GitLab has acquired a pair of startups as the DevOps giant doubles down on security support for development teams. While GitLab is perhaps better known for its GitHub-like collaborative code-hosting platform, the San Francisco-based company has been pushing deeper into the developer workflow, covering all facets of development, deployment, monitoring, and security.
The premise behind DevSecOps (developer security operations) is that developers should consider security a fundamental part of software development from the get-go, rather than building a product and then stress-testing it just before it ships. This process requires developer and security teams to work closely together.
GitLab has snapped up Peach Tech, a Seattle-based startup that specializes in software security testing. More specifically, Peach Tech offers a fuzz testing — or “fuzzing” — product that automatically throws invalid or random data at a computer program before it’s deployed to see how it reacts. This can help developers find bugs and other flaws that could be exploited by bad actors. The company also offers an automated DAST API security testing tool that enables companies to test their APIs against the OWASP Top-10 security risks. Additionally, GitLab has bought Tel Aviv-based Fuzzit, which offers a fuzzing service similar to Peach Tech’s. It’s all about “finding bugs and vulnerabilities before the bad guys do,” as the Israeli startup puts it.
Terms of the deals were not disclosed, but David DeSanto, director of product at GitLab’s Secure and Defend unit, confirmed that the Fuzzit and Peach Tech teams — including the founders — will join GitLab, and both startups’ standalone services will be wound down.
It’s also worth noting that the recent surge in remote work due to the COVID-19 crisis has cast a spotlight on cybersecurity, with officials from the U.S. and U.K. recently issuing warnings about the increased risk of hacking due to insecure machines on home networks.
“There is definitely a correlation between the global impact of COVID-19 and the need to implement security best practices,” DeSanto told VentureBeat. “As more organizations transition to remote work, both IT operations and security teams need to evaluate how developers access company resources securely. There is a need to evaluate principles like zero-trust and multi-factor authentication to enable your organization to securely work [remotely]. Furthermore, there has been a push to use more SaaS platforms, like GitLab, which support these principles.”
DevSecOps
GitLab has offered features aimed at security personnel for several years, and its dedicated security dashboard gives companies an overview of the various vulnerabilities across their projects and allows them to drill down into each one. With the launch of GitLab 12.0 last year, the company was ready to truly position itself as the platform for developer security teams.
Above: GitLab security dashboard
While Fuzz testing is an entirely new product offering for GitLab, the company does currently offer its own DAST API testing tool. Over the next six months, however, GitLab will replace its existing DAST API functionality with Peach Tech’s incarnation.
GitLab had made three known acquisitions before now, the last one back in 2018 when it procured Canadian cybersecurity startup Gemnasium, a platform that enables developers to address security vulnerabilities in open source code. The latest acquisitions are consistent with GitLab’s previously stated aim, which is to create an all-in-one platform for developers, security, and operations teams.
The goal with Peach Tech and Fuzzit is to integrate their various technologies into GitLab, meaning customers won’t need to use standalone fuzz testing services. It’s also one more reason for an enterprise client to upgrade to the Gold / Ultimate plan, the most expensive of GitLab’s subscription tiers.
“Fuzzit and Peach Tech will be completely integrated into GitLab and will be available as part of the GitLab platform,” DeSanto said. “Full integration has started, and GitLab users will begin to use these new technologies starting in July, with full integration expected to be done by the end of the year.”
GitLab raised $268 million at a $2.7 billion valuation back in September, and it’s currently gearing up for a planned IPO this November.
Original post is at VentureBeat
