Home Tech How automation helps secure the CI/CD pipeline, Buildkite raises $21M 

How automation helps secure the CI/CD pipeline, Buildkite raises $21M 

12
How automation helps secure the CI/CD pipeline, Buildkite raises $21M 

Programmer / coder / data privacy / password / secrets

Programmer looking at code on a screen

Image Credit: Przemyslaw Klos / EyeEm via Getty

This article is part of a VB special issue. Read the full series here: Zero trust: The new security paradigm.

Automation is one capability no continuous integration and continuous delivery (CI/CD) pipeline can do without. With research showing that 44% of developers use CI/CD in their workflow, automation is becoming crucial to ensure companies have the time to test the stability of code produced before its release. 

That’s why more and more vendors are looking to equip developers with tools to automatically test the quality of code before it’s produced. Just today, build runner provider, Buildkite, announced it has raised $21 million in series B funding for a solution that can automatically identify bad code in builds. 

Buildkite’s new platform is designed to enable product engineers to automatically build, test, and deploy software at scale, while hosting their testing and deployment pipelines on their infrastructure. 

Automating application security and the CI/CD pipeline

The announcement comes as developers are struggling to keep up with the demands of modern development with manual testing approaches, with 67% of app developers shipping code with known vulnerabilities. 

One of the core challenges of maintaining a CI/CD pipeline is that innovation often takes precedence over security, reflected by the fact that 86% of developers do not view application security as a top priority when writing code. 

Unfortunately, the presence of any vulnerability can put a vendor’s entire product ecosystem, and its customer’s systems, at risk of intrusions and data breaches. 

“In modern software companies, it’s a hard requirement to have the tooling to validate changes and verify code works before sharing it with end users and consumers. Broken applications mean a loss of revenue, customers, and competitive advantage,” said Keith Pitt, CEO and cofounder of Buildkite. 

“Most often changes are validated, tested, staged, and deployed using CI/CI pipelined. Buildkite provides the most flexible and user-friendly solution to build and deploy pipelines,” Pitt said. 

In addition to helping to automate the testing process, BuildKite provides developers with a sotware-as-a-service (SaaS)-based control plane, which Buildkite’s agents or runners can connect to via customer-owned infrastructure, granting users the ability to run over 10,000 agents at once. 

This approach is SOC2 compliant and prevents an organization’s source code and infrastructure credentials from being accessed, viewed or manipulated by Buildkite or any other unauthorized third parties.  

The CI/CD Market 

Buildkite falls within the continuous integration and delivery or CI/CD tools market, which researchers estimate will reach a value of $19 billion by 2031, growing at a compound annual growth rate of 18% between 2021-2031. 

One of Buildkite’s main competitors in the market is CircleCI, which provides a fedRAMP certified and SOC Type II compliant continuous integration platform. 

The platform includes capabilities including audit logging and third-party secrets management, while providing on-site teams with access to a dedicated incident response team.

CircleCI most recently announced raising $100 million as part of a series F funding round in 2021, bringing its total valuation to $1.7 billion. 

Another competitor is popular CI/CD platform GitHub Actions. GitHub Actions enables developers to automate software workflows so they can build, test and deploy code directly from GitHub to the cloud. 

However, Pitt argues that Buildkite uses a hybrid model to CI/CD pipeline management, which differentiates it from other providers. 

“Buildkite was the first to adopt a hybrid model (self-hosted build agents on your infrastructure with a managed, cloud-powered interface) and holds strong to the point of view that self-hosting your own pipelines is the better, faster and cheaper way to construct CI/CD pipelines at scale. While other competitors are spread across on-prem, hybrid, and cloud-hosted offerings,” Pitt said. 

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.