It’s time for another Rust Foundation member spotlight, our blog series in which we’ve been introducing all our great Silver Member companies to the Rust community. Today we received input from Dotan Nahum, Founder and CEO of Spectral. Read on to learn about Spectral, how the company is using Rust and why it has joined the Rust Foundation.
Tell us a bit about Spectral. What do you do and who do you serve? #
We're a DevSecOps startup, building security products for developers that aim to help with security mistakes in codebases, data and apps. With Spectral you can cover full SDLC hardening from code to cloud, infrastructure, apps and CI/CD hardening, as well as best practices in code - all from a single CLI and a single one-pass scan.
How is Spectral using Rust? How do you expect to use it in the future? #
Our core technology is Spectral Scan, which is fully built in Rust. It's a security scanner that can find security mistakes from secrets, PII in source code, documents, compiled files, binaries to security misconfiguration - a misconfigured infrastructure platform such as Kubernetes or a database such as Elastic or Postgres, and app frameworks such as Django and more. We also have Keyscope and service-policy-kit which are both written in Rust and are open source. Technologically, we do optimized I/O, machine learning, parsing, and execution optimization in Rust.
What was Spectral's motivation to join the Rust Foundation? #
Rust and the Rust community have been key players in realizing our technology, and we wanted to be a part of that community. Rust has been the perfect fit for the ambitious goal that we've set for ourselves: one tool to rule them all, and the Foundation serves as a motivating and accepting community for us at Spectral. We feel obligated to give back as we move deeper into building security for developers at scale and seek out opportunities to contribute.
What do you hope the Rust Foundation will accomplish in the months and years ahead? #
I hope the Rust Foundation is able to give a home to all of those who've been working around Rust voluntarily, keep the motivation, and keep steering Rust in the right direction for serving as a mission critical programming language.
When and how did you personally get involved with Rust itself and how has your involvement evolved? #
As a programming language junky, I first got to use Rust around 2014. However, at the time I bumped into stability issues so I've parked that experiment. I later picked it up again at around 2017-2018, when the 2018 edition was starting to make headlines. There were nice docs and it felt like a successful choice for a generalist programming language that has a learning curve charted out. It soon became the language to power the core technology at my new startup, Spectral.