Launching KoalaLab:
X-ray for Modern CI/CD
Tech executives Abhishek Anand and Abhimanyu Dhamija announce the launch of their new devsecops venture KoalaLab.
​
Koalalab is building the most comprehensive security and observability solution for the devops pipeline.
Anand has spent over a decade in building and securing performant scalable tech systems, and got inspired to delve deeper into security of the devops process. Anand partnered with Dhamija, who has built profitable tech businesses in regulated industries and wanted to platformise his learnings.
State of software supply chain security: special focus CI/CD
Even before the KoalaLab journey began, founders understood 3 important trends in the software development processes:
-
Rapid Adoption Devops processes where companies rely on SaaS providers like Github/gitlab for their SCM.
-
Modern build processes have become complicated and rely more and more on 3rd-party code like actions in Github CI, Orbs in Circle CI, plugins for jenkins.(There are 22000+ unique github actions listed on github marketplace)
-
Open-source code is now a big part of all Software development, with as much 85% of enterprise codebases coming from open-source libraries.
​
​
Add to this, high-Profile attacks like Solarwinds(2020), codecov(2021) and issue like log4j(2021) have raised awareness around software supply chain security.
​
​
Further, US government’s executive order on cybersecurity risk in 2021 & special focus on CI/CD security from NIST has led the industry to start finding solutions.
​
​
Since then, Industry has made quite a few strides in terms of:
-
Google published their SLSA framework for securing CI/CD which explores the idea of adoption of reproducible builds.
-
OWASP published their CI/CD top 10 in Aug-2022 covering threat vectors around CI/CD.
-
NSA and CISA published a paper to recommendations around securing CI/CD.
KoalaLab Vision
The founders of KoalaLab believe that the industry has made considerable progress on securing the components part of software supply chain(Proprietary code and Open-source dependencies). On CI/CD security(processes part of software supply chain) the guidelines and frameworks from government bodies and open-source communities is a great step forward but adoption is scarce and lot more depth needs to be built.
​
​
Securing CI/CD is hard challenge given the complexity and rapidly evolving landscape. CI/CD pipelines are the keys to the cloud kingdome and KoalaLab wants to bring the same rigor accorded to securing network and production systems to these pipelines. Many of the same paradigms used in securing production systems can be applied to securing build pipelines like
-
Observability and performance intelligence
-
Security Posture Management
-
Securing systems through egress filtering
​
​
KoalaLab is excited to unveil two open-source projects PINNY: Hash-pining of OSS dependencies & BOLT: Securing github workflows through transparent egress filtering. These are parts of the KoalaLab software supply chain control plane platform.
​
​
The founders are excited to build technology to solve problems around CI/CD security and wish to provide more solutions in the coming time.
The founders of KoalaLab: Abhishek Anand (left) & Abhimanyu Dhamija (right)