Chainguard Inc., a startup founded by a group of former Google LLC engineers to help companies secure their applications, has raised $50 million in fresh funding.
Chainguard announced the funding round today. Sequoia Capital led the investment with participation from more than 30 other investors including the chief information security officers of Block Inc., the company formerly known as Square Inc., and Google. Chainguard earlier closed a $5 million funding round in December.
Most enterprise applications include not only code developed in-house by a company’s engineers but also components sourced from the open-source ecosystem. If a security flaw is found in one of an application’s open-source components, it can become vulnerable to cyberattacks.
Fixing vulnerabilities in a timely manner is a major challenge for enterprises. A large company may have upwards of hundreds of applications, each of which might contain multiple open-source components. Manually detecting and fixing every security flaw requires a significant amount of effort.
Vulnerabilities can emerge not only in an application’s open-source components but also the custom code that a company develops in-house. In some malware campaigns, hackers make malicious changes to an application’s code to facilitate future cyberattacks.
Kirkland, Washington-based Chainguard develops tools that make it easier for companies to ensure the security of their software. Its first two offerings are Chainguard Enforce and Chainguard Images.
“Software supply chains (and supply chain attacks) are far too complex for a single solution to fully protect an organization,” Chainguard co-founder and Chief Executive Officer Dan Lorenc wrote in a blog post today. “Instead, we need holistic changes at every stage of the application lifecycle. That’s why we’re building a suite of products with the goal of simplifying security for all developers.”
Development teams often create a so-called software bill of materials for applications to make detecting potential security issues easier. A software bill of materials provides data about the components that an application includes, as well as the tools used to build it. Chainguard Enforce, Chainguard’s first tool, automatically generates this data to help development teams track their code’s security more efficiently.
Chainguard Enforce can track what source code is included in every software container created by a company. After a container is deployed in production, the tool is capable of monitoring it for known software vulnerabilities.
Chainguard’s other product, Chainguard Images, made its debut today in conjunction with the startup’s funding announcement.
Developers often reuse software components such as operating systems across application projects. Chainguard Images is a collection of commonly used software components delivered as containers. According to Chainguard, every container features a software bill of materials and complies with cybersecurity standards such as the popular SLSA framework.
Chainguard Images are cryptographically signed to further reduce cybersecurity risks. Cryptographic signing is a process that uses encryption technologies to prevent hackers from tampering with software code.
“Additionally, we offer SLAs for our images, guaranteeing that we will provide patches or mitigations for new vulnerabilities,” Lorenc detailed. Removing the need to implement patches manually can save a significant amount of time and effort for developers.
Following its latest funding round, Chainguard plans to expand its product portfolio with additional cybersecurity tools. The startup will also launch a developer education program and support the development of several open-source projects focused on securing software supply chains.