Checkmarx, developer centric application security testing (AST) provider, has acquired open-source supply chain security startup Dustico for an undisclosed sum. Dustico provides a dynamic SaaS based solutions that detects malicious attacks and backdoors in software supply chains.
The acquisition will see the partners combine its AST capabilities with Dustico’s behavioral analysis technology to give customers a consolidated view into the risk and reputation of open-source packages, and as a result, a more comprehensive approach to preventing supply chain attacks.
The deal comes amid a sharp rise in supply chain attacks, in which threat actors slip malicious code into a trusted piece of software or hardware.Supply chain incidents often stem from malicious actors deliberately injecting hard-to-detect, tainted code into open source packages used in software development. While open source presents myriad benefits, developers must take reputation and credibility into consideration and apply a zero-trust security mindset to external code packages being adopted into modern applications.
Dustico’s technology analyses open source packages using a three-pronged approach. First, it factors in trust, providing visibility into the credibility of package providers and individual contributors in the open-source community, and then it examines the health of packages to determine their level of maintenance.The company’s advanced behavioral analysis engine inspects the package and looks for malicious attacks hiding within including backdoors, ransomware, multi-stage attacks, and trojans.
This insight, coupled with vulnerability results from Checkmarx’s AST solutions, aims to give organizations and developers greater insights for managing the risks associated with open-source and the supply chains dependent on them, according to the two companies.
“Blending Dustico’s differentiated approach to open-source analysis with Checkmarx’s security testing capabilities will bring disruptive value to our customers as they manage the challenges with securing software supply chains,” said Emmanuel Benzaquen, CEO of Checkmarx.