lot of categories.”

As Sijbrandij stressed, while most people still look at GitLab as a GitHub and Bitbucket competitor (and given the similarity in their names, who wouldn’t?), GitLab wants to be far more than that. It now offers products in nine categories and also sees itself as competing with the likes of VersionOne, Jira, Jenkins, Artifactory, Electric Cloud, Puppet, New Relic and BlackDuck.

“The biggest misunderstanding we’re seeing is that GitLab is an alternative to GitHub and we’ve grown beyond that,” he said. “We are now in nine categories all the way from planning to monitoring.”

Sijbrandij notes that there’s a billion-dollar player in every space that GitLab competes. “But we want to be better,” he said. “And that’s only possible because we are open core, so people co-create these products with us. That being said, there’s still a lot of work on our side, helping to get those contributions over the finish line, making sure performance and quality stay up, establish a consistent user interface. These are things that typically don’t come from the wider community and with this fundraise of $100 million, we will be able to make sure we can sustain that effort in all the different product categories.”

Given this focus, GitLab will invest most of the funding in its engineering efforts to build out its existing products but also to launch new ones. The company plans to launch new features like tracing and log aggregation, for example.

With this very public commitment to an IPO, GitLab is also signaling that it plans to stay independent. That’s very much Sijbrandij’s plan, at least, though he admitted that “there’s always a price” if somebody came along and wanted to acquire the company. He did note that he likes the transparency that comes with being a public company.

“We always managed to be more bullish about the company than the rest of the world,” he said. “But the rest of the world is starting to catch up. This fundraise is a statement that we now have the money to become a public company where we’re not we’re not interested in being acquired. That is what we’re setting out to do.”

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com