Secure Software Supply Chains with Cycode’s $56M Series B

A $56 million Series B funding has been announced by YL Ventures and an investment company that helps businesses secure their DevOps pipelines and software supply chains, Cycode. Insight Partners led the round, which brings the total amount of money invested in the business to $81 million, including the $20 million Series A round it revealed earlier this year.

According to the press release, this is one of the most significant funding rounds in app security history. That’s undoubtedly in part due to the fact that the firm was also able to show investors some very good growth statistics, with its ARR increasing 7x in the first three quarters of 2018.

Cycode’s Lior Levy said that the company’s growth is fueled by a heightened recognition of supply chain attacks and incidents, including SolarWinds’ hack, as well as President Biden’s executive order on improving America’s cybersecurity posture, which calls for better protection of information in transit.

While Cycode initially focused on the security of a firm’s application source code, today’s shift toward “infrastructure as code” has allowed it to broaden its scope significantly.

“Code has become the engine of the organization,” Levy said. “As it automates the entire software development lifecycle, it really created a need to look at everything from a holistic perspective, which we do.”

Cycode’s user base includes Fortune 100 firms and tiny businesses with less than 100 workers, according to Levy. “All of them have one thing in common: they all develop software and they all have software as part of their core, whether it’s being a software-enabled business or as a vendor. But given that everyone does software today, everyone is a potential customer.”

In April, Cycode launched its Knowledge Graph, which helps it link a firm’s DevOps tools and infrastructure services to build a map of a customer’s potential attack surfaces.

Levy said that because the technology allows the business to think like an attacker by allowing them to identify problems in a company’s software pipeline rather than just focusing on individual services, it can now be used to think like an attacker.

“Simply put, software supply chains are highly vulnerable absent thoughtful security measures,” said Jon Rosenbaum, principal at Insight Partners.

“Cycode’s leadership in securing DevOps pipelines meets developers where they are while giving CISO’s peace of mind. There has been a continually increasing demand for Cycode’s solutions, and we’re excited to continue to support the business as it doubles down on R&D and go-to-market efforts into the ScaleUp phase of growth.”

Cycode has about 59 employees right now, with plans to more than double that by the end of next year, including a larger sales and marketing staff in the United States.