Chainguard raises $50M to protect provide chains

Chainguard, a startup that focuses on securing software program provide chains, introduced as we speak that it has raised a $50 million Sequence A funding spherical led by Sequoia Capital. Amplify, the Chainsmokers’ Mantis VC, LiveOak Enterprise Companions, Banana Capital, K5/JPMC and CISOs from Google and Sq., amongst others, additionally participated on this spherical.

Along with the brand new funding, the corporate, which is barely 8 months outdated at this level, additionally launched its first set of container base photos as we speak, which Chainguard guarantees to have zero recognized vulnerabilities and which will probably be repeatedly up to date. These photos will probably be absolutely signed and can function a software program invoice of supplies (SBOM).

“Safety engineers are used to reasoning with roots of belief through the use of two-factor authentication and identification techniques and establishing belief with {hardware} through the use of encryption keys. However we don’t have that for supply code and software program artifacts as we speak,” stated Dan Lorenc, co-founder and CEO at Chainguard. “Our imaginative and prescient is to attach these roots of belief all through the event lifecycle and throughout the software program provide chain and provides builders and CISOs alike confidence within the code they’re working in manufacturing and the integrity of their techniques.”

Along with these latest base photos, Chainguard already provided its Implement service for containerized workloads. Constructed on prime of the sigstore, the open supply instruments for cryptographically signing code, verifying these signatures and making all of this knowledge auditable, in addition to different open supply instruments like Knative and different cloud-native providers, Implement permits companies to implement their provide chain insurance policies primarily based on the SLSA framework and NIST’s Safe Software program Improvement Framework. With this they will, for instance, implement which code can run the place and be certain that builders and safety groups know what’s getting used to construct software program inside an organization.

Since few builders wish to add extra instruments to their repertoire (you possibly can solely shift to this point left, in spite of everything), the staff aimed to make putting in its service as simple as working a single command and in addition gives assist for automation techniques like CloudFormation and Terraform.

The indisputable fact that Chainguard places an emphasis on defending cloud-native applied sciences isn’t any shock. Amongst its co-founders are Ville Aikas, Kim Lewandowski, Matt Moore (CTO) and Scott Nichol, who had been all beforehand at Google and closely concerned within the open supply group.

I met with Aikas, who was a part of the early Kubernetes staff at Google and the tech lead for Knative Eventing, on the KubeCon/CloudNativeCon occasion in Spain final month. He famous that Implement could be very a lot the primary piece of the puzzle for Chainguard.

“Implement comes with the mindset that we perceive that the chain is lengthy and we’re going to begin tackling it, not with the mindset of ‘oh yeah, cool, right here’s the ‘secure-my-shit flag.’ We don’t construct snake oil. The thought is that we construct a strong expertise platform that we will then use and are available and add options and begin plugging holes in numerous chains. Implement is the primary piece of this and the second is the pictures.”

He additionally famous that Chainguard’s general mission is to enhance the developer expertise — all whereas securing software program provide chains.

Unsurprisingly, the corporate plans to make use of the brand new funding to speed up its product improvement. However along with that, Chainguard additionally plans to speculate closely in open supply tasks like Sigstore, SLSA and OpenSSF, in addition to a latest developer training program that focuses on provide chain safety.

“Excessive profile software program provide chain assaults like Log4j have flashed a highlight on the necessity to determine a basis of belief within the software program that corporations put in manufacturing,” stated Bogomil Balkansky, accomplice at Sequoia Capital. “Chainguard provides corporations confidence within the vital open supply software program they deploy by offering a low-friction, developer-friendly manner of signing and verifying software program artifacts in order that they have a path to hint if a breach does happen. The Chainguard staff are the thought leaders on this house, and it’s the appropriate staff at the appropriate time in historical past to sort out this downside.”

Your trusted hub for tech and gadget updates. We aggregate news from trusted sources to provide you with trending tech news while covering tech startups, companies, gadget specs, reviews, crypto, and NFT updates.

Latest news



Please enter your comment!
Please enter your name here