PPE Analytics: Driving Innovation in Safety Equipment Data
PPE analytics is a Paris-based platform for the safety equipment (EPI) market. As it scaled to major customers, it secured laptops, repos, and GitLab CI/CD with developer-first Zero Trust—without MDM or productivity-killing lockdowns.
“Our platform’s credibility hinges on trust. We manage sensitive product data for our clients, so protecting our code and infrastructure is non-negotiable. At the same time, I didn’t want to shackle our engineers with heavy-handed controls that slow them down.”
Edouard de Labareyre
Founder & CTO, PPE analytics
Challenge
PPE analytics is a Paris-based software company building a collaborative platform for the safety equipment (EPI) market. By 2024, as the company gained traction with major clients, protecting source code, customer data, and credentials across the SDLC became a top priority—without sacrificing developer productivity or autonomy.
Edouard de Labareyre (Founder & CTO) summarized the constraint clearly: security had to be strong enough for enterprise trust, but light enough to keep engineers fast.
Security challenges — protecting code & secrets without slowing devs
Supply-chain threats: headlines of breached dependencies and hijacked CI jobs were a reminder that even small teams can leak API keys or ship backdoors—without any live visibility into odd build behavior.
Linux-first developer autonomy: engineers work on Linux Mint laptops they fully control. Traditional MDMs or heavy agents would lock them down and kill velocity. The goal was to harden disks, firewalls, and patches without removing root or preferred tools.
CI/CD blind spots: GitLab pipelines move code and secrets constantly. PPE analytics needed Zero Trust checks inside each run to block unauthorized pulls or suspicious outbound calls—something manual scripts and network allow-lists couldn’t guarantee.
Proving a high-standard posture: larger customers demanded evidence that only secure devices and processes touch source, secrets, or data—without a big IT staff or a patchwork of tools.
Bottom line: Edouard needed unified, developer-friendly control from laptop to CI so the team could stay fast and fully protected.
Solution
PPE analytics adopted EDAMAME to secure developer laptops and CI/CD runners in a unified, developer-first Zero Trust model. The approach combined a lightweight endpoint app for laptops with an extensible CLI step inside GitLab CI—so posture checks and enforcement became part of day-to-day engineering, not a separate IT workflow.
EDAMAME Security on Linux Mint laptops
Each developer installed the EDAMAME Security application on their Linux Mint workstation. It continuously assesses the machine against baseline security signals (encryption, patch posture, firewall, risky services) and provides clear remediation guidance—while developers keep full admin control and their preferred tools.
Posture signals flow to EDAMAME Hub, giving leadership real-time visibility into the fleet without invasive device management.
Zero Trust repository access via GitLab integration
PPE analytics leveraged EDAMAME’s integration with GitLab conditional access: only devices meeting the live posture baseline can access repositories and secrets. If a device is missing patches or isn’t running the agent, it doesn’t get to clone or fetch secrets—reducing the impact of leaked tokens or rogue endpoints.
edamame_posture in GitLab CI/CD
PPE analytics embedded security checks inside pipelines using edamame_posture. A dedicated step runs posture and network checks on the GitLab runner before build steps execute, then monitors the build for unusual outbound connections or behavior. This provides practical guardrails against CI supply-chain attacks and credential exfiltration during builds.
Unified visibility across endpoints and CI
With both laptops and runners covered, PPE analytics gained a single view of posture and security events across the SDLC—turning security from a one-off checklist into a continuously verified practice.
Results
By integrating EDAMAME into its SDLC, PPE analytics elevated security standards without compromising developer efficiency or autonomy.
Comprehensive SDLC security with posture-based Zero Trust
Continuous verification across workstations, repositories, and CI/CD reduced risk from credential theft, rogue devices, and supply-chain attacks. Posture-gated access in GitLab ensured both identity and device security were required for every repo interaction.
Maintained developer autonomy and productivity
Engineers kept full control of their Linux Mint workstations and preferred workflows. Security checks became lightweight, workflow-native guardrails—closer to linting than lockdown—while proactive remediation reduced time lost to firefighting.
Stronger compliance evidence, visibility, and customer trust
Unified reporting across endpoints and CI made it easier to answer customer questionnaires with concrete, continuously verified evidence—and to detect and remediate issues quickly.
“Operational peace of mind hinges on the robustness of our platform. EDAMAME addressed a critical blind spot—access control—without complexity or invasive management tools. Fewer tools, greater mastery, and far fewer surprises transformed our security posture.”
Want to see EDAMAME on your environment?
We’ll help you validate posture-based access controls for repos, CI runners, and internal apps in days — not months.