Chainguard Raises $50M in Series A to Make Software Supply Chain Secure by Default, Introduces Secure Container Base Images

Chainguard Raises $50M in Series A to Make Software Supply Chain Secure by Default, Introduces Secure Container Base Images

Sequoia Capital leads round with participation from Amplify, Chainsmokers’ Mantis VC, LiveOak Ventures, Banana Capital, K5/JPMC and other leading angels to support founding team of security engineers from Google

Chainguard, the leader in securing the software supply chain by default, announced it has raised $50 million in its Series A funding round led by Sequoia Capital with participation from Amplify, the Chainsmokers’ Mantis VC, LiveOak Venture Partners, Banana Capital, K5/JPMC and CISOs from Google and Square (Block), among others. The company today is also announcing Chainguard Images, the first container base images designed for a secure software supply chain that are continuously updated to achieve zero-known vulnerabilities.

“High profile software supply chain attacks like Log4j have flashed a spotlight on the need to establish a foundation of trust in the software that companies put in production,” said Bogomil Balkansky, partner at Sequoia Capital. “Chainguard gives companies confidence in the critical open source software they deploy by providing a low-friction, developer-friendly way of signing and verifying software artifacts so they have a trail to trace if a breach does occur. The Chainguard team are the thought leaders in this space, and it is the right team at the right time in history to tackle this problem.”

Read More:  Dada Group Releases White Paper Discussing Fulfillment For On-Demand Retail

For decades, security was focused on firewalls and perimeter security – who gets inside software systems. With the increasingly distributed nature of software development, security concerns today are focused on the software supply chain, where attacks are on the rise across every stage of the development lifecycle and account for $100 billion in damages from the Solarwinds attack alone. Developers must consider the security of their code, build systems, artifacts and everything from binaries to container images and the language packages they’re using.

Chainguard’s vision is a supply chain where every artifact can be verifiably traced back to the source code and hardware it was built on and by whom. The company is making sense of the chaotic security solutions space by seamlessly integrating security into the software development lifecycle. It’s a holistic, end-to-end solution from development to production to policy management. The Chainguard founding team includes open source industry veterans Dan Lorenc, Kim Lewandowski, Matt Moore, Scott Nichol and Ville Aikas. The team worked together at Google on many of the world’s foundational container projects, including: Minikube, Distroless, Skaffold, Knative, Tekton, Kaniko, ko, and Chainguard’s products are rooted in open standards and critical open source projects its founders helped create, including Sigstore, the SLSA framework, and apko.

Read More: SalesTechStar Interview with Aaron Froberg, Senior Director of Value Acceleration at Egnyte

“Security engineers are used to reasoning with roots of trust by using two-factor authentication and identification systems and establishing trust with hardware by using encryption keys. But we don’t have that for source code and software artifacts today,” said Dan Lorenc, co-founder and CEO at Chainguard. “Our vision is to connect these roots of trust throughout the development lifecycle and across the software supply chain and give developers and CISOs alike confidence in the code they’re running in production and the integrity of their systems.”

With this round of funding, Chainguard will be able to strategize and execute on its mission of securing the software supply chain through an expanded suite of products to serve developers and technical leaders, which includes today’s introduction of Chainguard Images.

Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.