Cider Security raises $38 million to secure software development environments
Cider Security, a startup that helps companies secure the systems they use to develop software, today exited stealth mode and revealed that it had raised $38 million in funding.
Tiger Global led the Series A investment. Cider Security will use its newly raised funding to accelerate its engineering efforts and establish more offices around the world. The startup, which launched in late 2020, says dozens of companies already rely on its platform to secure their software development environments.
In business, building an app involves more than just writing code. Once developers write a piece of code, they should test it to make sure there are no security holes or other issues. Next, they must deploy the software to their company’s production infrastructure, which can involve a significant number of steps.
The process of testing and deploying code was historically done manually by software teams. Today, many companies perform the process automatically using a complex set of software tools that often vary from company to company. This collection of software tools is known as the CI/CD pipeline, or continuous integration and deployment pipeline.
Tel Aviv-based Cider Security, incorporated as Cider Ltd., has developed a platform that helps companies protect their CI/CD pipelines from cyberattacks. An organization’s CI/CD pipeline is a target for hackers because it manages the source code for line-of-business applications. Access to a company’s source code potentially allows hackers to introduce security vulnerabilities into its technology environment, or find existing vulnerabilities and use them to launch cyberattacks.
Cider Security’s platform can analyze a company’s CI/CD pipeline to map all software tools included in the pipeline. Then the platform finds potential security vulnerabilities that could be used by hackers to access or modify code.
In some of the software tools that companies commonly use to create CI/CD pipelines, certain security settings are not enabled by default. Developers should modify the default settings to minimize the risk of a cyberattack. Cider Security detects if a software tool has an insecure configuration or another type of vulnerability and suggests ways to fix the problem.
Cider Security’s platform can find security issues not only in a CI/CD pipeline, but also in the software code it is used to develop. The startup’s platform provides access to a catalog of third-party code analysis tools capable of detecting various types of vulnerabilities, such as unpatched open source components. Cider Security aggregates the results of an organization’s code analysis tools into a centralized interface to help developers find and fix security issues more easily.
“By removing barriers to implementing protection — in essence, democratizing security for AppSec teams — we are changing processes that many considered cast in stone,” said Guy Flichter, co-founder and CEO. from Cider Security.