South African organisations are building more software than ever before. What many of them are not doing is securing the identities and pipelines that build it.

Obsidian Systems has announced a strategic reseller and implementation partnership with BlueFlag Security, an identity-first software development lifecycle (SDLC) security company headquartered in Sunnyvale, California. Under the agreement, Obsidian becomes BlueFlag’s exclusive in-country reseller and implementation partner, bringing the platform to enterprise and public sector customers across South Africa.

The focus is on protecting developer identities, machine accounts, and toolchains in modern software environments.

For years, security programmes have concentrated on endpoints, networks, and business applications. Meanwhile, development environments have expanded quietly. Developers push code to cloud repositories. CI/CD pipelines automate builds and deployments. Service accounts and API keys multiply. Access tokens linger long after projects end.

Attackers have noticed.

High-profile supply chain incidents such as SolarWinds and the XZ Utils backdoor have demonstrated that breaching the development process can have far-reaching consequences. A compromised identity inside a build pipeline can introduce vulnerabilities into software that ultimately reaches thousands or millions of users.

“South African organisations are investing heavily in development capability, which is exactly what the economy needs,” says Muggie van Staden, CEO of Obsidian Systems. “But the security conversation has not kept pace. We secure production systems rigorously, yet we often overlook the identities and automation that produce the code in the first place.”

BlueFlag’s platform is built around what it calls an identity-first approach to SDLC security. Instead of treating developer tools as peripheral systems, it places identity governance at the centre of the development process. The platform continuously monitors human and machine identities across repositories, CI/CD platforms, and related tooling, looking for over-permissioned accounts, dormant credentials, token sprawl, and misconfigurations that create lateral movement opportunities.

A distinguishing feature of the platform is its AI-driven identity intelligence layer. Rather than simply generating alerts, the system builds behavioural context around developers and automated agents, identifying material deviations and reducing the noise that often overwhelms security teams.

In modern DevOps environments, machine identities frequently outnumber human users by a significant margin. Service accounts, bots, and pipeline tokens often operate with broad permissions and limited oversight. BlueFlag provides consolidated visibility across these non-human identities and enforces least-privilege principles across development environments.

For South African organisations facing cybersecurity skills shortages, the automation component is not incidental.

“No security team in this market has the capacity to review every repository, pipeline, and token manually. The value here is not just detection. It is governance at scale. You are extending the reach of your security team without adding headcount,” says van Staden.

Obsidian’s role will include pre-sales advisory, deployment, integration, and ongoing managed services around the BlueFlag platform. The company intends to position SDLC identity security alongside its existing open-source and enterprise infrastructure offerings, particularly in sectors such as financial services, telecommunications, retail, and government, where internally developed software underpins critical services.

“What stands out in South Africa is the pace at which organisations are building and modernising internally developed systems,” says Raj Mallempati, CEO and Co-founder of BlueFlag Security. “Obsidian understands that environment deeply. Our role is to provide the governance foundation that ensures development growth translates into resilience, not new exposure”

BlueFlag’s platform is available immediately through Obsidian Systems in South Africa. Organisations can engage Obsidian to assess their current SDLC identity posture and to demonstrate the platform in action.

The conversation around software supply chain risk has moved beyond theory. For many enterprises, the next breach will not begin at the firewall. It will begin in a repository.

END

About Obsidian Systems

Obsidian Systems is an established supplier of Open Source software solutions. The company was started in 1995 as a modest services provider targeting businesses and organisations looking to integrate and leverage off Linux infrastructure.

Subsequently, the organisation has expanded by partnering with Autumn Leaf and RadixTrie.

The expansion of skills has seen the establishment of a formidable team finding ‘smarter’ ways to align our expertise for Enterprise Open Source solutions for you. This includes retail and subscription services; support and observability for managed services; consulting, architecting and software services across hybrid IT models for your business.

Obsidian Systems and its subsidiaries, Autumn Leaf, and RadixTrie strive to bring three legs to the South African market: the first being vendor-certified products; the second being local skills providing consulting, development, support and training; and the third being innovative offerings built on the latest open technology. With these three elements, any organisation can trust the enterprise open-source solution provided.

Obsidian Systems is a Level 1 Broad-Based Black Economic Empowered supplier of open-source software solutions in South Africa. We help teams to get their code to the best platforms and the correct data.

Telephone: 0860 4 LINUX (0860 4 54689) Telephone (International): +27 11 795 0200 | Physical Address: Unit 5 Randridge Office Park, Ateljee Street, Randpark Ridge 2154, South Africa | Postal Address: P.O. Box 4938, Cresta, 2118, South Africa

About BlueFlag Security

BlueFlag Security offers a comprehensive, identity-first approach to securing the software development lifecycle (SDLC). By focusing on developer identities – both human and machine – and toolchain security, BlueFlag helps organizations address the most critical attack vectors often neglected by traditional code-centric solutions. The platform leverages AI-driven activity intelligence to monitor and analyze risks, enforce policies, and automate remediation. With capabilities across identity governance, pipeline security, code governance, and continuous compliance, BlueFlag proactively strengthens security postures while optimizing operational efficiency, ensuring protection against evolving software supply chain threats. Learn more at blueflagsecurity.com.