Hardening the software program provide chain, BoostSecurity raises $8.5M

Securing the software program provide chain is likely one of the safety trade’s high priorities for the time being. Since President Biden’s Government Order on Enhancing the Nation’s Cybersecurity in 2021, distributors of all sizes have begun to spend money on bettering the open supply software program ecosystem. 

One of many challenges of securing software program growth is making certain that builders have the automated capabilities essential to assess the safety of code earlier than they push it reside. 

Suppliers like DevSecOps automation platform BoostSecurity, which introduced it has raised $8.5 million as a part of a funding spherical led by Sorenson Capital, allow builders to determine vulnerabilities and misconfiguration of their code, to allow them to optimize the CI/CD pipeline with out placing the software program provide chain in danger. 

Automating vulnerability discovery 

The announcement comes as many organizations are persevering with to ship insecure software program parts, with analysis exhibiting that fifty% of apps have safety vulnerabilities. 

By offering builders with an answer to mechanically determine vulnerabilities and misconfigurations, BoostSecurity is designed to assist confirm the integrity of the software program provide chain. 

“BoostSecurity helps clients simply and quickly remodel their present software program provide chains into safer software program provide chains,” stated founder and CEO at BoostSecurity, Zaid Al Hamami. 

“It does so by injecting the correct safety applied sciences on the numerous layers within the know-how stack, implementing the assorted vital workflows for coping with safety points as they emerge day by day, and offering safety champions and groups the management and visibility they want to make sure that the software program provide chain is certainly safe,” Hamami stated. 

Hamami additionally notes that the answer instantly addresses weaknesses within the software program chain itself, figuring out vulnerabilities in Improvement, Construct, Take a look at, and Launch infrastructure in order that builders can harden the software program growth lifecycle in opposition to potential threats. 

Options securing the software program growth lifecycle

Nonetheless, BoostSecurity isn’t the one supplier aiming to safe the software program growth lifecycle. Opponents like Legit Safety, confront this problem with an  SaaS-based answer that gives threat scoring for vulnerabilities throughout CI/CD pipelines, code, and SDLC techniques. 

Legit Safety’s answer affords the flexibility to mechanically uncover SDLC property, dependencies, and pipeline flows and most just lately raised $30 million as a part of a Collection A funding spherical. 

One other competitor is Apiiro, which affords its personal CI/CD safety platform, designed to visualise the software program growth lifecycle. By way of a single threat graph, customers can monitor utility parts, developer identities, and pipelines to view a map of their complete assault floor, whereas scanning code with AI to determine potential dangers. 

Apiiro most just lately raised $100 million as a part of a Collection B funding spherical. 

One of many key differentiators between BoostSecurity and different rivals, is its deal with the developer expertise. 

“The developer doesn’t should create new accounts, login to portals, use an IDE plugin, or run a software regionally. They proceed to work the way in which they did previously. With BoostSecurity, they’ll anticipate to get related data in a well timed method, with very low false positives, and simply comprehensible, actionable documentation,” Hamami stated.