Company’s first product, virtual code-hardening engineer pixeebot, is already in use at companies like DeltaStream, AGI Technology Partners and Nimi
Pixee, creator of solutions that help developers produce higher quality and secure code, has launched out of stealth. The company launched pixeebot: an interactive GitHub App that works alongside developers to harden code and fix outright vulnerabilities and bugs based on the latest best practices.
“Pixee’s goal is to provide solutions that take the burden off developers – who already have an infinite backlog and are likely not security experts. By automatically re-writing the vulnerable code for them, we can unlock more time for working on high-value product features.”
Pixee launches with wide support and advisory from notable industry veterans and entrepreneurs, such as early GitHub engineer Zach Holman, DevRev President/Co-Founder & former SVP Engineering of Nutanix Manoj Agarwal, HackerOne Co-Founder/CTO Alex Rice, A16Z Board Partner John Jack, Oracle’s SVP of Cloud Operations & former Fortify Founder Brian Chess, privacy and security researcher and entrepreneur Samy Kamkar, infosec expert Travis McPeak, and Trusona Founder/CEO Ori Eisen.
CIO INFLUENCE News: SentinelOne Leads the Way in XDR
The Developer Productivity Boom Has Created New Challenges
Arshan Dabirsiaghi, co-founder of cybersecurity unicorn Contrast Security and a recognized application security expert, created Pixee with Surag Patel, Dabirsiaghi’s chief strategy officer at Contrast Security with previous tenures in C-level roles at 41st Parameter (acquired by Experian), InMobi and comScore.
“We’re in a developer productivity revolution thanks to automation, low code and no code platforms, the cloud and serverless, and DevOps practices. Generative AI tools for code, such as Github Co-Pilot, take this productivity to an entirely new level. Developers can produce much more than they ever have before with these amazing tools,” said Patel, Pixee’s CEO. “But more code means more insecure code and a greater attack surface for threats.”
The use of Generative AI will likely make this worse: a recent study from Stanford University found that AI-generated code often produced more security vulnerabilities than code written by humans, even though developers using AI coding tools were apt to believe those tools made their code more secure.
“Right now, developers use humans and noisy security scanners to “find the weaknesses” for them as they write code. All the current tools do is point out problems,” added Pixee CTO Dabirsiaghi. “Pixee’s goal is to provide solutions that take the burden off developers – who already have an infinite backlog and are likely not security experts. By automatically re-writing the vulnerable code for them, we can unlock more time for working on high-value product features.”
CIO INFLUENCE News: NTT Announces a New PoP for Its Global IP Network in Denver, Colorado
Pixeebot: A GitHub App with the Power of Static and LLM-assisted Codemods
Pixee’s first product, pixeebot, is like having an expert security developer on the team constantly reviewing and automatically hardening a developer’s code. Leveraging knowledge of the most up-to-date security standards and threats plaguing software today, pixeebot assists developers in closing these coding gaps with re-written hardened code:
- Native to how developers already work in GitHub. Because it’s a GitHub App, pixeebot delivers feedback in the form developers expect (pull request time) in the format they expect (pull requests and review comments). Setup takes 3 clicks: visit the pixeebot GitHub app page, click install, select repos, and pixeebot gets to work.
- Open-source DNA using the trusted codemod framework and curated by Pixee’s in-house security experts. pixeebot is built on top of the company’s open source codemod framework codemodder to codify very complex code transformations that identify, describe and rewrite code, so developers can make sure they ship natively safe and hardened code.
- LLM-assisted code transformations. Codemods can also leverage the power of the latest Large Language Models (LLMs) alongside traditional techniques to achieve code transformations that were previously unimaginable. These generative AI features are configurable to be opt-out to provide user flexibility to match corporate policies.
- Automatic and complete review of each pull request. Every time a developer submits a pull request with their latest additions, pixeebot gets to work. It will automatically analyze the entire pull request and immediately provide back re-written code that incorporates security best practices and code hardening improvements.
- Weekly hardening pull request. pixeebot checks the entire repo weekly for any hardening opportunities. Developers receive a ready-to merge pull request with all the recommended enhancements to gradually improve the overall security posture of the entire codebase.
- On-demand review cycles. If they want to initiate a code check, developers can summon pixeebot by sending a GitHub issue message ‘@pixeebot next’ and get a new pull request with the latest security recommendations.
“In today’s fast-paced tech environment, it’s simply not fair to overwhelm developers with a barrage of security concerns without providing them the means to address them effectively,” noted Manoj Agarwal, Co-founder and President of DevRev and former SVP of Engineering & GM Hybrid Cloud at Nutanix. “What excites me about the Pixee team is their profound understanding of both software security and developer experience. They’ve crafted a solution for automated code remediation that seamlessly integrates into the natural flow of software development. The work from Surag and Arshan has brilliantly translated their vision of simplified code safety into a reality that promises to extend far beyond security considerations.”
CIO INFLUENCE News: VergeIO Makes IT Hills Out of Mountains for SkiBig3
[To share your insights with us, please write to sghosh@martechseries.com]