Cycode raises $56M Series B to help secure software supply chains

Cycode, a startup that helps businesses secure their DevOps pipelines and software supply chains, today announced that it has raised a $56 million Series B funding round led by Insight Partners. YL Ventures, which led the company’s seed round, also participated in this round, which brings the total investment into the company to $81 million, including the $20 million Series A round it announced about half a year ago.

The company argues that this is one of the largest funding rounds in the application security space. In part, that’s surely driven by the fact that the company was also able to show its investors some impressive growth numbers, with its ARR increasing 7x in the first three quarters of this year.

Cycode co-founder and CEO Lior Levy noted that the company’s growth is driven by an increased awareness of supply chain attacks and incidents, including the SolarWinds breach, as well as President Biden’s executive order on improving the U.S.’s cybersecurity stance, which specifically calls out supply chain attacks. And while Cycode launched with a focus on securing the source code of a business’ applications, today’s trend toward “infrastructure as code” has allowed it to significantly widen its scope.

“Code has become the engine of the organization,” Levy said. “As it automates the entire software development lifecycle, it really created a need to look at everything from a holistic perspective, which we do.”

Image Credits: Cycode

Levy noted that Cycode’s userbase includes Fortune 100 companies and small startups with fewer than 100 employees. “All of them have one thing in common: they all develop software and they all have software as part of their core, whether it’s being a software-enabled business or as a vendor. But given that everyone does software today, everyone is a potential customer.”

In recent months, Cycode launched its Knowledge Graph, which helps it connect all of a company’s DevOps tools and infrastructure services to build a map of a customer’s potential attack surfaces. Levy noted that this now allows the company to think like an attacker by being able to identify issues across a company’s software pipeline instead of only focusing on individual services.

Image Credits: Cycode

“Simply put, software supply chains are highly vulnerable absent thoughtful security measures,” said Jon Rosenbaum, principal at Insight Partners. “Cycode’s leadership in securing DevOps pipelines meets developers where they are while giving CISO’s peace of mind. There has been a continually increasing demand for Cycode’s solutions, and we’re excited to continue to support the business as it doubles down on R&D and go-to-market efforts into the ScaleUp phase of growth.”

Cycode currently has just under 60 employees, with plans for doubling that by the middle of next year, including an expanded sales and marketing team in the U.S.