StepSecurity, a burgeoning force in cybersecurity, has secured $3 million in seed funding aimed at fortifying CI/CD pipeline security across both open-source and enterprise domains. Co-founded by cybersecurity veterans Varun Sharma and Ashish Kurmi, StepSecurity addresses critical vulnerabilities within CI/CD pipelines, pivotal junctions linking application development and deployment. These pipelines have increasingly become targets for malicious actors seeking to exploit gaps in security protocols.
The funding round, led by Runtime Ventures with contributions from Inner Loop Capital, SaaS Ventures, and DeVC, signifies a growing recognition of CI/CD’s susceptibility to cyber threats. StepSecurity’s platform has already gained traction among more than 3,000 open-source projects, including collaborations with prominent entities like CISA, Google, and Microsoft. This widespread adoption underscores its efficacy in mitigating supply chain attacks, exemplified by recent incidents such as SolarWinds and Codecov.
Varun Sharma, CEO of StepSecurity, emphasized the platform’s approach rooted in comprehensive security principles derived from analyzing past breaches. “CI/CD security is often overlooked, yet it serves as a critical link between application and cloud security,” Sharma noted. “Our platform not only safeguards against known threats but also anticipates emerging risks through continuous adaptation and enhancement.”
Moving forward, StepSecurity plans to expand its capabilities to encompass additional CI/CD environments beyond GitHub Actions, such as GitLab CI, Harness, and Azure DevOps. This expansion aims to meet the evolving needs of enterprises across various industries, including high-tech, cryptocurrency, and healthcare. The funding will also facilitate recruitment across engineering, sales, and marketing divisions, bolstering StepSecurity’s capacity to support a growing clientele and further innovate in the realm of secure software development. StepSecurity’s strategic vision aligns closely with recent cybersecurity guidelines from authorities like the Center for Internet Security (CIS), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and National Institute of Standards and Technology (NIST).
