PPE analytics is a Paris-based software company that delivers a collaborative platform for the safety equipment (EPI) market. Co-founded by CTO Edouard de Labareyre, the company manages a vast dataset of protective gear information and serves clients ranging from industry distributors to large enterprises. By 2024, as PPE analytics gained traction with major clients, Edouard recognized that safeguarding source code, customer data, and credentials throughout the Software Development Life Cycle (SDLC) had become a top priority. However, he was determined that enhanced security should not come at the expense of developer productivity or autonomy.

"Our platform’s credibility hinges on trust," says Edouard de Labareyre, Founder & CTO of PPE analytics. "We manage sensitive product data for our clients, so protecting our code and infrastructure is non-negotiable. At the same time, I didn’t want to shackle our engineers with heavy-handed controls that slow them down. We needed a solution to secure everything from laptops to pipelines without undermining how our devs work."

Security Challenges — Protecting Code & Secrets without Slowing Devs

Supply-chain threats
Headlines of breached dependencies and hijacked CI jobs reminded PPE analytics that even small teams can lose API keys or ship backdoors. Yet they had no live view of odd behavior during builds. “We knew we weren’t immune,” says CTO Edouard de Labareyre.
Linux-first developer autonomy
Engineers work on Linux Mint laptops they fully control. Traditional MDMs or heavy agents would lock them down and kill velocity. The goal: harden disks, firewalls, and patches without taking away root or favorite tools.
CI/CD blind spots
GitLab pipelines move code and secrets every minute. PPE analytics needed zero-trust checks inside each run to block unauthorized pulls or suspicious outbound calls—something manual scripts and network allow-lists couldn’t guarantee.
Proving a high-standard posture
Larger customers demanded evidence that only secure devices and processes touch source, secrets, or data. Meeting that bar—without a big IT staff—required one dashboard tying laptops, repos, and pipelines together.

Bottom line: Edouard needed unified, developer-friendly control from laptop to CI so the team could stay fast and fully protected.

Solution: Developer-First SDLC Security with EDAMAME

After evaluating options, PPE analytics turned to EDAMAME – an innovative endpoint security platform designed for developers and CI/CD environments. EDAMAME Security provided a two-pronged solution that perfectly fit PPE analytics’s needs: a lightweight security app for developer machines and an extensible CLI for CI pipelines. This combination allowed Edouard’s team to secure their entire SDLC in a unified, zero-trust framework.

Key components of the solution included:

EDAMAME Security App on Linux Mint Laptops: Each developer installed the EDAMAME Security application on their Linux Mint workstation. This free app acts as an all-in-one toolkit to “secure, understand and prove” the security posture of a dev machine. It continuously assesses the laptop against security benchmarks, checks for critical vulnerabilities, and ensures baseline protections like disk encryption and firewall are in place. Developers maintain full admin control over their machines – EDAMAME works with their chosen tools and OS, rather than locking anything down. “EDAMAME respects your autonomy by providing robust endpoint security measures that enhance, not restrict, your ability to innovate,” as the EDAMAME team notes. For PPE analytics, this meant engineers kept using their preferred IDEs and local dev setups on Linux Mint, while EDAMAME quietly monitored and auto-remediated security issues in the background. Any fixes (e.g. enabling OS updates or closing risky ports) could be applied with one click by the developer, guided by EDAMAME’s recommendations. The app also feeds continuous posture reports to a central console, giving Edouard visibility into every laptop’s security status in real time.
Zero Trust Access Control via GitLab Integration: PPE analytics leveraged EDAMAME’s integration with GitLab’s Conditional Access policies. In practice, this means only devices that meet EDAMAME’s security criteria can access the company’s GitLab repositories. Whether a developer is pushing code from a laptop or a CI runner is pulling secrets for a build, GitLab will verify their device’s “EDAMAME posture” before granting access. EDAMAME’s platform makes this seamless by continuously reporting each device’s compliance status and enforcing checks on every repository interaction. With this, Edouard locked down code access to a simple rule: if a machine isn’t secure (e.g., missing patches, or not running the EDAMAME agent), it doesn’t get to clone the repo or fetch secrets. This dramatically reduces the risk of credential theft or rogue devices exfiltrating code – even if an attacker obtained a developer’s GitLab token, they couldn’t use it from an unapproved machine.
EDAMAME_Posture CLI in CI/CD Pipelines: In addition to gating access, PPE analytics embedded security checks inside their GitLab CI pipelines using EDAMAME’s CLI tool (edamame_posture). A dedicated step in the CI jobs now runs an endpoint posture check and network scan on the GitLab runner before any build steps execute. This “security as code” approach ensures that the runner’s OS is hardened and free of known vulns, and that no unexpected services or open ports are present. It also activates EDAMAME’s network monitoring for the duration of the build. Think of it as a sentry watching over the pipeline: if any step of the CI job tries to make an unusual outbound connection or run a process outside the whitelist of expected behaviors, EDAMAME flags or blocks it. In one instance, the team tested this with a deliberately compromised build step – EDAMAME immediately detected the rogue script’s attempt to send out a secret, halting the process. This capability gave PPE analytics confidence that even if a supply chain attack slipped malicious code into their pipeline, EDAMAME would catch it before any damage is done. As Frank Lyonnet, President of EDAMAME, explained in a blog post: “Even if a bad actor slips malicious code into your pipeline, tools like EDAMAME can ensure that only pre-authorized connections are allowed, and nothing more” – exactly the kind of assurance PPE analytics needed.
Unified Visibility Across Development and CI: By using EDAMAME on both developer endpoints and CI runners, PPE analytics achieved a single, unified view of security posture across the SDLC. All data flows into EDAMAME’s central dashboard: Edouard can see at a glance that every developer laptop passes compliance checks (or drill down into any issues), and simultaneously monitor pipeline runs for security events. This unified visibility was something they never had before. In Edouard’s words, “Now I can honestly tell our customers – and our board – that every environment where our code lives or runs is under continuous security watch. It’s not just the production servers anymore; it’s our laptops, our test machines, our CI jobs – everything.” This holistic approach turned security from a box-ticking exercise into an ongoing practice embedded in daily development work.

