Software First Companies Trust Cycode
See how our customers leverage the Cycode platform to build and deliver secure applications.
Jane Scales AppSec and Streamlines Dev Workflows with Cycode
About Jane Software
Jane (also known as JaneApp) is a practice management software and EMR designed to help health and wellness practitioners run their business online. They provide tools to manage scheduling, documentation, billing, reporting, telehealth, payments, and more! to hundreds of thousands of practitioners across North America and Europe-- all while remaining HIPAA-, PIPEDA-, and GDPR-compliant.
The Challenge
Before Cycode, Jane relied heavily on a number of disconnected open source tools to manage application security. While cost-effective in theory, in practice, these tools quickly became difficult to manage at scale. The team faced mounting inefficiencies, noise, and a lack of clarity between security and development."We were spending more time managing the tools than benefiting from them. Open-source sounded free, but the cost in developer time and missed context was too high," said Joseph Giordano, Application Security Manager at Jane. "It also created tension with developers, who were overwhelmed by noisy alerts and unclear prioritization," he continued.
Key challenges included:
- No reachability analysis, leading to an overload of irrelevant alerts
- High rate of false positives
- Difficulty managing scanners across individual repos, increasing operational overhead
- Fragmented vulnerability data stored across multiple locations
- No centralized reporting or ability to track risk trends across the SDLC
- Lack of risk contextualization (decisions were driven by CVSS scores alone)
- Limited coverage for containers, Infrastructure as Code (IaC), or CI/CD pipelines
The Solution
Jane launched a formal evaluation process to find a modern application security solution. Their requirements included native scanning support, centralized reporting, GitHub integration, and a better developer experience. After running Proof of Concepts of Cycode and two other vendors, Jane selected Cycode as their long-term Application Security partner. According to Giordano, "Cycode felt like a one-stop shop. It replaced our open-source stack, improved developer relations, gave us confidence in our coverage, and helped us continue to meet the security standards expected in a healthcare environment."
Here’s what stood out:
- Unified Native Scanning: Out-of-the-box support for SAST, SCA (with reachability analysis), container, and IaC scanning
- Developer-First Workflows: Diff-based pull request scanning and IDE plugins made security feel lightweight and helpful
- One-Click GitHub Integration: Instant repo onboarding dramatically simplified rollout across teams
- Policy Customization: Pattern-based policy creation helped the team enforce AppSec guardrails at scale
- Threat Intelligence Integration: Features like an in-app threat intelligence feed help Jane understand what current threats they may be exposed to
- API Bill of Materials & Compliance Dashboards: Enabled the application security team to inventory their API and technology landscape and manage security posture
- Best-in-Class UX: A modern, intuitive interface made security data accessible across teams
The Results
With Cycode in place, Jane has transformed its approach to application security. The improvements span developer experience, tooling efficiency, visibility, and coverage. Importantly, these capabilities all work together to scale the company's ongoing dedication to privacy and security.
Streamlined Developer Experience
Cycode’s developer-first tools fit directly into existing workflows, helping reduce friction while increasing adoption. Developers can enable pull request scanning in just minutes, and the diff-based alerts are precise and relevant. "Right after I presented Cycode to the developers, several teams reached out asking for PR scanning on their repos," said Giordano. "I enabled it in two minutes. It was that easy."Some developers have already started to embrace the IDE plugin, which delivers security insights directly within their workflows. By surfacing issues in context, it’s helped build confidence in the platform and made secure coding feel like a natural part of development rather than a separate task.
Reduced Noise and Tool Sprawl
By consolidating multiple open-source tools into one comprehensive platform, Jane was able to reduce both operational complexity and overhead. Reachability analysis eliminated many of the false positives that previously burdened their developers.With fewer tools to manage and cleaner signals to act on, the security team is now free to focus on higher-value initiatives.
Unified Security Visibility
Previously fragmented data is now centralized through Cycode’s dashboards, giving Jane actionable visibility across their environment. The ability to track vulnerabilities by repo, team, or asset has improved both day-to-day triage and long-term reporting. Leadership now has access to clear, high-level metrics, and compliance workflows are supported by auto-generated SBOM and API BOM data.Coverage Across the Full SDLC
Cycode filled critical gaps in Jane’s security program by extending coverage to containers, (IaC), and CI/CD piphttps://cycode.com/source-control-ci-cd-security/elines. These were areas previously left unmonitored due to tool limitations. With Cycode, Jane can now enforce policies and surface vulnerabilities from code to deployment, ensuring security is baked in throughout the development lifecycleImproved Developer and Security Collaboration
One of the most important outcomes has been improved alignment between security and engineering. Developers now receive fewer, more targeted alerts and (importantly) can connect the signals they’re getting to the issues that need to be addressed."Cycode’s diff-based approach made a big difference, said Giordano. “It’s helping us reduce friction between security and devs. The Security Team, in turn, can focus on enablement rather than enforcement, guiding teams with policies that enhance velocity. The result is a more collaborative and resilient engineering culture."