Cycode\u2019s new Cimon monitoring tool for continuous integration and continuous delivery is designed to offer a new level of visibility into the CI\/CD process, securing code against data exfiltration and other malicious activity.According to the company\u2019s announcement, Cimon \u2014 short for CI Monitor \u2014 is a runtime security agent that uses the enhanced Berkeley Packet Filter (eBPF) system to look directly into the CI pipeline, develop a baseline understanding of what normal behavior looks like, and monitor for abnormalities.The use of eBPF, according to Cycode head of security research Alex Ilgayev, provides for flexibility and visibility into the operating system.\u201cWhether it\u2019s a hosted runner on GitHub or a hosted runner on CircleCI or some self-hosted runner based on containers, once you install the agent, it sees everything,\u201d he said.The idea is to prevent cyberattacks against software code bases, Ilgayev said. Attacks on build systems, dependency attacks and typosquatting \u2014 where a bad actor publishes malicious software under a similar name to a widely used open source component \u2014 are on the rise. Cimon would prevent those by monitoring CI\/CD for expected execution outcomes at the kernel level, as well as network and file system events.Most attacks, according to Ilgayev, take one of two forms. The first is data or credential theft, with bad actors targeting tokens or environment variables or some other sensitive information within the CI build. The second is altering packages via malicious changes to dependencies in the supply chain.Addressing those is an important new capability, according to IDC research vice president Jim Mercer, in part because it offers visibility into all parts of the software supply chain \u2014 not just open source.\u201cThat\u2019s totally legitimate, they should be concerned about [open source],\u201d he said. \u201cBut Cycode is saying \u2018We\u2019re gonna look at your pipelines and if something\u2019s unusual, we\u2019re going to stop it.\u2019\u201dThe use of eBPF is another substantial upside, Mercer added, calling it a clever way to identify problems in a software build without the use of a more resource-intensive agent.\u201cThey can just be looking at those packets and say \u2018hey, this is unusual,\u2019\u201d he noted.Cimon is available in a stand-alone format for free as of today, as well as as a part of the paid Cycode AppSec platform.