Importantly, all these enhancements were achieved without implementing traditional MDM or locking down devices. EDAMAME’s “privacy-first, no MDM” architecture means it only reports on posture and enforces policy via integrations, never taking remote control of the machines. This was crucial for PPE analytics’s culture of trust. Developers and even external contributors felt comfortable with the solution, as it respected their privacy and independence. “The fact that EDAMAME isn’t an invasive Big Brother was a selling point for our team,” Edouard recalls. “It builds a sense of shared responsibility: everyone knows the tool is watching for threats, but it’s also there to help them fix issues proactively. That creates buy-in rather than pushback.”

Results: Strengthened SDLC Security, Enhanced Developer Productivity, Increased Customer Confidence

By integrating EDAMAME into its Software Development Life Cycle (SDLC), PPE analytics significantly elevated its security standards without compromising developer efficiency or autonomy:

Comprehensive SDLC Security with Zero Trust Access: PPE analytics now ensures robust protection of codebases, credentials, and client data across all stages of development. Continuous verification of security across developer workstations, CI/CD pipelines, and testing environments effectively mitigates risks such as supply-chain vulnerabilities and credential leaks. Additionally, the EDAMAME and GitLab integration enforces a genuine Zero Trust access control model, requiring both user credentials and validated device security posture for every repository interaction. This approach virtually eliminates unauthorized access, significantly reducing the risk of compromise without network complexity or VPN dependencies.

Maintained Developer Autonomy and Productivity: Critically, EDAMAME’s lightweight, developer-friendly approach enabled PPE analytics to maintain high productivity levels. Engineers continue to enjoy full administrative control over their Linux Mint workstations, freely installing essential tools and maintaining preferred development practices. Security checks embedded into their workflow introduce minimal overhead, comparable to standard linting processes, and even enhance productivity by proactively identifying and addressing vulnerabilities.

Enhanced Compliance, Visibility, and Client Trust: With EDAMAME’s automated security posture reporting, PPE analytics has streamlined its compliance processes and audit preparations, significantly enhancing client confidence and positioning itself as a leader in security practices. Real-time, unified visibility across development endpoints and CI pipelines facilitates immediate detection and remediation of issues, substantially improving operational oversight. CTO Edouard de Labareyre summarizes the strategic benefit succinctly:

“Operational peace of mind hinges on the robustness of our platform. EDAMAME effectively addressed a critical blind spot—access control—without complexity or invasive management tools. Fewer tools, greater mastery, and far fewer surprises have transformed our security posture.”

Conclusion: Establishing a New Standard for Development Security

PPE analytics’s journey demonstrates that robust, enterprise-grade security is attainable for organizations of any size with the correct strategic approach. By adopting EDAMAME’s zero-trust, developer-first solutions, PPE analytics has successfully secured its software development lifecycle comprehensively, without hindering productivity or developer autonomy. This approach positions the company distinctly within the market, proactively safeguarding against supply-chain threats and data leaks. As Edouard emphasizes, integrating security seamlessly into development practices enables rapid innovation and superior trust among customers and peers alike, reinforcing PPE analytics’s competitive edge in today’s demanding software landscape.