Back to Blog
Resources

StepSecurity's Big Step: Announcing Our $3M Seed Funding!

Building on our solid foundation, we're thrilled to enter the next phase of growth to empower the open-source community and enterprises to secure their CI/CD pipelines
Varun Sharma

October 14, 2024

Table of Contents

When the SolarWinds and Codecov breaches unfolded, Ashish and I were driving CI/CD security initiatives at our previous employers. The glaring lack of security in CI/CD pipelines that these incidents highlighted compelled us to start StepSecurity. We looked around, spoke with peers, and realized there was no solution to prevent such CI/CD attacks. So, a couple of years back, we started building our product in the open and offered it for free to help secure CI/CD pipelines for open-source developers. Little did we know that it would be the beginning of something special.

Today, we are thrilled to announce that StepSecurity has secured $3 million in seed funding to protect CI/CD pipelines for open-source communities and enterprises. This round is led by Runtime Ventures, with participation from Inner Loop Capital, SaaS Ventures, DeVC, and several notable industry leaders as angel investors, including Anmol Malhotra (Head of Product Security, Coinbase), Ash Devata (CEO, GreyNoise), Ashish Popli (CISO, Spotnana), David Cross (Venture Partner, Rain Capital), Deepen Desai (CSO, Zscaler), Kamal Shah (CEO, Prophet Security), Lucas Moody (SVP & CISO, Alteryx), Prabhdeep Singh (CEO/Co-Founder, Neonomic), Rinki Sethi (VP & CISO, Bill.com), Sekhar Sarukkai (Co-Founder, Skyhigh Networks), and Travis McPeak (CEO, Resourcely).  

The Urgent Need for CI/CD Pipeline Security

Lack of CI/CD pipeline security
Lack of CI/CD pipeline security as compared to cloud and source code

Enterprises typically have robust application and cloud security solutions. However, CI/CD, which is the crucial link between these two environments, remains unprotected.  

The urgency of securing CI/CD environments has never been clearer due to recent high-profile security breaches. Several incidents, such as XZ Utils and SolarWinds, originated in CI/CD. As a result, the Center for Internet Security (CIS), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and National Institute of Standards and Technology (NIST) have released guidance and benchmarks urging enterprises to harden their CI/CD environments.

Existing CI/CD security solutions offered by AppSec vendors provide limited capabilities, so organizations end up building custom solutions.  

Our Unique CI/CD Pipeline Security Approach

StepSecurity protects all three layers of CI/CD
StepSecurity's protection covering all 3 layers of CI/CD

We analyzed past CI/CD security breaches and built our platform using a first principles approach. We believe that CI/CD is built up of three different layers, and each of these layers has its unique security challenges. Most security vendors only focus on the CI/CD Pipeline As Code misconfigurations, whereas we provide a comprehensive solution covering all three layers. To learn more, check out https://www.stepsecurity.io/why

Join the Movement

Over 3000 open-source projects, including those from Cybersecurity and Infrastructure Security Agency (CISA), Google, Microsoft, Datadog, Kubernetes, Node, and Ruby, use StepSecurity to harden their CI/CD pipelines. StepSecurity recently detected a CI/CD supply chain attack in a Google open-source project.

Our easy-to-use product and bottom-up approach have helped us gain champions around the world who advocate for us within their organizations. Our enterprise tier continues to gain traction and is currently deployed at customers in the high-tech, crypto, and healthcare industries.  

To get started with our product, go to https://www.stepsecurity.io/starting-free-trial

Roadmap

We plan to use these funds to invest in our open-source community and expand our enterprise offerings.

StepSecurity recently joined the Open Source Security Foundation (OpenSSF), which will allow us to empower more open-source maintainers to protect their projects against CI/CD attacks.

We already support GitHub Actions and plan to expand our product offering and support hardening more CI/CD environments such as GitLab CI, Harness, and Azure DevOps.

Hiring

Last but definitely not least, we are actively hiring across engineering, sales, and marketing to support our growth. Please check out our job openings if you or someone you know is interested.

https://wellfound.com/company/stepsecurity/jobs

Thank you

As we celebrate this significant milestone in StepSecurity’s journey, we would like to express our sincere gratitude to everyone who has played a vital role in our success. Firstly, we want to thank the open-source communities for their enthusiastic support and valuable feedback. We are also grateful to the early adopters and champions who have provided us with invaluable insights, helping us navigate and succeed in the enterprise space.

We are immensely grateful to our investors, led by David Endler and Michael Sutton at Runtime Ventures, for believing in our vision. Your confidence has been a powerful endorsement of our path forward.

Lastly, a monumental thank you to our team at StepSecurity. Your dedication and hard work have been instrumental in achieving this milestone. It is our great privilege to work with you every single day. 

We are excited to continue this journey with you all! 🚀

Blog

Explore Related Posts