Sold by: Cycode
Deployed on AWS
Cycode is a complete software supply chain security solution that provides visibility, security, and integrity across all phases of the SDLC.
3.9
Overview
According to Gartner, Software supply chain attacks will increase 3-fold by 2025, to the point 45% of organizations will experience one. Why? Because attackers are shifting their focus from well fortified production applications to the DevOps tools and infrastructure that make them. This now represents the path of least resistance for attackers because there are many attack vectors for attackers to use, once in, attackers can easily compromise the whole SDLC due to the interconnected and automated nature of DevOps, and because organizations simply don't have adequate security controls in place.
Cycode is a complete software supply chain security solution that provides visibility, security, and integrity across all phases of the SDLC. Cycode integrates with DevOps tools and infrastructure providers, hardens their security postures by implementing consistent governance, and reduces the risk of breaches with a series of scanning engines that look for issues like hardcoded secrets, infrastructure as code misconfigurations, code leaks and more. Cycode's knowledge graph tracks code integrity, user activity, and events across the SDLC to prioritize risk, find anomalies, and prevent code tampering.
For custom pricing, EULA, or a private contract, please contact AWS-Marketplace@cycode.com .
Highlights
- Establish effective pipeline security & governance to harden your DevOps tooling against attack
- Implement comprehensive protection against attack vectors like hardcoded secrets, code leakage, and code tampering
- Obtain unparalleled visibility & context by correlating data across the tools and phases of the SDLC
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Cycode Platform | per monitored developer (annual contract) | $360.00 |
Vendor refund policy
Refund policy: see terms and conditions in EULA.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Product support available during US & Israeli business hours (Sunday 05:00 UTC through Saturday 01:00 UTC). Customer support, self-service documentation portal, and community forum available 24x7. Web support: https://support.cycode.com . Email support: support@cycode.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Secret Detection and Prevention
Scanning engine that identifies and detects hardcoded secrets within code repositories and development environments
Infrastructure as Code Security
Scanning capability to identify misconfigurations in infrastructure as code templates and configurations
Code Integrity Tracking
Knowledge graph system that tracks code integrity, user activity, and events across the software development lifecycle to detect anomalies and prevent code tampering
DevOps Tool Integration
Integration with DevOps tools and infrastructure providers to implement consistent governance and security controls across the development pipeline
Supply Chain Visibility
Correlation and aggregation of security data across multiple tools and phases of the software development lifecycle to provide unified visibility and risk prioritization
Static Application Security Testing
Identifies vulnerabilities and weaknesses in custom code with support for 25+ languages and frameworks, scanning uncompiled code and re-scanning only new or modified code.
Software Composition Analysis
Identifies and prioritizes open source vulnerabilities, takes inventory of open source components and dependencies, and evaluates risks of open source licenses.
Infrastructure as Code Analysis
Detects security misconfigurations in IaC templates using KICS to prevent errors such as open storage buckets, insecure databases, and excessive privileges.
Real-time IDE Security Scanning
Provides real-time vulnerability detection during IDE development for both human-generated and AI-generated code, identifying vulnerabilities, unmasked secrets, vulnerable container images, and malicious open source packages.
Agentic-AI Remediation
Generates remediation suggestions using AI agents that access proprietary databases and customized AI models to provide context-aware code fixes with interactive refinement capabilities.
Identity Security Management
AI/ML-powered Identity Intelligence framework for detecting and mitigating risks associated with human and machine developer identities, including excessive permissions, identity hygiene, and risky account behavior.
Developer Tool Posture Management
Continuous monitoring and validation of developer tools with detection of misconfigurations and alignment with CI/CD best practices.
Open-Source Software Vulnerability Scanning
Continuous scanning of application code to identify and prioritize critical open-source vulnerabilities for remediation.
Supply Chain Attack Prevention
Multi-layered defense platform integrating identity security, open-source software risk management, and developer tool posture management across the software development lifecycle.
Secret Detection and Exposure
Capability to unmask and identify hidden secrets within code repositories and development environments.
Standard contract
No
No
Customer reviews
Souhardyya Biswas
Secret scanning has strengthened our code security and now needs better container integration
Reviewed on May 27, 2026
Review provided by PeerSpot
What is our primary use case?
Cycode is used for multiple types of scanning including secrets, SAST scanning, and IAC misconfiguration scanning. Secret scanning was one of the first services launched using Cycode and is integrated into product teams' CI/CD pipelines for identifying hard-coded secrets within the code.
Cycode is used for infrastructure as code misconfiguration scanning and SAST scanning to find code weaknesses. Both engines are solid with no complaints.
As a policy, hard-coding secrets is prohibited. Cycode helps identify pieces of code that might be out of compliance. When the organization pivoted to GitHub Enterprise Cloud, this became a strong requirement for all product teams to comply with, and Cycode definitely assisted in that process.
Cycode is used for secret scanning, IAC misconfiguration scanning, and SAST. Other tools are used for software composition analysis and container image scanning.
What is most valuable?
Cycode excels in secret scanning and is brilliant at finding and identifying secrets within code. The GitHub integration helps product teams run scans on their code during pull requests without requiring a task in their pipeline, allowing them to identify issues much earlier in the software development life cycle.
The GitHub integration allows scanning to be performed as early as possible. Whenever product teams raise a pull request or commit to a GitHub repository, the integration identifies issues even before the scan runs in the pipeline. Since scanning happens in the version control system in GitHub rather than in the pipeline, it keeps the load on the pipeline simple and reduces the overall pipeline load.
Measurable improvements and faster development are outcomes of using Cycode. Since it is integrated into GitHub as a GitHub app and performs PR scans, it makes the development process not just faster but more secure. It prohibits users from hard-coding secrets and pushes them to use secret vaults and managers, which is a much more secure method of handling credentials.
