Chainguard Inc., a startup that provides highly secure versions of open-source software tools, today announced that it has raised $61 million in funding.

Spark Capital led the Series B round. It was joined by Sequoia Capital, Amplify Partners, Mantis VC and Banana Capital. Chainguard’s total outside funding now stands at $116 million.

Container applications are built from so-called container images. Those are software bundles that package an application together with the various auxiliary programs, or dependencies, it requires to run. The number and type of components in such a bundle vary greatly from project to project. 

Chainguard offers prepackaged versions of popular open-source tools that have been turned into container images by its engineers. The company’s image catalog includes databases such as Redis, programming languages and a range of other technologies. What sets Chainguard’s container images apart from the standard versions of those open-source tools is that the company has added a raft of cybersecurity optimizations.

Container images often ship with components that aren’t necessarily needed for enterprise software projects. According to Chainguard, its images include only the minimum number of components necessary to run them in production. This improves cybersecurity because the less code there is in a workload, the fewer opportunities hackers have to find vulnerabilities.

The components that Chainguard does include in its container images are cryptographically signed. This means they include a piece of data, or signature, that verifies the code originated from a trusted source. The technology helps companies ensure the open-source components their developers download weren’t tempered with by hackers.

For added measure, Chainguard generates a so-called SBOM, or software bill of materials, for each container image. This is a document that describes what components are included in the image and provides technical data about each one. SMBOMs make it easier for developers to find vulnerabilities in open-source software.

Chainguard updates its container images every day. According to the company, this ensures that each image contains the latest upstream version of the open-source tool on which it’s based. If a security patch is released for the upstream version, users can download it within 24 hours.

Container images typically include an operating system, usually Linux, that provides the foundation on which the other components run. Chainguard ships its images with an internally developed version of Linux called Wolfi. Its most notable feature is that it lacks a kernel, the part of an operating system responsible for managing the underlying hardware. 

Wolfi relies on the container runtime of the environment in which it’s deployed to provide a kernel. A runtime is a set of software components used to run applications, in this case containerized workloads. But though it lacks a kernel, Wolfi includes security optimizations that ease tasks such as verifying the integrity of a container image’s source code.

The company provides its container images alongside a cloud service called Chainguard Enforce. According to the company, the service helps enterprises ensure the open-source components used by their developers meet cybersecurity requirements. An organization could, for example, leverage Chainguard Enforce to require that all open-source components include a cryptographic signature.

“The future is clear: If you adopt open-source software, you are responsible for securing it,” said Chainguard co-founder and Chief Executive Dan Lorenc. “Chainguard is on a mission to be the safe source for open source that every organization building software today can rely on to build right, build safe and build fast.”

Chainguard says its annual recurring revenue has tripled over the past six months thanks to strong demand, though it didn’t reveal absolute numbers. The company’s installed base includes Hewlett Packard Enterprise Co., Snowflake Inc. and other major players in the enterprise technology market. To expand adoption of its products, Chainguard will use its Series B funding round to grow its sales team and accelerate feature development initiatives. 

Image: Chainguard