Dotan Nahum, Spectral's founder and CEO, saw these challenges while CTO at Como, HiredScore and unicorn Fintech company Klarna. As an established open-source contributor for around 20 years, he saw how the industry was shifting more responsibilities onto developers. Spectral's customers and deep research activities also indicated that these issues were being compounded by poor developer tools.
"Scanning tools today take long minutes or even hours to run in a given pipeline," said Nahum. "Developers just don't have that kind of time, or the funds (many CI providers meter by the minute). Some developers are so overwhelmed by slow, irrelevant, and non-intuitive results that they stop using scanners altogether. There's an obvious need for a robust yet simple, fast yet extensive product that's developer-first and won't slow down DevSecOps and CI/CD pipelines.”
Spectral is a lightning-fast, developer-first cybersecurity solution that finds and protects against costly security mistakes in code, configuration, and other developer assets. In a matter of seconds per average-sized repository, Spectral can detect mistakes across hundreds of tech stacks including the actual source code, providing real-time prevention as well as flagging these issues via a "single pane of glass" to allow each team to productively triage, fix and monitor these issues, charting their own progress and improvements.
Following the principle of "implement strong security measures, but act like you have none," Spectral protects against the leakage of secrets outside of an organization as well as internally. "We observe that with so many tech stacks, SaaS vendors and integrations, mistakes in private repositories end up appearing in public repos too," said Nahum, "It's these things – the things you don't know that you don't know about – that really keep you up at night. Spectral helps reveal these blindspots through a Public Scan feature through which we have already discovered breaches in over 20 Fortune 500 companies and counting."