Supply Chain Security Startup Chainguard Raises $5 Million

By Noah Long ● Dec 24, 2021
  • Chainguard recently announced it raised $5 million in a seed round of funding. These are the details.

Chainguard recently announced it raised $5 million in a seed round of funding led by Amplify Partners and a number of angel investors, including, Eric Brewer (VP at Google), Maya Kaczorowski (Product at Tailscale), Brandon Phillips (former CTO at CoreOS), Stephen Augustus (Head of Open Source at Cisco), Joe Duffy (CEO of Pulumi), Solomon Boulos (former Google exec and founder of Google’s OCTO), and Gordon Chaffee (former Google exec) also participated.

The founding team of five open-source veterans is Dan Lorenc, Matt Moore, Scott Nichols, Ville Aikas, and Kim Lewandowski. And the team worked together at Google on many of the foundational container projects, including Minikube, Distroless, Skaffold, Knative, Tekton, Kaniko, ko, and, most recently, the open-source security projects Sigstore and SLSA.

The team believes that the solution to securing software supply chains must be rooted in open source, standards, and communities as the software that companies ship is increasingly dominated by the open-source libraries, frameworks, and runtimes they consume.

The industry was hit hard with major software supply chain attacks over the past few years, especially attacks targeting open-source software. And according to the latest Sonatype report, supply chain attacks have increased by 650% in 2021. The European Union predicted this trend will continue with another 4x rise this year. It is hard to see this trend slowing, Accenture estimated that there is a combined $5.2 trillion at risk to cybercrime today. The recent cybersecurity US Executive Order recognizes supply chain security as a threat to national infrastructure, but it places significant burdens on an already-taxed industry, with 92% of hiring managers unable to fill open-source and cybersecurity-related positions.

Chainguard is taking on this challenge head-on, which is one of the biggest problem spaces of the decade. Nearly every piece of software has dependencies and often other open-source libraries that the project is built on. And the attackers have been injecting malicious code into dependencies of common open-source projects.

These attacks are hard to identify since they aren’t always picked up by traditional scanning, and more, the dependencies can suddenly change at any time. Chainguard plans to give companies confidence in the software they’re relying on and will have the data and tools necessary to understand their risks and mitigate potential threats. With this investment, the company is tripling in size over the coming months with offers accepted from 12 new hires and will focus on bringing solutions to the market.

KEY QUOTE:

“In the last 12 months, we’ve witnessed software supply chain security become the top priority for security practitioners and buyers. We believe this massive, multi-stakeholder problem is going to be solved with open tools and open standards and Sigstore has emerged, in our minds, as the project to take on this challenge.”

— Lenny Pruss, General Partner at Amplify