Techology, HR

Company Size

# of Developers: ???
# of Security Personnel: ???

CI/CD Technologies

SCM: Github
CI: GitHub Actions

The Challenge

  • Founded in 2015, HiBob is one of the world’s leading HR platforms, dealing with confidential HR data of thousands of modern, multi-national organizations across all sizes and industries.
  • HiBob had pre existing AppSec SAST technologies prior to onboarding Cider, However The AppSec landscape in the organization had changed due to the rapid pace of engineering in the organization combined with the rise of supply chain attacks.
  • While constantly seeking for ways to keep up with the pace of engineering, HiBob security was looking for a centralized AppSec solution to both orchestrate and manage static analysis as well as to address growing concerns around CI/CD security.

The Solution

  • After a short onboarding session and integration to the AWS and CI/CD Tech stack, Cider’s CS and Product teams worked closely with both Security and DevOps teams at HiBob to achieve a clear understanding of HiBob’s challenges, needs and priorities within the AppSec domain.
  • A short while after the onboarding, the infosec world witnessed several high-magnitude supply chain attacks in the compromise of the NPM RC, COA, UA-Parser NPM packages (November 2021), as well as the infamous Log4j vulnerability (Dec 2021). HiBob was able to quickly assess the risk associated with these vulnerabilities on their environment through the Cider SBOM capabilities and in close collaboration with the Cider CS group.
  • HiBob maintains strong visibility over all 3rd parties within its engineering ecosystem through Cider’s ‘Supply Chain’ module.
    By leveraging AWS Cloud Technology Cider were able to consistently provide real time threat detection code scanning and orchestration to HiBob’s Security Team.
  • HiBob continued to embed Cider capabilities within their engineering day-to-day, with a focus on orchestration of static analysis capabilities. Shortly after integration, HiBob effortlessly implemented an open source secret scanner against its entire codebase through Cider’s marketplace and was able to detect a confidential secret for its cloud platform being added to the code. Currently HiBob uses Cider’s marketplace to orchestrate the usage of multiple static analysis engines from within the Cider marketplace, both Open Source and commercial.
Cider Security has been acquired by Palo Alto Networks