Cloud9 IDE company logo

The profile is currenly unclaimed by the seller. All information is provided by CB Insights.

c9.io

Founded Year

2010

Stage

Acquired | Acquired

Total Raised

$7.31M

About Cloud9 IDE

Cloud9 IDE is a collaborative coding company that offers a cloud-based integrated development environment (IDE) in which developers can quickly start building applications and collaborate with others.

Cloud9 IDE Headquarter Location

Lauriergracht 116 D2

Amsterdam, 1016 RR,

Netherlands

415-509-3896

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Latest Cloud9 IDE News

Part 3: Using Veracode From the Command Line in Cloud9 IDE

Dec 3, 2021

In part three of a four-part series, Clint Pollock, principal solutions architect at Veracode, details how to use Veracode from the command line in the Cloud9 IDE to submit a software composition analysis (SCA) scan. Check out the video and step-by-step instructions below. It’s Clint Pollock, principal solutions architect, back again for part three of our four-part series on using Veracode from the command line in Cloud9 IDE. If you haven’t done so already, please check out part one on static policy scans and static sandbox scans and part two on the pipeline scanner. For part three, we will dive into open source and third-party libraries. Those are libraries that you don’t generally fix. You just need to upgrade and keep an eye on these libraries to make sure that they don’t have vulnerabilities. Now, inside of the Veracode application profile, there are results on static analysis and software composition analysis. In addition, if you had manual tests or dynamic scanning, you’ll see those results there as well. When you run a static scan, you get a report for the first-party problem. And inside of software composition analysis, you get alerted to to any libraries that have vulnerabilities. You’ll also be alerted to newer versions that you can upgrade to so that you don’t have those vulnerabilities within your application. This happens automatically. And by default, there’s also an SCA agent which gives additional information during your bill job or within your IDE about the third-party library and open source components that are out of date or have vulnerabilities. To set up an agent on your desktop or within your build server, you want to go to software composition analysis, and then agent-based scan. If you don’t have these tabs, talk to the application security team. This section of our portal is dedicated to open source findings and problems within. You’ll notice you can set up a workspace and then inside of that workspace, you can deploy agents. Agents can be installed on your desktop or in your CI/CD system so that you can get some additional functionality around third-party and open source library issues in your application. Go to agents, create a new agent, and choose your platform. You’ll see there are lots of instructions for integrating with other build systems. There is an API token that you have to generate. And then basically just run the command. For installing my cloud nine IDE, choose that option. Once activated, go into the project folder and type in SRC:CLR scan. Now you see all this information that comes out into the actual terminal. There’s a lot of problems here, and this application will require some real work to resolve all these issues. That’s why you typically start with the very high and high severity items, but in the case of the SCA agent, you are getting one additional data point that is critical here. It’s called vulnerable methods. Now the SCA agent is able to detect vulnerable methods, but just by uploading a static scan where you actually get the additional SCA results, it does not give us vulnerable methods. A vulnerable method is where you’re actually calling the set of code, where the vulnerability exists in a given library. Therefore this would be considered something extremely high risk, and you should remediate any vulnerable methods as soon as possible by upgrading the library to a version that does not have the problem or replacing it with something else. Assume this particular app has a bunch of problems known as CVEs. This is data coming from the NIST database. Generally, if an open source library gets a problem, there’ll be a NIST entry. The issue though is that this can be months after the initial problem has been discovered. So the second area that Veracode offers great value is the premium database. Use machine learning to go out and scour the GitHubs of the world to look at release notes for open source software. If there’s any sort of security issues, our system will route that to humans to then be entered into our database. Therefore, you get a big advantage with any type of zero-day vulnerabilities that may have been months delayed in getting into the NIST database. You can also get license information. And here inside of the SCA.analysiscenter.veracode.com, you’ll see there’s some additional information like Veracode Vera demo link. You can see all sorts of additional information about the open source software status in this particular application. At this time, the SCA agent can be run in the CI/CD workflow, but it will not break the build based on any sort of thresholds. So it’s a good idea to simply continue running this on a regular basis so that you can detect any sort of problems. You want to minimize this list to have as few issues as possible. And then start to bring in the requirement to upgrade these open source and third-party libraries as part of your project planning, because it’s critical to keep these things up to date in the event that there is some sort of issue, and if you’re a few versions behind it may take a lot of work to get that problem resolved. So make it a goal to stay ahead of this, keep these libraries updated. It will make things a lot easier for you in the event that some sort of zero-day comes out. In the case of the SCA agent, it depends on the package manager to properly identify the libraries at use and determine if those libraries have any vulnerabilities. Static analysis depends on the language, the version, and any frameworks used. For part four, we will take a look at the Veracode API signing, Docker image. Email*

  • When was Cloud9 IDE founded?

    Cloud9 IDE was founded in 2010.

  • Where is Cloud9 IDE's headquarters?

    Cloud9 IDE's headquarters is located at Lauriergracht 116 D2, Amsterdam.

  • What is Cloud9 IDE's latest funding round?

    Cloud9 IDE's latest funding round is Acquired.

  • How much did Cloud9 IDE raise?

    Cloud9 IDE raised a total of $7.31M.

  • Who are the investors of Cloud9 IDE?

    Investors of Cloud9 IDE include Amazon, Salesforce Ventures, Balderton Capital, Accel and Atlassian.

  • Who are Cloud9 IDE's competitors?

    Competitors of Cloud9 IDE include Codenvy and 1 more.

You May Also Like

Koding Logo
Koding

Koding is a developer community and cloud development environment where developers come together and code in the browser – with a real development server to run their code. Developers can work, collaborate, write and run apps without jumping through hoops and spending unnecessary money.

Codenvy Logo
Codenvy

Codenvy, formerly Exo IDE, provides a cloud environment for coding, building, and testing apps that uses the cloud's resources to shorten development tasks while organizations simplify on-boarding, collaboration and compliance processes.

GitHub Logo
GitHub

GitHub is a social network to share code with friends, co-workers, classmates, and strangers. Users have access to free public repositories, collaborator management, issue tracking, wikis, downloads, code review, graphs and more. The hosted service GitHub.com is free for open source projects and according to much of the developer community, it has helped to improve open source collaboration.On October 26, 2018, GitHub was acquired by Microsoft at a valuation of $7.5B.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.