GitLab Acquires Peach Tech and Fuzzit
June 11, 2020

GitLab acquired Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing.

These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing.

GitLab’s DevSecOps solution offers both coverage-guided and behavioral fuzz testing techniques as well as shifting fuzz testing left with these new offerings being made available within the GitLab CI/CD environment.

“We believe GitLab provides best-in-class tools for the complete DevOps lifecycle on a single platform,” said Sid Sijbrandij, CEO of GitLab. “Bringing the fuzzing technologies of Peach Tech and Fuzzit into GitLab’s security solutions will give our users an even more robust and thorough application security testing experience while enabling them to shift security left. This simultaneously simplifies their workflows and creates collaboration between development, security, and operations teams.”

The addition of both coverage-guided and behavioral fuzz testing into the DevSecOps toolchain helps organizations find vulnerabilities and weaknesses traditional application security testing and quality assurance (QA) testing techniques often miss as these findings may not be directly tied to a known vulnerability (e.g. CVE IDs).

Once Peach Tech and Fuzzit technologies are fully-integrated, GitLab Secure customers will no longer need to depend on standalone fuzz testing solutions to meet their application security testing needs. Instead, they will have a fully-integrated security solution, from Auto DevOps deployment of security testing to vulnerability management and remediation. Furthermore, these acquisitions will allow GitLab to accelerate its roadmap for interactive application security testing (IAST) by extending Peach Tech’s DAST API security engine and Fuzzit’s crash correlation technology.

“Providing GitLab users with the best security testing tools is key to GitLab's DevSecOps core mission," said Michael Eddington, Peach Tech founder and CEO. "The integration of Peach Tech’s technologies expands GitLab's shift security left capabilities making the future of security and DevSecOps a reality today for all GitLab users."

“Fully integrating Fuzzit will make GitLab the first security solution that provides continuous coverage-guided fuzz testing natively within the CI/CD pipeline," said Yevgeny Pats, Fuzzit founder and CEO. "Fuzzit's support for multiple coverage-guided fuzzers combined with its crash analysis and correlation technology will add an important capability to the DevSecOps for GitLab users.”

With the Peach Tech and Fuzzit technologies being incorporated into GitLab’s DevSecOps platform, GitLab will further accelerate its application security testing roadmap to bring developers a native and seamless experience for discovering, fixing, and remediating security vulnerabilities and weaknesses.

GitLab provides accurate, automated, and continuous assessment of your applications, which enables users to proactively identify vulnerabilities and weaknesses to minimize security risk. GitLab’s Secure stage is woven into the DevOps cycle to allow users to adapt security testing and processes, not as an additional step nor tool.

Share this

Industry News

November 24, 2020

Red Hat announced new capabilities and features for Red Hat OpenShift, the company's enterprise Kubernetes platform.

November 24, 2020

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform.

November 24, 2020

DataStax released K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes.

November 23, 2020

Spectro Cloud has released a new, self-hosted version of its flagship product, Spectro Cloud.

November 23, 2020

GitLab completed integration of Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing.

November 23, 2020

Fugue announced the availability of its SaaS product in AWS Marketplace, further simplifying the process for Amazon Web Services customers to use Fugue to bring their environments into compliance quickly, demonstrate compliance at any time, and Shift Left on cloud security.

November 19, 2020

Rollbar announced AI-assisted workflows powered by its new automation-grade grouping engine.

November 19, 2020

Buildkite expanded its integration with GitHub and introduced a new onboarding experience.

November 19, 2020

Rancher Labs launched a new Partner Program for the OEM and embedded community.

November 18, 2020

Puppet announced its evolution to an integrated automation platform to enable key business initiatives such as scaling DevOps, risk reduction, policy as code, and evolving cloud strategies.

November 18, 2020

Adaptavist has joined the GitLab partner program as a Select partner.

November 18, 2020

Postman launched the beta version of public workspaces, a hub that makes it possible for both API producers and consumers to seamlessly communicate and collaborate in real time without team or organizational boundaries.

November 17, 2020

Red Hat introduced new capabilities for Red Hat Enterprise Linux and Red Hat OpenShift intended to help enterprises bring edge computing into hybrid cloud deployments.

November 17, 2020

Humio announced the availability of the Humio Operator.

November 17, 2020

Accurics announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize.