Cybersecurity firm StepSecurity lands $3m to safeguard CI/CD environments

Cybersecurity firm StepSecurity lands $3m to safeguard CI/CD environments

StepSecurity, a cybersecurity firm specialising in CI/CD pipeline and infrastructure protection, has successfully closed a $3m seed funding round.

The round was led by Runtime Ventures, with contributions from Inner Loop Capital, SaaS Ventures, DeVC, and several high-profile industry leaders as angel investors.

StepSecurity offers a robust platform designed to secure CI/CD pipelines utilised by open-source projects and enterprise environments. Since its founding two years ago by cybersecurity experts Varun Sharma and Ashish Kurmi, the company has become a critical player in the sector. Its services are essential for over 3,000 open-source projects from prominent organisations such as the Cybersecurity and Infrastructure Security Agency (CISA), Google, and Microsoft, among others.

The newly acquired funds are earmarked for significant expansion efforts. StepSecurity plans to invest heavily in its open-source community and broaden its enterprise offerings. Future developments include extending its platform across various CI/CD environments like GitLab CI, Harness, and Azure DevOps. Additionally, the company is actively recruiting for several roles across engineering, sales, and marketing departments to support its growth trajectory.

StepSecurity CEO Varun Sharma highlighted the urgency of securing CI/CD pipelines. “Enterprises typically have robust application and cloud security solutions. However, CI/CD, the crucial link between these two environments, remains unprotected. We analyzed past CI/CD security breaches and built our platform using a first-principles approach.”

Reflecting on the investment, Michael Sutton, General Partner & Co-Founder at Runtime Ventures, said, “Attackers have learned not only that the CI/CD pipeline represents the weak link in application security, but also that a successful supply chain attack can deliver an exponential impact.

“Supply chain attacks such as SolarWinds and Codecov impacted thousands of entities given the broad usage of the vulnerable applications. Security leaders have learned the hard way that CI/CD security can no longer be ignored, and StepSecurity is at the forefront of this paradigm shift.”

Keep up with all the latest FinTech news here.

Copyright © 2024 FinTech Global

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.