BoostSecurity News, Press & Events


Build Pipelines (aka CI/CD) are often a total mess…

Unveiling 'poutine': An Open Source Build Pipelines security scanner

TL;DR is thrilled to announce ‘poutine’ – an Open Source security scanner CLI you can use to detect misconfigurations and vulnerabilities in Build Pipelines. Additionally, it can create an inventory of build-time dependencies so you can track known vulnerabilities (CVEs) as well. Today, the tool has about a dozen rules covering vulnerabilities found in GitHub Actions workflows and Gitlab pipelines. We have plans to add support for CircleCI, Azure Pipelines and more. The source code is published under the Apache 2.0 license and it is available on GitHub.

Read More
Global Security Mag BoostSecurity logo

BoostSecurity Exits Stealth with $12M in Seed Funding to Build Trust into the Software Supply Chain

BoostSecurity®, the developer-first, zero friction DevSecOps automation platform that builds trust into every step of the software supply chain, has emerged from stealth with $12 million in seed funding. Led by Sorenson Capital, with additional support from Hoxton Ventures, Golden Ventures, Firebolt Ventures and Transform VC, the investment will be used to accelerate the platform’s go-to-market and engineering initiatives.

Read More