Cycode Raises $56M Series B Round to Secure Software Supply Chains
Cycode, the leader in software supply chain security, today announced a $56M Series B round led by New York-based global private equity and venture capital firm, Insight Partners. YL Ventures, a global VC firm specializing in Israeli cybersecurity investments, who led Cycode’s seed investment, also participated in the round. The funding, one of the largest Series B rounds ever in Application Security (AppSec), comes on the heels of Cycode’s $20 million Series A funding in May of 2021. This round brings the total investment to $81 million.
Cycode has capitalized on the convergence of several technology trends to achieve explosive growth. Since it first began selling in 2020, the company has acquired dozens of customers, ranging from large Fortune 500 enterprises to rapidly growing startups. Moreover, in just the first three quarters of 2021 Cycode increased ARR 7x.
As software engineering and DevOps teams have adopted new tools, the tools themselves have become attack surfaces. While, in previous eras AppSec teams secured development tools, today, they are rarely responsible for doing so. In a survey of 176 technology executives, fewer than 22% of organizations have AppSec teams responsible for securing these key development tools and processes.
Which team is responsible for securing the following development tools?:
- Source Control Management (e.g. GitHub) = 21% AppSec
- Build Tools (e.g. Jenkins) = 16% AppSec
- Infrastructure-as-Code (e.g. Kubernetes) = 13% AppSec
- Containers (e.g. Docker) = 12% AppSec
- Cloud providers (e.g. AWS) = 21% AppSec
While DevOps automation drives efficiency in the software development life cycle (SDLC), the interconnectedness also facilitates lateral movement between tools, systems, and resources across the software supply chain.
Source control management systems (SCM) are becoming the hub of many organizations’ SDLC. “In order to truly shift left, security teams need to put as much emphasis on securing the development environment as they do production,” said Kevin Paige, CISO at Flexport. “From the SCM, attackers have access to source code, they can modify CI/CD settings, tamper with code, steal credentials, provision vulnerable cloud infrastructure, and more.”