“Scanning tools today take long minutes or even hours to run in a given pipeline,” said Dotan Nahum, co-founder, and CEO of Spectral. “Developers just don’t have that kind of time or the funds,” he explained in the announcement, noting that many providers of continuous integration solutions meter activity by the minute. “Some developers are so overwhelmed by slow, irrelevant, and non-intuitive results that they stop using scanners altogether,” Nahum said.
According to the company, Spectral’s platform is a developer-facing solution that the company said monitors, crawls and protects organizations by discovering developer-facing systems such as Slack, npm, maven, and logs, which often are not included in an organization’s threat modeling.
“We observe that with so many tech stacks, SaaS vendors, and integrations, mistakes in private repositories end up appearing in public repos too,” Nahum said. “It’s these things — the things you don’t know that you don’t know about — that really keep you up at night.” Spectral, he noted, provides insights into these “blind spots.” Among those integrations are Travis, Jenkins, and CircleCI, and the frameworks and products such as Webpack, Gatsby, Netlify, and more, the company announced.
Its detectors can scan any programming language, config files, and other assets using machine learning-based analysis. Further, users can build their own custom detectors using SPEQL, a purpose-built query language, Spectral said.
“The pain points we’re addressing resonate strongly across every company developing software because as they evolve from own-code to glue-code to no-code approaches, they allow developers to gain more speed, but they also add on significant amounts of risk,” Spectral co-founder and COO Idan Didi said. “Spectral lets developers be more proud.