Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
Pixee, creator of solutions that help developers produce higher quality and secure code, has launched out of stealth.
The company launched pixeebot: an interactive GitHub App that works alongside developers to harden code and fix outright vulnerabilities and bugs based on the latest best practices.
Pixee launches with wide support and advisory from notable industry veterans and entrepreneurs, such as early GitHub engineer Zach Holman, DevRev President/Co-Founder & former SVP Engineering of Nutanix Manoj Agarwal, HackerOne Co-Founder/CTO Alex Rice, A16Z Board Partner John Jack, Oracle’s SVP of Cloud Operations & former Fortify Founder Brian Chess, privacy and security researcher and entrepreneur Samy Kamkar, infosec expert Travis McPeak, and Trusona Founder/CEO Ori Eisen.
Arshan Dabirsiaghi, co-founder of cybersecurity unicorn Contrast Security and a recognized application security expert, created Pixee with Surag Patel, Dabirsiaghi's chief strategy officer at Contrast Security with previous tenures in C-level roles at 41st Parameter (acquired by Experian), InMobi and comScore.
"We’re in a developer productivity revolution thanks to automation, low code and no code platforms, the cloud and serverless, and DevOps practices. Generative AI tools for code, such as Github Co-Pilot, take this productivity to an entirely new level. Developers can produce much more than they ever have before with these amazing tools," said Patel, Pixee's CEO. "But more code means more insecure code and a greater attack surface for threats."
“Right now, developers use humans and noisy security scanners to “find the weaknesses” for them as they write code. All the current tools do is point out problems,” added Pixee CTO Dabirsiaghi. “Pixee’s goal is to provide solutions that take the burden off developers - who already have an infinite backlog and are likely not security experts. By automatically re-writing the vulnerable code for them, we can unlock more time for working on high-value product features.”
Pixee’s first product, pixeebot, is like having an expert security developer on the team constantly reviewing and automatically hardening a developer's code. Leveraging knowledge of the most up-to-date security standards and threats plaguing software today, pixeebot assists developers in closing these coding gaps with re-written hardened code:
- Native to how developers already work in GitHub. Because it’s a GitHub App, pixeebot delivers feedback in the form developers expect (pull request time) in the format they expect (pull requests and review comments). Setup takes 3 clicks: visit the pixeebot GitHub app page, click install, select repos, and pixeebot gets to work.
- Open-source DNA using the trusted codemod framework and curated by Pixee’s in-house security experts. pixeebot is built on top of the company’s open source codemod framework codemodder to codify very complex code transformations that identify, describe and rewrite code, so developers can make sure they ship natively safe and hardened code.
- LLM-assisted code transformations. Codemods can also leverage the power of the latest Large Language Models (LLMs) alongside traditional techniques to achieve code transformations that were previously unimaginable. These generative AI features are configurable to be opt-out to provide user flexibility to match corporate policies.
- Automatic and complete review of each pull request. Every time a developer submits a pull request with their latest additions, pixeebot gets to work. It will automatically analyze the entire pull request and immediately provide back re-written code that incorporates security best practices and code hardening improvements.
- Weekly hardening pull request. pixeebot checks the entire repo weekly for any hardening opportunities. Developers receive a ready-to merge pull request with all the recommended enhancements to gradually improve the overall security posture of the entire codebase.
- On-demand review cycles. If they want to initiate a code check, developers can summon pixeebot by sending a GitHub issue message and get a new pull request with the latest security recommendations.
Industry News
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
Kindo formally launched its channel partner program.
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
Fastly announced the general availability of Fastly AI Accelerator.
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
Grid Dynamics announced the launch of its developer portal.
LTIMindtree announced a strategic partnership with GitHub.