Bonn-based automated security testing platform Code Intelligence has raised $12 million in Series A funding. The round was led by Tola Capital and backed by existing investors LBBW, OCCIDENT, Verve Ventures, HTGF and Thomas Dohmke, CEO of Github. The startup has raised $15.7 million to date.
Going forward, the company plans to boost product development to create a unified workflow to set up, debug and manage testing pipelines straight from the codebase, command line or any integrated development environment (IDE). New features will be added, including advanced debugging, dashboards and automated API discovery and cataloging.
Founded in 2018 by Sergej Dechand, Khaled Yakdan and Matthew Smith, the startup helps developers at mid-to-large sized companies ship secure code by providing a platform to find and fix security vulnerabilities before they ever reach a finished product.
According to the company, it uses various so-called dynamic analysis techniques, including AI and fuzz testing, which aim to mimic a hacker with insider knowledge of the application. This white-box testing approach generates millions of test cases that can trigger bugs and hard-to-find vulnerabilities deep within the codebase.
Sergej Dechand, CEO and co-founder of Code Intelligence said: “We want to live in a world where the devices, services and systems we rely on every day are truly secure. Our mission is to give every developer the necessary tools to write more secure code, even without deep security expertise. We work closely with the open-source community to spread the 'test early and often' mindset and make security a welcome part of every developer's daily coding.”
Thomas Dohmke, CEO of Github added: “Most application security solutions are built for later stages of the development lifecycle. If detected, vulnerabilities are caught too late in the game, making them increasingly long, difficult and expensive to fix. Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It's like having an automated security expert always by your side.”
With a client list that includes Bosch, Continental, and Deutsche Telekom, the startup also works with Google and has made various contributions to the open-source community with its Java fuzzing engine, Jazzer, which has found over 500 vulnerabilities in more than 30 projects.