StepSecurity's Big Step: Announcing Our $3M Seed Funding!
Building on our solid foundation, we're thrilled to enter the next phase of growth to empower the open-source community and enterprises to secure their CI/CD pipelines
Oops! Something went wrong while submitting the form.
Share This Post
Share This Post
Table of Contents
When the SolarWinds and Codecov breaches unfolded, Ashish and I were driving CI/CD security initiatives at our previous employers. The glaring lack of security in CI/CD pipelines that these incidents highlighted compelled us to start StepSecurity. We looked around, spoke with peers, and realized there was no solution to prevent such CI/CD attacks. So, a couple of years back, we started building our product in the open and offered it for free to help secure CI/CD pipelines for open-source developers. Little did we know that it would be the beginning of something special.
Today, we are thrilled to announce that StepSecurity has secured $3 million in seed funding to protect CI/CD pipelines for open-source communities and enterprises. This round is led by Runtime Ventures, with participation from Inner Loop Capital, SaaS Ventures, DeVC, and several notable industry leaders as angel investors, including Anmol Malhotra (Head of Product Security, Coinbase), Ash Devata (CEO, GreyNoise), Ashish Popli (CISO, Spotnana), David Cross (Venture Partner, Rain Capital), Deepen Desai (CSO, Zscaler), Kamal Shah (CEO, Prophet Security), Lucas Moody (SVP & CISO, Alteryx), Prabhdeep Singh (CEO/Co-Founder, Neonomic), Rinki Sethi (VP & CISO, Bill.com), Sekhar Sarukkai (Co-Founder, Skyhigh Networks), and Travis McPeak (CEO, Resourcely).
The Urgent Need for CI/CD Pipeline Security
Lack of CI/CD pipeline security as compared to cloud and source code
Enterprises typically have robust application and cloud security solutions. However, CI/CD, which is the crucial link between these two environments, remains unprotected.
Existing CI/CD security solutions offered by AppSec vendors provide limited capabilities, so organizations end up building custom solutions.
Our Unique CI/CD Pipeline Security Approach
StepSecurity's protection covering all 3 layers of CI/CD
We analyzed past CI/CD security breaches and built our platform using a first principles approach. We believe that CI/CD is built up of three different layers, and each of these layers has its unique security challenges. Most security vendors only focus on the CI/CD Pipeline As Code misconfigurations, whereas we provide a comprehensive solution covering all three layers. To learn more, check out https://www.stepsecurity.io/why
Our easy-to-use product and bottom-up approach have helped us gain champions around the world who advocate for us within their organizations. Our enterprise tier continues to gain traction and is currently deployed at customers in the high-tech, crypto, and healthcare industries.
We plan to use these funds to invest in our open-source community and expand our enterprise offerings.
StepSecurity recently joined the Open Source Security Foundation (OpenSSF), which will allow us to empower more open-source maintainers to protect their projects against CI/CD attacks.
We already support GitHub Actions and plan to expand our product offering and support hardening more CI/CD environments such as GitLab CI, Harness, and Azure DevOps.
Hiring
Last but definitely not least, we are actively hiring across engineering, sales, and marketing to support our growth. Please check out our job openings if you or someone you know is interested.
As we celebrate this significant milestone in StepSecurity’s journey, we would like to express our sincere gratitude to everyone who has played a vital role in our success. Firstly, we want to thank the open-source communities for their enthusiastic support and valuable feedback. We are also grateful to the early adopters and champions who have provided us with invaluable insights, helping us navigate and succeed in the enterprise space.
We are immensely grateful to our investors, led by David Endler and Michael Sutton at Runtime Ventures, for believing in our vision. Your confidence has been a powerful endorsement of our path forward.
Lastly, a monumental thank you to our team at StepSecurity. Your dedication and hard work have been instrumental in achieving this milestone. It is our great privilege to work with you every single day.
We are excited to continue this journey with you all! 🚀
When the SolarWinds and Codecov breaches unfolded, Ashish and I were driving CI/CD security initiatives at our previous employers. The glaring lack of security in CI/CD pipelines that these incidents highlighted compelled us to start StepSecurity. We looked around, spoke with peers, and realized there was no solution to prevent such CI/CD attacks. So, a couple of years back, we started building our product in the open and offered it for free to help secure CI/CD pipelines for open-source developers. Little did we know that it would be the beginning of something special.
Today, we are thrilled to announce that StepSecurity has secured $3 million in seed funding to protect CI/CD pipelines for open-source communities and enterprises. This round is led by Runtime Ventures, with participation from Inner Loop Capital, SaaS Ventures, DeVC, and several notable industry leaders as angel investors, including Anmol Malhotra (Head of Product Security, Coinbase), Ash Devata (CEO, GreyNoise), Ashish Popli (CISO, Spotnana), David Cross (Venture Partner, Rain Capital), Deepen Desai (CSO, Zscaler), Kamal Shah (CEO, Prophet Security), Lucas Moody (SVP & CISO, Alteryx), Prabhdeep Singh (CEO/Co-Founder, Neonomic), Rinki Sethi (VP & CISO, Bill.com), Sekhar Sarukkai (Co-Founder, Skyhigh Networks), and Travis McPeak (CEO, Resourcely).
The Urgent Need for CI/CD Pipeline Security
Lack of CI/CD pipeline security as compared to cloud and source code
Enterprises typically have robust application and cloud security solutions. However, CI/CD, which is the crucial link between these two environments, remains unprotected.
Existing CI/CD security solutions offered by AppSec vendors provide limited capabilities, so organizations end up building custom solutions.
Our Unique CI/CD Pipeline Security Approach
StepSecurity's protection covering all 3 layers of CI/CD
We analyzed past CI/CD security breaches and built our platform using a first principles approach. We believe that CI/CD is built up of three different layers, and each of these layers has its unique security challenges. Most security vendors only focus on the CI/CD Pipeline As Code misconfigurations, whereas we provide a comprehensive solution covering all three layers. To learn more, check out https://www.stepsecurity.io/why
Our easy-to-use product and bottom-up approach have helped us gain champions around the world who advocate for us within their organizations. Our enterprise tier continues to gain traction and is currently deployed at customers in the high-tech, crypto, and healthcare industries.
We plan to use these funds to invest in our open-source community and expand our enterprise offerings.
StepSecurity recently joined the Open Source Security Foundation (OpenSSF), which will allow us to empower more open-source maintainers to protect their projects against CI/CD attacks.
We already support GitHub Actions and plan to expand our product offering and support hardening more CI/CD environments such as GitLab CI, Harness, and Azure DevOps.
Hiring
Last but definitely not least, we are actively hiring across engineering, sales, and marketing to support our growth. Please check out our job openings if you or someone you know is interested.
As we celebrate this significant milestone in StepSecurity’s journey, we would like to express our sincere gratitude to everyone who has played a vital role in our success. Firstly, we want to thank the open-source communities for their enthusiastic support and valuable feedback. We are also grateful to the early adopters and champions who have provided us with invaluable insights, helping us navigate and succeed in the enterprise space.
We are immensely grateful to our investors, led by David Endler and Michael Sutton at Runtime Ventures, for believing in our vision. Your confidence has been a powerful endorsement of our path forward.
Lastly, a monumental thank you to our team at StepSecurity. Your dedication and hard work have been instrumental in achieving this milestone. It is our great privilege to work with you every single day.
We are excited to continue this journey with you all! 🚀
.png)
%20(2).png)
