San Francisco-based startup Socket has secured $20 million in new funding to strengthen software supply chain security, as investors show increasing interest in open-source software security ventures.
The funding round was led by Andreessen Horowitz (a16z) and included an equity investment from Abstract Ventures, bringing Socket’s total funding to $24.6 million since its public launch in May 2022. Socket, founded by open source developer Feross Aboukhadijeh, is developing cutting-edge technology that employs “content-based analysis” to swiftly identify and address suspicious behavior within software dependencies.
With the backing of its investors, Socket aims to capitalize on the demand for innovative tools to proactively detect and thwart software supply chain attacks. The company is working on tools that actively monitor package changes in real-time to prevent compromised or hijacked packages from infiltrating the software supply chain.
Additionally, Socket’s ongoing efforts include creating tools to identify risky API usage, such as network, shell, and filesystem dependencies introduced through dependency updates. The startup’s product also boasts the capability to block red flags in open source code, ranging from malware and typo-squatting to hidden code, misleading packages, and permission creep.
Socket has further expanded its offerings with AI-driven source code analysis, enlisting ChatGPT to examine npm and PyPI packages for potential red flags and providing concise summaries of its findings.
By leveraging cutting-edge technology and innovative approaches, Socket aims to revolutionize software supply chain security and provide developers with the tools they need to safeguard their code and assets effectively.