Developing software is a long process that requires help and resources that are often outside of an organization or network. It’s not uncommon for organizations to bring on outside contractors or use open-source code to augment their own software. The whole process from idea to finished product is often referred to as the software supply chain, and like regular supply chains, it is susceptible to vulnerabilities.
To help safeguard companies from software supply chain attacks, Kirkland-based cybersecurity firm Chainguard raised $50 million in a Series A round. Led by Sequoia Capital, the round also had participation from Mantis VC, the investment firm founded by musical duo the Chainsmokers.
Chainguard provides holistic security solutions that can track and verify who produced an artifact in the code. By approaching security this way, the company is able to provide end-to-end security and further manage the complicated process of developing software.
The company was co-founded last year by Dan Lorenc, Kim Lewandowski, Matt Moore, Scott Nichol and Ville Aikas, who all previously worked at Google. Prior to the Series A raise, the company had reeled in $5 million in venture funding from a seed round that it closed in late 2021.
“Security engineers are used to reasoning with roots of trust by using two-factor authentication and identification systems and establishing trust with hardware by using encryption keys. But we don’t have that for source code and software artifacts today,” Lorenc, co-founder and CEO of Chainguard, said in a statement. “Our vision is to connect these roots of trust throughout the development lifecycle and across the software supply chain and give developers and CISOs alike confidence in the code they’re running in production and the integrity of their systems.”
Along with the funding, Chainguard also announced the launch of its new security product Chainguard Images. With its new product, Chainguard is now also able to provide organizations with secure base images, which often act as the building blocks for new software.
“Chainguard gives companies confidence in the critical open-source software they deploy by providing a low-friction, developer-friendly way of signing and verifying software artifacts so they have a trail to trace if a breach does occur. The Chainguard team are the thought leaders in this space, and it is the right team at the right time in history to tackle this problem,” Bogomil Balkansky, a partner at Sequoia Capital, said in a statement.
