Addressing the challenges of cloud-native application security
Kusari’s software supply chain expertise gives you the ability to overcome the challenges in securing your cloud-native applications.
Ben Cotton
July 23, 2025
The challenge in securing your software supply chain is often not a lack of data, it’s disparate data. In fact, you’re often overwhelmed by the volume of raw data that you have. The challenge is understanding the relationships, context, and importance of the data. Security has to be a part of the end-to-end software lifecycle, not a set of uncoordinated silos.
In a “plea for unified platforms”, The New Stack outlined four challenges in cloud-native application security:
- Fragmentation
- The shift left
- The need for real-time threat prevention
- Supply chain risks
The author of that piece wasn’t writing about Kusari's mission, but he could have been. Kusari’s product offerings address each of those challenges to provide organizations with insights into security.
Fragmentation
Even small organizations face fragmentation. They might have a frontend written in Node.js, a backend written in Go, glue scripts written in Python, and all deployed with Helm charts. Each of these represents a distinct ecosystem with important metadata — like dependencies and vulnerabilities — to track. As organizations grow, teams begin working semi-independently. Teams working on different components may use different versions of open source libraries.
Because so much tooling focuses on the application/repository level, it’s hard to get a good view of the big picture. There’s a reason the question “if another log4shell happened, would you know which of your applications were affected?” resonates so well with the people we talk to.
Kusari Platform aggregates data from many different sources across your entire portfolio so that you can see the big picture. Teams can focus on their specific areas of concern while management can see how the organization as a whole is doing.
The shift left
“Shifting left” has been a prominent part of software development in recent years. Conceptually, it makes sense — the phrase “a stitch in time saves nine” dates back to at least the 18th century. Bringing testing and security to earlier parts of the development process makes it easier (and cheaper) to address any issues that arise. But the side effect is that the workload on developers increases. They have more work and need more expertise. When they’re also expected to ship faster, this increased burden causes undue stress and can lead to shortcuts.
With Kusari Inspector, we take some of the burden off of developers. Kusari Inspector analyzes pull requests for potential security issues including vulnerabilities, misconfigurations, poorly-maintained dependencies, and a raft of other common problems. Based on this analysis, it provides a clear go/no-go recommendation within seconds. Where possible, it suggests possible fixes on the specific lines that introduce the issue. All of this happens in seconds, and right where developers are already working. This means you catch security issues before they’re ever added to the code base, and with zero developer disruption.
The need for real-time threat prevention
Application security is an ever-evolving landscape. The application that had no known vulnerabilities when it shipped could have a vulnerability the next day that threatens the very existence of the organization. You can’t rely on what you knew about an application in the past to protect the present.
Deployments are dynamic, too. You have a variety of environments — testing, staging, production — potentially spread across multiple cloud providers or internal datacenters. In order to respond to a new vulnerability, you have to know where every affected version is deployed right now.
Kusari Platform is aware of your deployments, so you can quickly see where the vulnerable applications are. Using the eBPF-based runtime detection in Kusari Platform, you can know which deployments are actually calling the vulnerable code. This means you can focus your immediate attention on the highest priority applications, quickly closing the window of opportunity for attackers.
Supply chain risks
Everything I’ve said up to this point addresses supply chain risks, too. We know that modern software supply chains are complicated. Each application has a web of dependencies that can extend into the hundreds, with several layers of transitive dependencies. Trying to manage these manually is overwhelming, both in terms of the sheer volume, as well as the skills necessary to analyze each dependency’s security posture.
With 70-90% of an application’s code coming from dependencies, it stands to reason that the majority of vulnerabilities come from dependencies. Kusari brings supply chain expertise to the tools you need. Our founders have a deep history in securing the software supply chain in large, regulated industries. We are leaders in open source security tools and practices. This means our products are built with one thing in mind: helping you manage your software supply chain. From Kusari Inspector uncovering issues as you add code to Kusari Platform providing continuous monitoring and alerts when a new vulnerability is discovered, Kusari has your back.
I invite you to try Kusari Inspector for free and to talk to us about a demo of Kusari Platform.
Like what you read? Share it with others.
.webp)
.webp)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.jpg)
Previous
No older posts
Next
No newer posts
Want to learn more about Kusari?