Cycode Complete ASPM
  • Products
    Cycode AI-Native Platform

    Application Security Testing (AST)

    Reduce risk across your entire code with modern AST approach

    Software Supply Chain Security

    Defend your software supply chain

    ASPM

    Discover and manage all security tooling and data across your SDLC from one central platform

    Cycode AI

    (A)chieve the (I)mpossible With AI-Native Application Security Platform
    By Use Case

    Secrets Detection

    Continuously scan, detect and remediate every hidden secret across your SDLC and developer productivity tools

    CI/CD Security

    Proactively monitor and prevent supply chain attacks in your CI pipeline

    Source Code Leakage

    Centrally manage governance & security policies across all your DevOps tools

    Container Scanning

    Container security from development to deployment
     

    SCA (open source security)

    Find all open source vulnerabilities across your entire SDLC with Software Composition Analysis

    SAST (code security)

    Zero in on, and fix vulnerabilities in custom developed code

    IaC

    Prevent cloud misconfigurations and apply security standards to Terraform, Kubernetes, & more

    Posture Management

    Ingest & understand your security posture
     

    State of ASPM 2025

    2nd Annual research report on the challenges & strategies in ASPMDownload Report
  • Resources

    Product Security All-StarsNEW

    Meet the top leaders of 2025 who are shaping the industry through Product Security

    ASPM Book

    Published book on the future of code resilience, with interviews from 20+ CISOs and DevSecOps leaders

    Solution Briefs & Whitepapers

    Downloadable product overviews, expert guides, and in-depth reports

    State of ASPM 2025NEW

    2nd Annual research report on the challenges & strategies in ASPM

    Application Security Accelerated

    Video series covering everything you need to know in AppSec

    Analyst Research

    Reports & analyst research on ASPM

    Blog1 NEW this month

    Learn & stay up to date on developments in ASPM

    ASPM University

    Ultimate educational destination for ASPM, curated learning hub with videos, articles & guides from top experts

    Cygives

    Community hub for free & open developer security tools

    The 2025 Product Security All-Stars

    Meet the top leaders shaping the industry through Product Security.Read The Interviews Now
  • Customers
  • Integrations
  • Company

    About Us

    Who are we and what we stand for

    Partners

    The Collaboration Partner Program helps organizations secure software supply chains

    Press & Media

    Hear what the world says about us in the news

    Events

    One stop shop for all Cycode’s events

    Careers

    Learn about career opportunities at Cycode

    Contact Us

    Write us and we promise to get back to you

    Securing Software
    Development In The AI Era

    Join us to learn how security experts are evolving strategies to secure the software the world depends on.Watch Now
Login Get a Demo
Skip to content

Free Trial

  • avatar
  • About the Author

    Alex Ilgayev

    Head of Security Research

    avatar

    Alex Ilgayev is a security researcher specializing in software supply chain security vulnerabilities. At Cycode, he leads the security research team, which is responsible for hunting down security issues and researching possible mitigations. He enjoys coding, reading about security-related topics, and participating in CTF competitions in his free time.

    • March 16, 2025

      GitHub Action tj-actions/changed-files, Supply-Chain Attack: The Complete Guide

      A major software supply chain attack recently struck the widely used tj-actions/changed-files GitHub Action—an alarming development that has impacted over...

      profile url
      Alex Ilgayev
      Head of Security Research
    • February 13, 2025

      How We Optimized CI/MON eBPF Sensor to Handle Thousands of Events per Second

      The rapid evolution of eBPF (Extended Berkeley Packet Filter) has fundamentally changed the way developers think about system-level observability, performance monitoring, and...

      profile url
      Alex Ilgayev
      Head of Security Research
    • August 1, 2024

      Securing Artifacts: Keyless Signing with Sigstore and CI/MON

      Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown...

      profile url
      Alex Ilgayev
      Head of Security Research
    • July 2, 2024

      OpenSSH Vulnerability CVE-2024-6387: What You Need to Know

      1 in 3 OpenSSH Servers Are Vulnerable – Protect Yourself Against CVE-2024-6387 A critical security vulnerability, identified as CVE-2024-6387, has been...

