GitLab has announced its acquisition of Israeli cloud security startup Oxeye for a reported sum of $50 million. This strategic move marks GitLab’s second acquisition in Israel, following its purchase of Fuzzit in 2020.
Oxeye Security
Founded by Dean Agron and Ron Vider, Oxeye has emerged as a frontrunner in the realm of cloud security. Their innovative technology focuses on detecting and remedying vulnerabilities in code during the development stages of applications. With a mission to enhance application security while streamlining development processes, Oxeye’s solution is tailored for AppSec, Dev, and DevOps teams. By shifting security left in the development lifecycle, Oxeye’s cloud-native security testing platform aims to mitigate risks and accelerate development cycles in today’s complex architectural landscape.
As a cloud security solution that automatically prioritizes application security (AppSec) risks for organizations. Here’s what Oxeye does based on the provided data:
Focus on Critical Vulnerabilities
Oxeye provides a dashboard that focuses on the most critical application risks by leveraging runtime intelligence. It analyzes various factors such as business priorities, application code, open-source packages, cloud infrastructure configurations, hardcoded secrets, and license violations.
Harmony Between Security and Engineering Teams
By offering a unified, prioritized view of application risks, Oxeye ensures that organizations allocate their limited resources effectively. It fosters collaboration between security and engineering teams by providing visibility into risks that have the potential to impact the business.
Detect ‘Hidden’ Vulnerabilities
Oxeye’s Application Flow Tracing feature identifies cross-service vulnerabilities and combinations of application vulnerabilities and infrastructure misconfigurations. This allows organizations to proactively reduce application risk by identifying previously undetectable attack paths.
Mature View of Application Risks
With Oxeye, organizations gain full contextual visibility into their application risks within minutes. This enables teams to quickly identify, prioritize, remediate, and mitigate potential business risks, moving from chasing individual vulnerabilities to achieving AppSec maturity.
Augmented Static Application Security Testing (SAST)
Oxeye offers SAST capabilities to scan code in both development and testing/staging environments. It can identify vulnerabilities in custom code as well as third-party code, providing a comprehensive security assessment.
Enhanced Software Composition Analysis (SCA)
Oxeye’s SCA functionality helps organizations identify vulnerable packages and filter out those that are not used at runtime. This allows teams to focus on critical vulnerabilities and ignore non-critical ones.
Application Security Posture Management (ASPM)
Oxeye continuously analyzes signals and data across the entire software development lifecycle to provide a customized view of actual application risks. This helps organizations address real-world security challenges effectively.
Code-to-Cloud Visibility
Oxeye provides visibility into the entire application stack, from code to cloud. It detects exploitable vulnerabilities and combinations of vulnerabilities and infrastructure misconfigurations, reducing application risks.
Dynamic SBOM
Oxeye helps organizations meet compliance objectives by building an inventory of all active software components throughout the software development lifecycle.
Secrets Detection and License Violation Detection
Oxeye continuously detects hardcoded secrets and performs automatic license scanning to ensure compliance with legal requirements for the use of open-source and third-party packages.
Overall, Oxeye aims to streamline the deployment of scarce AppSec resources by focusing on critical application risks, fostering collaboration between security and engineering teams, and providing comprehensive security solutions for organizations.
Oxeye’s Journey
Despite being relatively young in the industry, Oxeye has made significant strides, backed by a little over $10 million in funding. Investors such as Dell Capital, Intel Capital, Merlin Ventures, and MoreVC, among others, have recognized the potential of Oxeye’s innovative approach to cloud security. Their solution resonates with organizations seeking robust security measures without compromising on development speed and agility.
GitLab
GitLab, a leading player in the DevOps arena, is known for its comprehensive suite of tools that facilitate collaboration and automation throughout the software development lifecycle. With features ranging from version control to CI/CD pipelines, GitLab empowers development teams to deliver high-quality software efficiently. By integrating Oxeye’s advanced security testing capabilities into its platform, GitLab aims to further enhance its offerings and provide developers with the tools they need to build secure, resilient applications.
Cybersecurity Landscape
As someone deeply invested in the field of cyber security, the news of GitLab’s acquisition of Oxeye is both exciting and reassuring. It underscores the growing recognition of the importance of integrating security measures into the development process from the outset. As cyber threats continue to evolve in sophistication, collaborations like these pave the way for innovative solutions that effectively safeguard digital assets. With GitLab and Oxeye joining forces, I am optimistic about the future of secure software development and the resilience of our digital infrastructure.
Gitlab Acquisition
Below is gitlab history acquisition, and following those each and every company products it’s very interesting to read into Sid goals and directions of gitlab as a company
| Acquisition Date | Company Name | Founded Year | Location |
|---|---|---|---|
| Jun 02, 2021 | UnReview | 2020 | France |
| Dec 14, 2021 | Opstrace | 2019 | – |
| Jan 30, 2018 | Gemnasium | 2011 | Puerto Rico |
| Mar 15, 2017 | Gitter | 2012 | United Kingdom |
| Mar 03, 2015 | Gitorious | 2007 | France |
I am a software engineer with 20 years of experience of writing code, Software languages, Large scale web application, security and data protection of online digital assets in various software systems and services. I’ve decided to write and share my interests in cyber security online and information security to help and improve white hat security, safety and privacy of our online digital assets, As companies, as individuals or experts providing services. In here you’ll be able to read freely about cyber security threats, detections, common problems, services, news and everything related to information security and cyber security – enjoy and feel free to contact me via the contact page for any question.