May
11
2021
--

Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronen Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

Mar
18
2021
--

Seven months after Drone acquisition, Harness announces significant updates

The running line from any CEO of an acquired company is that the company can do so much more with resources of the company that acquired it than it could on its own. Just seven months after being acquired, Drone co-founder Brad Rydzewski says that his company really has benefited greatly from being part of Harness, and today the company announced a significant overhaul of the open-source project.

The artist formerly known as Drone is now called “Harness CI Community Edition” and Rydzewski says the Harness CEO and founder Jyoti Bansal kept his word when he said he was 100% committed to continue developing the open-source Drone product.

“Over the past seven months since the acquisition, a lot of community work has been around taking advantage of the resources that Harness has been able to afford us as a project — like having access to a designer, having access to professional writers — these are luxuries for most open-source projects,” Rydzewski told me.

He says that having access to these additional resources has enabled him to bring a higher level of polish to the project that just wouldn’t have been possible without joining Harness. At the same time, he says the CI team, which has grown from the project’s two co-founders to 15 people, has also been able to build out the professional CI tool as it has become part of the Harness toolset.

Chief among the updates to the community edition is a new sleeker interface that has a much more professional look and feel, according to Rydzewski. In addition, developers can see how projects move along the pipeline in a visualization tool, while benefiting from real-time debugging tools and new governance and security features.

All of this is an embarrassment of riches for Rydzewski, who was used to working on a shoestring budget prior to joining Harness. “Drone came from very humble beginnings as an open-source project, but now I think it can hold its own next to any product in the market today, even products that have raised hundreds of millions of dollars,” he said.


Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, product-market fit, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20% off tickets right here.

Oct
22
2020
--

Harness delivers enterprise continuous integration on heels of Drone.io acquisition

In August, Harness made its first acquisition when it bought open source continuous integration startup Drone.io. The company didn’t waste any time building on that purchase, announcing a new enterprise continuous integration tool today to go alongside the open source project Drone has been building.

The Harness software development platform consists of various modules and the latest one helps with continuous integration, which is the build and test process that happens before developers start deploying their code changes.

As Brad Rydzewski, co-founder at Drone.io, explained it at the time of the acquisition:

“Drone is a continuous integration software. It helps developers to continuously build, test and deploy their code. The project was started in 2012, and it was the first cloud-native, container-native continuous integration solution on the market, and we open sourced it.”

Bansal indicated at the time of the acquisition that he wanted to build on that open source project and provide an enterprise commercial version, while continuing to support the open source project.

“This is really the first product in the industry that is bringing AI and machine learning into optimizing the build and test process,” Bansal said. That intelligence layer is what separates it from the open source version of the software, and the idea is to use machine learning to speed up the building and testing process.

The company is also announcing a new module around managing feature flags. These are elements developers leave in the code to limit the roll out of software, allowing them to see how the update is performing before rolling it out to the user base at large. The problem is these as these flags proliferate, they become difficult to manage, and the new module is designed to help developers understand and control the flags that exist in their code.

Bansal says his goal for the company has been to put the kind of automated software delivery pipeline that’s in place at the world’s largest tech companies within reach of every developer.

“[Our goal] is that every company in the world can have the same level of software delivery sophistication as a Google or Amazon or Facebook,” Bansal said.

Bansal founded AppDynamics, a company he sold to Cisco in 2017 for $3.7 billion. He launched Harness later that same year. The company has raised almost $80 million on a valuation of $500 million, according to Pitchbook data.

Bansal also started the venture capital firm Unusual Ventures in 2018 and as though he doesn’t have enough to do, he launched his third startup Traceable, a security company, in July.

Dec
02
2019
--

CircleCI launches improved AWS support

For about a year now, continuous integration and delivery service CircleCI has offered Orbs, a way to easily reuse commands and integrations with third-party services. Unsurprisingly, some of the most popular Orbs focus on AWS, as that’s where most of the company’s developers are either testing their code or deploying it. Today, right in time for AWS’s annual re:Invent developer conference in Las Vegas, the company announced that it has now added Orb support for the AWS Serverless Application Model (SAM), which makes setting up automated CI/CD platforms for testing and deploying to AWS Lambda significantly easier.

In total, the company says, more than 11,000 organizations started using Orbs since it launched a year ago. Among the AWS-centric Orbs are those for building and updating images for the Amazon Elastic Container Services and the Elastic Container Service for Kubernetes (EKS), for example, as well as AWS CodeDeploy support, an Orb for installing and configuring the AWS command line interface, an Orb for working with the S3 storage service and more.

“We’re just seeing a momentum of more and more companies being ready to adopt [managed services like Lambda, ECS and EKS], so this became really the ideal time to do most of the work with the product team at AWS that manages their serverless ecosystem and to add in this capability to leverage that serverless application model and really have this out of the box CI/CD flow ready for users who wanted to start adding these into to Lambda,” CircleCI VP of business development Tom Trahan told me. “I think when Lambda was in its earlier days, a lot of people would use it and they would use it and not necessarily follow the same software patterns and delivery flow that they might have with their traditional software. As they put more and more into Lambda and are really putting a lot more what I would call ‘production quality code’ out there to leverage. They realize they do want to have that same software delivery capability and discipline for Lambda as well.”

Trahan stressed that he’s still talking about early adopters and companies that started out as cloud-native companies, but these days, this group includes a lot of traditional companies, as well, that are now rapidly going through their own digital transformations.

Sep
28
2009
--

Copy&Paste Detector Task for Phing

Hi,

I use the Hudson Continuous Integration system to build my Symfony projects (will write a blog series about this in the next few days). For that I created a new task  for the Phing build system. Sebastian Bergamann wrote a Copy&Paste Detector for PHP some time ago (PHPCPD). This small tool scans PHP sourcecode for duplications. You can use the Task in a Phing build file as shown in the following sample:

<phpcpd haltonerror="false">

  <fileset dir="${builddir}" id="filestocpd">

    <include name="apps/**/*.php" />

    <include name="lib/de/**/*.php" />

    <include name="lib/task/**/*.php" />

    <include name="lib/services/**/*.php" />

    <include name="lib/form/**/*.php" />

    <include name="lib/model/**/*.php" />

  </fileset>

  <formatter type="pmd" outfile="reports/pmd-cpd.xml"/>

</phpcpd>

The CPD task is incorporatated in the current Phing trunk. If you want to use it you need to checkout the Version2.4.0 RC at the moment. The PEAR Installer version doesn’t contain the Task at the moment.

Maybe this is useful for you too. Stay tuned for more informations on Symfony and Continuous integration

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com