      profile url
      Alex Ilgayev
      Head of Security Research
    • May 7, 2024

      Cimon Delivers Continuous Assurance and Automatic SLSA Compliance

      Cycode revolutionizes CI/CD security and pipeline integrity with its newest version of Cimon, which is part of the Cygives initiative...

      profile url
      Alex Ilgayev
      Head of Security Research
    • April 1, 2024

      XZ Backdoor Software Supply Chain Attack: Strengthening Our Defenses

      A recent security discovery has exposed a critical vulnerability within the XZ Utils library (CVE-2024-3094). Malicious code was embedded in...

      profile url
      Alex Ilgayev
      Head of Security Research
    • December 18, 2023

      Three Lessons from the Ledger Connect Kit Supply Chain Attack

      On December 14, 2023, the crypto community held its breath as news of a critical compromise involving the Ledger Connect...

      profile url
      Alex Ilgayev
      Head of Security Research
    • August 1, 2023

      How to Achieve SLSA Compliance in Azure Pipelines

      We are excited to announce the release of a powerful tool designed to help companies achieve SLSA (Supply Chain Levels...

      profile url
      Alex Ilgayev
      Head of Security Research
    • June 12, 2023

      Introducing Cimon: Your Superhero for CI/CD Pipeline Security

      We are excited to announce the release of Cimon, a revolutionary tool designed to secure your CI/CD pipelines through a...

      profile url
      Alex Ilgayev
      Head of Security Research
    • March 14, 2023

      From Default to Secure: Analyzing the Vulnerability that Could Have Compromised Microsoft 365 Users

      As part of our ongoing research in the open-source ecosystem, Cycode Labs has found and disclosed a novel attack...

      profile url
      Alex Ilgayev
      Head of Security Research
    • February 13, 2023

      Cycode and AWS Collaborate on a 3-Part Series of Videos: Navigating the Complexities of Securing CI/CD Pipelines

      In the fast-paced world of software development...

      profile url
      Alex Ilgayev
      Head of Security Research
    • January 30, 2023

      Cycode Discovers a Vulnerability in GitHub API Authorization – CVE-2022-46258

      Cycode Labs discovered a vulnerability in Github’s API in which GitHub Actions workflows ...

      profile url
      Alex Ilgayev
      Head of Security Research
    1 2 Next »

    Ready to
    Fix What Matters?
    Discover what Cycode can do for you.

    Get a Demo
    • Platform
      • SAST – Static Application Security Testing
      • Next-Gen SCA – Software Composition Analysis
      • Secrets Scanning
      • ASPM – Application Security Posture Management
      • Source Code Leakage Detection
      • Source Control & CI/CD Security
      • Infrastructure as Code (IaC) Security
      • Container Security Scanning
      • Cycode AI – Achieve the Impossible
      • ASPM Marketplace – Connectors & Integrations
      • Application Security – Reduce risk across your entire code with modern AST approach
      • ConnectorX – Ingest & understand your security posture
      • Cimon – Build Hardening and Artifact Integrity
    • Resource center
      • ASPM Book
      • State of ASPM 2025
      • Blog
      • AppSec Accelerated
      • Solution Briefs
      • Analyst Research
      • AppSec Best Practices
      • Cygives
      • ASPM – Guide
      • ASPM University
    • COMPANY
      • About Us
      • Customers
      • Partners
      • Press & Media
      • Security & Trust
      • Events
      • CareersHIRING
      • Contact Us
    • COMPARE
      • Veracode
      • Snyk
      • GitHub Advanced Security
      • Checkmarx
    • legal
      • Terms Of Use
      • Privacy Policy
      • Cookie Policy
      • Status Page
      • Sitemap

    SIGN UP FOR OUR NEWSLETTER

    By signing up I confirm I have read Cycode's Privacy Policy and agree to receive newsletters and updates from Cycode's blog.

    Copyrights

    ® 2025. Cycode Ltd. All Rights Reserved.

    • social_icon
    • social_icon
    • social_icon
    • social_icon
    • social_icon
    © 2025 Cycode • Built with GeneratePress