Cycode announced the expansion of its hardcoded secrets
detection in cloud-based workplaces, as well as a collaboration with
Azure DevOps pipelines to ensure end-to-end supply chain integrity and a
new IDE plug-in for seamless integration with VS Code.
Building
upon its existing code-to-cloud coverage, Cycode now extends its
secrets scanning capabilities to encompass Confluence, AWS S3 buckets
and Azure environments. This expansion empowers organizations to
proactively identify and remediate hidden security risks by detecting
hardcoded secrets across diverse platforms that go beyond code.
"Hardcoded
secrets are a ticking time bomb, but Cycode can help defuse it," said
Ronen Slavin, co-founder and CTO of Cycode. "The proliferation of tools
and technologies that developers use increases the risk of hardcoded
secrets, spanning from code repos to the entire supply chain. For
example, secrets can be stored in Confluence, AWS S3 buckets and Azure
environments. By expanding its secrets scanning capabilities to include
these tools and environments, Cycode helps organizations achieve full
coverage and reduce the risk of data breaches. Security teams and
developers need to collaborate to guarantee proper protection, and
Cycode's expanded secrets scanning capabilities can help them to do just
that."
In addition to the expansion of cloud-based workspaces, Cycode's Cimon, a free CI monitoring solution to secure CI/CD pipelines, now operates with Azure DevOps pipelines to enable SLSA
(Supply Chain Levels for Software Artifacts) attestation generation.
Organizations using Azure DevOps can now enhance their pipeline security
by automatically generating SLSA attestations, ensuring end-to-end
supply chain visibility and integrity.
Cimon's robust
capabilities combined with Azure DevOps empower development teams to
build and deploy software with greater confidence, proactively
addressing potential supply chain vulnerabilities and mitigating risks
in today's evolving threat landscape.
Another milestone in
Cycode's commitment to delivering a security-first, developer-friendly
experience is the new IDE Plug-in for Visual Studio Code (VS Code). By
seamlessly integrating with one of the most popular integrated
development environments, Cycode empowers developers to identify and
address security vulnerabilities directly within their coding
environment.
With this plug-in, developers can establish robust
security practices from the earliest stage of development by proactively
detecting and remediating hardcoded secrets. The IDE plug-in for VS
Code bridges the gap between security and development, enabling teams to
build secure applications without compromising productivity and without
context switching.