Spectral Preflight, buckles up supply chain script verification
The Holy Land’s technology sector continues to expand it seems, Tel Aviv-based Spectral is making noise relating to its Preflight tool.
The company claims to be a developer-first cyber specialist, that’s not to say it isn’t a user-first company obviously, it’s a label that the firm appears to have put upon itself to explain how its tools work at the programmer scripting level to provide user security.
Spectral’s Preflight is an open source tool to help developers defend against chain of supply attacks.
A supply chain attack occurs when someone exploits the vulnerabilities of third-party software which has access to another organisation’s system and data, basically infiltrating that organisation through a weak link in its physical (partner) supply chain.
Supply chain code conduit
In the Codecov supply-chain breach, unauthorised users were able to obtain credentials harvested from a copy of one platform’s source code (in this case Monday.com was a key supply chain code conduit to other systems) and use them to access sensitive information from hundreds of customer networks.
Preflight works by automatically verifying and executing a user’s Continuous Integration (CI) and 3rd party scripts.
It can also verify and block binaries or any kind of executable from running, if they contain malware, by querying popular anti-malware services (the user can choose the malware vendor they prefer) and Preflight is also open source, so the user can review the source, build it themselves… and contribute anything found to be missing.
“Hackers have become increasingly sophisticated, with a variety of tools, but their basic strategy is always the same: gain access to the most sensitive and valuable information, like sensitive tokens, API keys, credit card numbers and bank account details, by finding weaknesses,” said Dotan Nahum, CEO and co-founder of Spectral. “
Source code control plane
Co-founder and COO Idan Didi says that despite the efforts of cybersecurity professionals to protect assets, supply chain attacks are increasing.
“Unfortunately, supply chain attacks are often neglected, especially when it comes to developer infrastructure and supporting tech stacks,” said Didi.
Spectral acts as a control-plane over source code and other developer assets, so it also finds and protects against harmful security errors in code, configurations and other artifacts.