"Bitling Technology" Selected for 2022 *China Digital Security Capability Atlas (Select Edition)* | Yunqi Tech π

"Yunqi Tech π" shares updates from Yunqi Capital's portfolio companies, exploring how cutting-edge technology expands the boundaries of real-world applications and tracking the present and future of tech commercialization. In this edition, "Biling Technology" takes the spotlight.

➤➤➤ Recently, Shi Shi Consulting, a neutral third-party research firm in China's digital security space, officially released the 2022 China Digital Security Capability Map (Select Edition) (hereafter referred to as "the Map"). Yunqi Capital portfolio company Biling Technology was named an Innovator in Continuous Application Security within the Application Scenarios segment, recognized for its leading technological innovation capabilities.

This year's Capability Map is organized around four dimensions: information technology, business applications, cyber offense and defense, and data security at the center. These are divided into eight directions, designed to cut through the confusion caused by fragmented and inconsistent classification systems that create friction in communication, statistical analysis, and procurement. The Map highlights standout security capability providers, reduces trial-and-error costs for both buyers and sellers, and serves as a research reference for professionals across the digital security industry.

Continuous Application Security (CAS) is a new framework proposed by Shi Shi Consulting at a software supply chain security seminar to address China's software supply chain security challenges. CAS aligns more closely with today's agile, cloud-native, business-first development models. If CAS were a basketball game, the specialized tools in the chain would be the players, while ASOC plays the role of coach. Throughout the process, ASOC orchestrates and integrates security tools on one end, and interfaces with enterprise secure development management workflows on the other — directing operations through security playbooks.

Biling Technology's ASOC in Practice

➤ Extended orchestration capabilities

Biling's product, Lingyu — Continuous Application Security Platform (ASOC), extends orchestration beyond testing tools like XAST to connect with security requirements platforms, vulnerability management platforms, software release approval systems, business collaboration systems, and more. The tool types being orchestrated span commercial tools, open-source tools, and in-house enterprise tools — all to keep pace with digital transformation trends. This extensibility exists to fully connect every role and every action in the development process, creating unlimited possibilities.

➤ Extended playbook capabilities

Technically, a playbook is a highly automated program that enables machine-to-machine communication and execution. From a business perspective, it represents a single enterprise security operations cycle. Playbooks create all the context needed for orchestrated resources to collaborate — including data flows, logic flows, subjects, and objects. Lingyu 2.0 currently supports multiple trigger types: Timer, Message, threat intelligence, and CI/CD pipelines, with over 20 pre-built operational templates for common development scenarios.

➤ Data analytics capabilities

Lingyu draws data from its orchestrated resources and expands the view to enterprise security governance through a UEBA lens. From an error-occurrence angle, it uses code check-in heat maps to help determine whether certain code is mission-critical, enabling better vulnerability prioritization and code protection decisions.

From an insider threat angle, it flags high-risk anomalies for early warning — such as code cloning from unknown locations or excessive repository cloning in a short timeframe; tracking developers who repeatedly commit the same category of problematic code for targeted security training; and escalating to formal disciplinary education for developers with repeated hardcoded credential violations.

Biling Technology's inclusion in this Capability Map reflects industry recognition of its comprehensive innovation capabilities and product competitiveness. As an innovator and leader in the practical application of Continuous Application Security, Biling will continue advancing key technical breakthroughs, steadily strengthening its core product advantages, and helping enterprises build a secure software development foundation.

Yunqi Capital remains focused on "technology innovation, industry enablement," with foundational software as one of its sustained areas of focus. In 2021, Yunqi led Biling Technology's Pre-A round and has continued to support the company's growth. Beyond Biling, Yunqi made early investments in several industry leaders including PingCAP, TigerGraph, Graviti, Cloudchef, and RisingWave.