Sonatype, a company that helps customers create automated, policy-driven software component security, announced a $30 million round today led by Goldman Sachs.
The investment was a mix of debt and equity financing and was handled by Goldman’s Principal Strategic Investments Group, rather than Goldman’s venture capital arm, Sonatype CEO Wayne Jackson explained. Although this may seem a subtle distinction, he says that Strategic Investments only makes investments in products that are central to the company’s mission (as the name implies), whereas the venture arm makes lots of different kinds of investments.
Sonatype works to ensure that open source components used in much of Goldman’s (and just about every company’s) software are safe and up-to-date in an automated fashion.
“Today, open source components underpin a vast majority of our most mission-critical applications at the firm. As we work to build, maintain and update these applications, we must also ensure that we are using the highest quality open source components at every stage of the development cycle,” Don Duet, co-head of Technology at Goldman Sachs said in a statement.
The solution includes a configuration/policy engine that sits behind the firewall. Companies create their policies, and as developers submit code to their repositories Sonatype checks the open source components against the policies to make sure they are in compliance. If they are, they are let through. If not, they are stopped for further action as defined in the policy by a particular company.
The kinds of issues that could prevent a component from passing muster could be an out-of-date component, a bad license or it could be implemented in a way that isn’t secure. The idea is to have humans set the policy and let machines determine if a component is safe or not.
The company began as a consulting firm in 2008. It started developing its current solution in 2010 and has been working on that since. It has raised almost $75 million including today’s round, according to Crunchbase. The last raise was $25 million in 2012. It counts 12 of the 15 largest global banks as customers, says Jackson.
The company has been efficient with its money and went back for more now because Jackson felt he needed a financial boost to scale beyond its current size. The company, which is based in Maryland outside of Washington, DC, has 90 employees. Jackson expects to double that in the coming the year, establishing a sales presence in foreign markets and increasing his investment in research and development.
It’s worth noting that the company is not thinking about an IPO just yet, he says. “This has not been an easy journey. It took awhile to figure out and took awhile to scale. If we pushed out now, it seems like we would be leaving a lot of value on the table,” Jackson said.
There are still new products left to create and markets to expand into, he said.