The tech sector of the Holy Land continues to grow, it seems, based in Tel Aviv Spectral makes noise about his preflight tool.
The company claims to be a cyber specialist first for the developers, that doesn’t mean that it obviously isn’t a business first for the user, it is a label that the company seems to s ‘be given to explain how its tools work at the programmer’s script level. to ensure user safety.
Spectral Preflight check is an open source tool to help developers defend themselves against supply chain attacks.
A supply chain attack occurs when a person exploits vulnerabilities in third-party software that has access to another organization’s system and data, essentially infiltrating that organization through a weak link in its physical supply chain. (partner).
Conduct of the supply chain code
In Codecov’s supply chain breach, unauthorized users were able to obtain credentials collected from a copy of a platform’s source code (in this case, Monday.com was a key supply chain code channel to other systems) and use them to access sensitive information from hundreds of customer networks.
Preflight works by automatically checking and running a user’s continuous integration (CI) and third-party scripts.
It can also check and block the execution of binaries or any kind of executable, if they contain malware, by querying popular anti-malware services (user can choose their preferred malware vendor ) and Preflight is also open source, so the user can examine the source, build it themselves… and contribute whatever is missing.
“Hackers have become more and more sophisticated, with a variety of tools, but their basic strategy is still the same: to access the most sensitive and valuable information, like sensitive tokens, API keys, credit card numbers and bank details, finding weaknesses, ”said Dotan Nahum, CEO and co-founder of Spectral. “
Source code control plane
Co-founder and COO Idan Didi says that despite the best efforts of cybersecurity professionals to protect assets, supply chain attacks are on the rise.
“Unfortunately, supply chain attacks are often overlooked, especially with regard to the developer infrastructure and the supporting technological stacks ”, said Didi.
Spectral acts as a plane of control over source code and other development assets, so it also detects and protects against harmful security errors in code, configurations, and other artifacts.