Newsletters




DryRun Security Powers Code Policy Enforcement with Natural Language, Underpinned by $8.7M in Funding


DryRun Security, the AI-native company delivering application security (AppSec) for development and security teams, is announcing the completion of its $8.7 million seed funding round as well as the launch of Natural Language Code Policies (NLCP). The infusion of capital and the debut of NLCP reflects DryRun’s ongoing momentum in the space of enhancing AppSec. 

Context is everything when it comes to AppSec—yet with organizations managing massive amounts of code, security is becoming more and more complex. Traditional code scanning tools often lag behind the latest in tech, and because of this, developers are bypassing security reviews—leaving security teams to write new rules retroactively that are difficult to maintain, according to DryRun Security.

“We started this company to build a security buddy for engineering. And we've also found that we actually built an engineering buddy for security teams; they needed a way to see through the hundreds or thousands of code changes that are happening every single week inside of their organization…and that's where contextual security analysis came from,” said James Wickett, CEO and co-founder of DryRun Security.

DryRun Security’s Contextual Security Analysis (CSA) approach surfaces security risks while integrating seamlessly into developer workflows. By layering a variety of contexts—including static, change, and application context—within DevOps and AppSec workflows, DryRun Security drives greater understanding of development impacts on security in near real time. This helps alleviate security tool pressure on developers, as well as create a clearer understanding of security reasoning.

“Contextual security analysis is sort of a break from the pattern-matching approach that has plagued our industry,” noted Wickett. “If you're only matching known bad patterns, it doesn't really allow you to see the risk that's coming into your system—and it often leads to…where you match a pattern, but it wasn't really real. And in our industry, false positives are one of the biggest problems that plague security scanning tools.”

DryRun Security enables AppSec teams to execute GitHub native security analysis in seconds, delivering robust awareness for both development and security. With the addition of NLCP, DryRun Security continues to resolve the challenges of traditional scanning tools, allowing AppSec teams to dive deeper into the context of their applications. NLCP allows teams to define and enforce security policies in plain, natural language, driving a standard of reducing vulnerability earlier in the software development lifecycle with ease.

“[With NLCP,] now you can dig in on code policy questions around your encryption standards, how you're handling customer data, how you're dealing with PCI or credit cards, or anything it is that you care about in your organization, you can ask whether it's code related, function related, [or] developer action related,” explained Wickett.

DryRun Security’s recent infusion of capital will serve to expand its engineering teams and resources to continue its innovation in the AppSec space. These funds will also go toward DryRun Security’s R&D and go-to-market efforts.

To learn more about DryRun Security, please visit https://www.dryrun.security/.


Sponsors