An eBPF-based tool for code monitoring provides new visibility into the software pipeline, aiming to forestall further SolarWinds- or Codecov-style attacks. Credit: Anterovium / Shutterstock Cycode’s new Cimon monitoring tool for continuous integration and continuous delivery is designed to offer a new level of visibility into the CI/CD process, securing code against data exfiltration and other malicious activity.According to the company’s announcement, Cimon — short for CI Monitor — is a runtime security agent that uses the enhanced Berkeley Packet Filter (eBPF) system to look directly into the CI pipeline, develop a baseline understanding of what normal behavior looks like, and monitor for abnormalities.The use of eBPF, according to Cycode head of security research Alex Ilgayev, provides for flexibility and visibility into the operating system.“Whether it’s a hosted runner on GitHub or a hosted runner on CircleCI or some self-hosted runner based on containers, once you install the agent, it sees everything,” he said. The idea is to prevent cyberattacks against software code bases, Ilgayev said. Attacks on build systems, dependency attacks and typosquatting — where a bad actor publishes malicious software under a similar name to a widely used open source component — are on the rise. Cimon would prevent those by monitoring CI/CD for expected execution outcomes at the kernel level, as well as network and file system events.Most attacks, according to Ilgayev, take one of two forms. The first is data or credential theft, with bad actors targeting tokens or environment variables or some other sensitive information within the CI build. The second is altering packages via malicious changes to dependencies in the supply chain. Addressing those is an important new capability, according to IDC research vice president Jim Mercer, in part because it offers visibility into all parts of the software supply chain — not just open source.“That’s totally legitimate, they should be concerned about [open source],” he said. “But Cycode is saying ‘We’re gonna look at your pipelines and if something’s unusual, we’re going to stop it.’”The use of eBPF is another substantial upside, Mercer added, calling it a clever way to identify problems in a software build without the use of a more resource-intensive agent.“They can just be looking at those packets and say ‘hey, this is unusual,’” he noted.Cimon is available in a stand-alone format for free as of today, as well as as a part of the paid Cycode AppSec platform. Related content news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Generative AI Machine Learning feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Data and Information Security Security Practices news analysis Attackers could abuse Google's SSO integration with Windows for lateral movement Compromised Windows systems can enable attackers to gain access to Google Workspace and Google Cloud by stealing access tokens and plaintext passwords. By Lucian Constantin Nov 30, 2023 8 mins Multi-factor Authentication Single Sign-on Remote Access Security news Amazon debuts biometric security device, updates Detective and GuardDuty Amazon’s latest security offerings, announced at its re:Invent conference, cover everything from advanced biometrics to new tools for defeating runtime and cloud threats, including identity and access management (IAM) capabilities. By Jon Gold Nov 29, 2023 3 mins Biometrics Security Monitoring Software Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe