Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Application Security

Chainguard Bags Massive $50M Series A for Supply Chain Security

Venture capital powerhouse Sequoia is leading a massive $50 million early-stage investment in Chainguard, a startup created by a team of ex-Google software engineers to “make software supply chain secure by default.”

Venture capital powerhouse Sequoia is leading a massive $50 million early-stage investment in Chainguard, a startup created by a team of ex-Google software engineers to “make software supply chain secure by default.”

The Series A funding comes less than six months after Chainguard emerged from stealth with $5 million in seed capital and signals massive investor interest in technology to address weaknesses in the software supply chain.

In addition to Sequoia Capital, Chainguard’s massive Series A attracted the attention to Amplify, Chainsmokers’ Mantis VC, LiveOak Ventures, Banana Capital, K5/JPMC and several prominent angels.

Chainguard also rolled out its first product, called Chainguard Images, to provide organizations with a secure set of base images that are fully signed with Sigstore and continuously updated with Service Level Agreements (SLAs), Software Bill of Materials (SBOMs) and Certifications (FIPS, SLSA).

“Chainguard Images are the first container base images designed for a secure software supply chain. Chainguard Images are continuously updated base container images that aim for zero-known vulnerabilities,” co-founder and CEO Dan Lorenc said in a note announcing the company’s first product.

[ READ: Ex-Googlers Snag $5 Million for Software Supply Chain Security ]

Sequoia Capital partner Bogomil Balkansky said the pedigree of the founders as engineers in the open-source supply chain ecosystem was key to its investment. 

Advertisement. Scroll to continue reading.

Chainguard was created by Dan Lorenc and Kim Lewandowski and the team that worked on Google’s major supply chain security initiatives — Sigstore and SLSA. 

“High profile software supply chain attacks like Log4j have flashed a spotlight on the need to establish a foundation of trust in the software that companies put in production. Chainguard gives companies confidence in the critical open source software they deploy by providing a low-friction, developer-friendly way of signing and verifying software artifacts so they have a trail to trace if a breach does occur. The Chainguard team are thought leaders in this space, and it is the right team at the right time in history to tackle this problem,” Balkansky said.

Chainguard and its investors are betting on a major market for its tools and services as increased attention is paid to hidden weaknesses in the software ecosystem. The company says it is innovating to create a software supply chain where every artifact can be verifiably traced back to the source code and hardware it was built on and by whom.

“[We are] making sense of the chaotic security solutions space by seamlessly integrating security into the software development lifecycle. It’s a holistic, end-to-end solution from development to production to policy management,” Chainguard said.

Related: Ex-Googlers Snag $5 Million for Software Supply Chain Security

Related: Google Intros SLSA Framework to Enforce Supply Chain Integrity

Related: Codecov Dev Tool Compromised in Supply Chain Attack

Related: Everything You Need to Know About the SolarWinds Mega-Hack

Related: On-Demand: Supply Chain Security Summit 2022

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...