Cycode helps with visibility into application security posture by having arguably the best dashboards and reporting among all the other tools in use, with different kinds of remediation funnels and MTTR data available in Cycode's dashboard that helps with overall application security posture management.
Cycode helps prioritize vulnerabilities or findings with a custom risk score that can help prioritize findings. Even within secrets, it helps identify the severities associated with those secrets.
Cycode supports collaboration between development and security teams well. The integration with GitHub makes it quite seamless.
What needs improvement?
Regarding container scanning, Cycode can be improved as it does not have a CLI. As a DevSecOps professional, having a CLI is a must-have for any tool to integrate it into systems. Although Cycode does have a CLI, specifically for the container scanning module, a CLI does not exist. This is why all the modules that Cycode offers cannot be fully leveraged.
A CLI for the container scanning module is believed to be on Cycode's roadmap, but it is not available today.
As a big enterprise dealing with many assets, Cycode being faster would be beneficial. With many assets on-boarded on Cycode, the tool sometimes becomes slow. Making Cycode faster would definitely help. Other than that, things are good.
For how long have I used the solution?
Cycode has been in use for almost three years.
What do I think about the stability of the solution?
Cycode is stable and scales as needed.
What do I think about the scalability of the solution?
The scalability of Cycode as the organization grows or adds more assets is managed well. At the scale at which the enterprise operates, which is quite large, Cycode scales as needed. Being a vendor SaaS tool on an elastic server, it scales effectively.
How are customer service and support?
Cycode's customer support is good. Regular connects are maintained with the customer support team.
Which solution did I use previously and why did I switch?
Secret scanning was not available prior to Cycode. Cycode was the first solution for secret scanning and still is to this day.
How was the initial setup?
Adoption and initial use of Cycode was fairly simple for the team. The GitHub integration made the process quite smooth as all assets in GitHub had to be bulk on-boarded to Cycode. Although the on-boarding and adoption were smooth and Cycode was scanning everything in GitHub, as a DevSecOps team, assets had to be mapped individually in order to perform application security posture management (ASPM), which took a good amount of time and remains an ongoing challenge.
What was our ROI?
A return on investment has been seen with Cycode. Overall, the security of assets and preventing the exposure of secret data is where Cycode excels. No specific metrics can be shared beyond that.
What's my experience with pricing, setup cost, and licensing?
Cycode is aggressively priced across the board with respect to other tools when it comes to pricing, setup cost, and licensing.
Which other solutions did I evaluate?
I was not part of the decision before choosing Cycode, so I am not aware of which options were evaluated. However, GitHub Advanced Security was believed to have been considered.
What other advice do I have?
Cycode excels mainly in secret scanning, and if CLI was available in other types of scans like container scanning, the overall experience would have been better. Cycode's governance and security are good, and the AI remediation abilities through integrations like Secure Code Warrior are beneficial.
The accuracy and reliability of Cycode's AI capabilities have not been fully tested. Others looking into using Cycode should move forward with it. It is a strong and robust tool for secret scanning.
Overall, I rate Cycode a 7.5 out of 10. The rating reflects limitations such as the lack of a CLI for container scanning and some concerns about forced secret scanning, balanced against Cycode's excellence in secret scanning capabilities.
J P.
Totally impressed with cycode
Reviewed on Apr 23, 2024
Review provided by G2
What do you like best about the product?
I've found CyCode to be an easy tool to use and integrate into our environment. I look forward to completing my work onboarding the tool into our production. we internally discussed the risk of exposing a system that actively provides easy access to secrets and shortly thereafter we noticed a new feature that allows us to limit this exposure through the use of roles.
What do you dislike about the product?
lacks integrations with many AWS services to make it easy to track application vulnerabilities in terms of the systems hosting our applications rather than just the code & artifacts.
What problems is the product solving and how is that benefiting you?
I've seen new valuable security features and customization options open up that increase its potential value to our organization. So overall I think they take customer feedback seriously and are looking at ways to improve the product.
Sachin P.
Cycode abilities
Reviewed on Dec 08, 2022
Review provided by G2
What do you like best about the product?
1) Product setup is extremely quick.
2) Cycode defaults provide immediate value by highlighting improper storage secrets in source control and data leakage visibility, i.e. Violations - Asset mapping in knowledge graphs.
3) The new workflow functionality enhances the user experience, as custom behavior is now easily implemented from a central point in the system.
2) Cycode defaults provide immediate value by highlighting improper storage secrets in source control and data leakage visibility, i.e. Violations - Asset mapping in knowledge graphs.
3) The new workflow functionality enhances the user experience, as custom behavior is now easily implemented from a central point in the system.
What do you dislike about the product?
1) The violations which need manual re-scan have to be improved.
2) Display the proper error message when the queries for an extensive knowledge graph are in progress.
2) Display the proper error message when the queries for an extensive knowledge graph are in progress.
What problems is the product solving and how is that benefiting you?
1) Great platform for SCM.
2) Visibility on the compliance and audit requirements increased.
3) Single view for all my policy violations and asset details which can significantly help audit.
2) Visibility on the compliance and audit requirements increased.
3) Single view for all my policy violations and asset details which can significantly help audit.
Dipak P.
Best software for SDLC process
Reviewed on Dec 02, 2022
Review provided by G2
What do you like best about the product?
Easy to understand and hadel all tools for use.intrrfaceeasy to use.
What do you dislike about the product?
Littel bit complicated to extensively work on that.
What problems is the product solving and how is that benefiting you?
Very beneficial for SDLC process.Tracking etc.