AppMap code analysis tool wants to become Google Maps for developers – TechCrunch
In December 2021a vulnerability in a widely used logging library that hadn’t been patched since 2013 caused a real security meltdown.
The score of 10/10 Log4Shell flaw in Log4j, an open-source logging software found virtually everywhere from online games to enterprise software and cloud data centers, has claimed many victims from Adobe and Cloudflare to Twitter and Minecraft due to of his omnipresent presence. It was described by security experts as a “design failure of catastrophic proportions” and demonstrated the potentially far-reaching consequences of sending the wrong code.
Based in Boston AppMapgo through TechCrunch disrupts the startup battlefield this week wants to prevent this bad code from going into production. The open-source dynamic execution code analysis tool, which the startup says is the first of its kind, is the brainchild of Elizabeth Lawler, who knows a thing or two about security. Prior to founding AppMap, she founded DevOps security startup Conjur, which was acquired by CyberArk in 2017, and served as chief data officer for Generation Health, later acquired by CVS.
After selling two companies to large enterprises with lots of legacy software, Lawler witnessed how developers struggled to understand the systems they were tasked with improving and how difficult it was to deliver fast and secure code in microservices. complex and cloud applications.
“I’m surprised people have a mental model of how things work that’s actually disconnected from how it actually works,” Lawler told TechCrunch. “When we don’t know how our software works, we make better guesses when we write code.”
This led to the creation of AppMap, which is based on the simple idea that developers need to be able to see the behavior of software as they write it in order to avoid problems when running the software. Unlike static analysis tools that don’t show runtime information, AppMap – which was built from the ground up over a three-year period – runs in the code editor to show developers what components communicate with which components, at what rate and latency, at what network speed, and if there are errors between them, allowing developers to gain actionable insights and make improvements faster than ever before.
This is all done in an interactive code editor extension, which AppMap designed with the help of comic artists and musicians to make it as easy to use and intuitive as possible.
“I’m a data scientist, so I know how overwhelming data can be,” Lawler said. “Google Maps elegantly showed us how maps can be personalized and localized, so we used it as a starting point for how we wanted to approach the problem of Big Data.”
To coincide with TechCrunch Disrupt, AppMap is launching three new features: the ability to share and collaborate with other engineers; performance analysis that alerts developers when code changes will impact performance and scalability; and security analysis that can identify software execution code issues in a developer’s code editor before they commit their code, whether they be data leaks and client secrets in log files or missing or incorrect authentication or authorization.
“We can see the types of issues that are now in the growing OWASP Top 10. Static issues have decreased in prevalence because we have good scanners for them, but what we don’t have good scanners for , it’s those dynamic issues that are designed in nature, if you look at the CWE Top 25, almost half of them are code design issues.
As it is based on open source, which is apparent from the startup’s community approach to modifying its product and adding new features, AppMap is free for developers. “We don’t think you should be charged for self-awareness in programming,” Lawler said. “If we’re going to integrate with your GitHub and need to provide backend functions or storage, then those are paid services.”
AppMap, which is a VC-backed pre-revenue startup, currently has more than 20,000 customers — a figure growing 20% every month — with developers from IBM, NASA, Sonos and Salesforce using its product. He’s also growing his team, which is made up of employees who have coded at some point in their careers and have deep experience in DevOps, automation, cybersecurity, and test-driven development. Kevin Gilpin, technical co-founder of AppMap, describes the highlight of his career as delivering “build your vehicle online” pages for Ford.
Although it only launched in 2021, the vision of the startup goes far beyond prevent developers from submitting bad code. “We spend a lot of time and energy instrumenting downstream elements of our application, but we’ve never instrumented the build process. We’ve never really seen people think, design and create that way. I think having observability data at that time will open up a lot of opportunities. As AppMap evolves, I’d like to think about how it becomes even more important than performance analysis and becomes more of an assistive technology in this area.