DEVOPSdigest

Pixee, creator of solutions that help developers produce higher quality and secure code, has launched out of stealth.

The company launched pixeebot: an interactive GitHub App that works alongside developers to harden code and fix outright vulnerabilities and bugs based on the latest best practices.

Pixee launches with wide support and advisory from notable industry veterans and entrepreneurs, such as early GitHub engineer Zach Holman, DevRev President/Co-Founder & former SVP Engineering of Nutanix Manoj Agarwal, HackerOne Co-Founder/CTO Alex Rice, A16Z Board Partner John Jack, Oracle’s SVP of Cloud Operations & former Fortify Founder Brian Chess, privacy and security researcher and entrepreneur Samy Kamkar, infosec expert Travis McPeak, and Trusona Founder/CEO Ori Eisen.

Arshan Dabirsiaghi, co-founder of cybersecurity unicorn Contrast Security and a recognized application security expert, created Pixee with Surag Patel, Dabirsiaghi's chief strategy officer at Contrast Security with previous tenures in C-level roles at 41st Parameter (acquired by Experian), InMobi and comScore.

"We’re in a developer productivity revolution thanks to automation, low code and no code platforms, the cloud and serverless, and DevOps practices. Generative AI tools for code, such as Github Co-Pilot, take this productivity to an entirely new level. Developers can produce much more than they ever have before with these amazing tools," said Patel, Pixee's CEO. "But more code means more insecure code and a greater attack surface for threats."

“Right now, developers use humans and noisy security scanners to “find the weaknesses” for them as they write code. All the current tools do is point out problems,” added Pixee CTO Dabirsiaghi. “Pixee’s goal is to provide solutions that take the burden off developers - who already have an infinite backlog and are likely not security experts. By automatically re-writing the vulnerable code for them, we can unlock more time for working on high-value product features.”

Pixee’s first product, pixeebot, is like having an expert security developer on the team constantly reviewing and automatically hardening a developer's code. Leveraging knowledge of the most up-to-date security standards and threats plaguing software today, pixeebot assists developers in closing these coding gaps with re-written hardened code:

- Native to how developers already work in GitHub. Because it’s a GitHub App, pixeebot delivers feedback in the form developers expect (pull request time) in the format they expect (pull requests and review comments). Setup takes 3 clicks: visit the pixeebot GitHub app page, click install, select repos, and pixeebot gets to work.

- Open-source DNA using the trusted codemod framework and curated by Pixee’s in-house security experts. pixeebot is built on top of the company’s open source codemod framework codemodder to codify very complex code transformations that identify, describe and rewrite code, so developers can make sure they ship natively safe and hardened code.

- LLM-assisted code transformations. Codemods can also leverage the power of the latest Large Language Models (LLMs) alongside traditional techniques to achieve code transformations that were previously unimaginable. These generative AI features are configurable to be opt-out to provide user flexibility to match corporate policies.

- Automatic and complete review of each pull request. Every time a developer submits a pull request with their latest additions, pixeebot gets to work. It will automatically analyze the entire pull request and immediately provide back re-written code that incorporates security best practices and code hardening improvements.

- Weekly hardening pull request. pixeebot checks the entire repo weekly for any hardening opportunities. Developers receive a ready-to merge pull request with all the recommended enhancements to gradually improve the overall security posture of the entire codebase.

- On-demand review cycles. If they want to initiate a code check, developers can summon pixeebot by sending a GitHub issue message and get a new pull request with the latest security recommendations.