StepSecurity, a leader in protecting CI/CD pipelines and infrastructure, secures $3million in seed funding led by Runtime Ventures, with participation from Inner Loop Capital, SaaS Ventures, DeVC, and several notable industry leaders as angel investors.
It was established two years ago by prominent figures in the cybersecurity space, Varun Sharma and Ashish Kurmi, and it has quickly acquired popularity in both the business and open-source communities.
It is used to protect CI/CD pipelines in over 3,000 open-source projects, such as those from the Cybersecurity and Infrastructure Security Agency (CISA), Google, Microsoft, Datadog, Kubernetes, Node, and Ruby. A CI/CD supply chain attack was also recently discovered by StepSecurity in an open-source Google project.
Varun Sharma, CEO of StepSecuritysaid,” StepSecurity’s enterprise tier continues to gain traction, serving customers in high-tech, crypto, and healthcare industries. “Enterprises typically have robust application and cloud security solutions. However, CI/CD, the crucial link between these two environments, remains unprotected, We analyzed past CI/CD security breaches and built our platform using a first-principles approach.”
Michael Sutton, General Partner & Co-Founder at Runtime Ventures, commented, “Attackers have learned not only that the CI/CD pipeline represents the weak link in application security, but also that a successful supply chain attack can deliver an exponential impact. Supply chain attacks such as SolarWinds and Codecov impacted thousands of entities given the broad usage of the vulnerable applications. Security leaders have learned the hard way that CI/CD security can no longer be ignored, and StepSecurity is at the forefront of this paradigm shift.”
Recent high-profile security incidents have highlighted the need for CI/CD infrastructures to be secured more urgently than ever. CI/CD was the source of several occurrences, including SolarWinds and XZ Utils.
Thus, in order to encourage businesses to secure their CI/CD environments, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Centre for Internet Security (CIS), and National Institute of Standards and Technology (NIST) have published guidelines and benchmarks.
Read also – NJ-based CoreWeave Secures $1.1 billion in Funding – FUNDING NEWS
With these funding, StepSecurity intends to grow its enterprise products and make investments in its open-source ecosystem. In addition to covering GitHub Actions, StepSecurity intends to broaden the scope of its offering to include support for GitLab CI, Harness, and Azure DevOps, among other CI/CD environments. To help with its expansion, the business is also aggressively hiring in the engineering, sales, and marketing departments.
About StepSecurity
StepSecurity offers GitHub Actions a complete security platform. StepSecurity platform should be used if you are concerned about the security of CI/CD pipelines and are utilising GitHub Actions for CI/CD.
StepSecurity is used to protect CI/CD pipelines in over 3000 open-source projects, such as those from Google, Microsoft, Datadog, Kubernetes, Node, Ruby, Cybersecurity and Infrastructure Security Agency (CISA), and more.
