Lineaje provides software supply chain security and risk management solutions for enterprises. Pulse 2.0 interviewed Lineaje Head of Growth Mikala Vidal to gain a deeper understanding of the company.
Mikala Vidal’s Background
Could you tell me more about your background? Vidal said:
“I’ve worked with cybersecurity companies in different strategic growth phases for about 15 years. I have a passion for software supply chain security, having joined Lineaje from Phylum (acquired by Veracode), a pioneer in the space.”
“In addition to my day job, I enjoy contributing to the broader cybersecurity community. As a judge for this year’s Black Hat Startup Spotlight Competition, I am leveraging my cybersecurity startup expertise. I also support and promote women in cybersecurity via my position as the treasurer for WiCyS Massachusetts.”
“I play a key role in shaping the company’s strategic direction by driving its positioning, messaging, and market share. My focus is on scaling and optimizing go-to-market initiatives—ensuring alignment across product, marketing, and sales functions to accelerate growth, strengthen brand equity, and identify new market opportunities.”
Recent Product Launches
Tell us about some recent company news? Vidal shared:
“In April, Lineaje launched end-to-end capabilities that fundamentally transform how organizations protect their critical software. The launch included AI-powered self-healing agents, Gold Open Source Packages and Images, and a powerful software crawling and analysis engine, SCA360.”
“Lineaje’s agentic AI facilitates self-healing source code and containers. Users can continuously scan source code repositories, detect security issues, including common vulnerabilities and exposures (CVE), find compatible updates for direct dependencies in the source code, and fix them automatically after approval. Users can also find and fix vulnerabilities in all layers of a container, and automatically generate new container clones that are guaranteed compatible and secure by default. The AI agents also make comparing versions simpler, generating reports easier, and analyzing and searching faster. Additionally, they make compatibility analysis at scale possible.”
“Lineaje Gold open Source allows organizations to source high-integrity, safe, transparent open-source packages and images at the earliest stage of software development.
- Gold Open Source Packages that are free of critical, high, and exploitable vulnerabilities, with pre-attested lineage. Each software package and its transitive dependencies are thoroughly vetted across more than 100 attributes, and there are more than 3 million packages available in the catalog.
- Gold Open Source Images that guarantee consistent security, reliability, and governance, providing organizations with over 3,000 vulnerability-free, fully-attested images that cover the most popular images used in enterprise environments.
- Premium Gold Open Source that addresses the significant risks posed by unfixed, unmaintained, and incompatible open-source packages by allowing customers to request custom, on-demand, verified fixed packages and images from Lineaje.
- SCA360 unifies scanning and analysis to provide deep context, centralized risk prioritization, and holistic visibility into software supply chain security risks. Key features include:
- Scan private source code, artifact repositories, and container images within an organization’s security boundaries, ensuring critical and proprietary IP remains fully protected and never leaves the environment.
- Enumerate all dependencies, including static dependencies, to derive mandatory and optional dependency chains and their inherent risks. Couple this with a new static code analysis engine that detects reachable vulnerabilities and linked functions, providing deeper transitive dependency visibility.
- Detect embedded malicious and tampered packages, and highlight those of dubious origin.”
“With broad-ranging capabilities and the ability to easily integrate with other strategic tools from Lineaje, organizations can now adopt full-lifecycle software supply chain security for their critical software. This ultimately achieves self-healing software supply chains that simplify security and maximize innovation.”
Rewarding Work
What has been most rewarding about working for the company so far? Vidal reflected:
“I joined Lineaje just ahead of the recent product launch and think that my favorite part so far has been watching the team fulfill the company’s full-lifecycle software supply chain security vision. Every person in the company contributed to this effort, and it was incredibly rewarding watching it come to fruition and seeing everyone’s hard work pay off.”
“It is also particularly fulfilling for me, having been in this space since its infancy, to see how far the market has come. After years of watching organizations stitch together niche point solutions, the market is finally ready to adopt a robust, end-to-end, pure-play software supply chain security approach.”
Differentiation
What is unique about Lineaje’s approach? Vidal affirmed:
“Lineaje is addressing the comprehensive needs within software supply chain security. There are a lot of niche companies that cover one area or aspect, but Lineaje focuses on securing the full breadth of the software development lifecycle and the software distribution lifecycle.
At Lineaje, we believe a full-lifecycle approach includes the following:
- Source Safe Software: Ensure open-source software is free of vulnerabilities, threats, tampering, and legal risks before it is used.
- Contextualize Risks: Detect and analyze risks across all software stages, correlate risk data, and inform and prioritize remediation decisions.
- Auto-Secure Builds: Continuously source safe dependencies and auto-fix source code and containers to ensure ongoing governance, provenance, attestation, and risk elimination.
- Manage Risk & Compliance: Adhere to industry regulations, know vendor risks, and achieve operational efficiency across critical software portfolios.
This robust system of autonomous vetting, visibility, remediation, and compliance creates a self-healing, trusted software supply chain for organizations that build critical software.”
Feedback From Customers
How well have customers and the industry received the company’s approach? Vidal affirmed:
“Favor Delivery was among the first to benefit from Lineaje’s full-lifecycle capabilities. As one of the biggest food delivery companies in Texas, its software is the pulse of its business. One faulty open-source dependency could disrupt deliveries, leading to reputational and financial damages.”
“With Lineaje’s SCA360, Favor Delivery proactively addresses risks by scanning all software in its platform, ensuring that everything can stay secure and hungry customers are left happy and satisfied.”
“Additionally, one of Lineaje’s key investors is Tenable Ventures, the corporate investment program of leading cybersecurity vendor Tenable. Unlike traditional venture capital firms, Tenable works with preventative cybersecurity companies and looks to invest in organizations’ leading innovation in the sector. Tenable Ventures’ support in both the seed and Series A funding rounds solidifies that Lineaje’s approach to software supply chain security and management is unique.”
“’Lineaje and Tenable share the same vision – to reduce customers’ exposure to attacks on their digital infrastructure,” said Matthew Olton, Senior Vice President, Tenable. “Lineaje’s ability to detect what’s in your software and assess and mitigate software supply chain risks gives organizations the assurance that the software they deploy to run their business will not be used to harm them.’”
Additional Thoughts
Any other topics you would like to discuss? Vidal concluded:
“RSA 2025’s theme, ‘Many Voices. One Community,’ was a timely reminder of why collaboration matters in security. I would be remiss to end this interview without mentioning some of the amazing partners that are part of our self-healing software supply chain integration ecosystem.
- Raven: Analyzes runtime code execution to cut through the noise and deprioritize 98% of vulnerabilities that never actually execute.
- Opsera: Automatically patches any vulnerabilities identified in container images.
- Tuskira: Ensures any remaining vulnerabilities that cannot be patched at the code or image level are mitigated at the WAF level.
A big thank you to our friends who have joined us in our efforts to reduce vulnerabilities and threats at scale, take a huge burden off of security professionals and developers, and help organizations maximize innovation.”
