Software supply chain security startup Kusari Inc. announced today that it has raised $8 million in new funding to accelerate the development of its software supply chain security solutions.

Founded in 2022 by three cybersecurity experts “on a mission to bring transparency and security to the software supply chain,” Kusari seeks to help organizations identify and quickly remediate supply chain vulnerabilities while securing development practices. The company argues that a lack of transparency within the software supply chain and development lifecycle can lead to costly security vulnerabilities.

Kusari’s platform helps users understand the composition of any software artifact with GUAC, or Graph for Understandable Artifact Composition, an open-source tool designed to address the lack of transparency in software supply chains. GUAC organizes information like software bills of materials into a knowledge graph, helping users understand the complex interdependencies within their software’s supply chain.

The primary goal of GUAC is to provide clarity on how various components of software are assembled, especially considering the widespread use of open-source libraries in modern software development. The open-source libraries often rely on other libraries, creating intricate dependency trees that can be challenging to navigate and secure.

GUAC was introduced and achieved market validation in 2023. It has a community of 50 contributors and has received more than 1,100 stars on GitHub. The project is supported by various companies, including Yahoo! Inc., Guidewire Software Inc., Google LLC, Microsoft Corp., Red Hat Inc. and ClearAlpha Technologies Inc.

Kusari will use the funding to accelerate and build on its continued momentum in developing software supply chain security solutions that enable organizations to achieve actionable insights, reduce incident response costs and relieve the burden on security and developer teams. 

The Seed Round was led by J2 Ventures Management LLC and Glasswing Ventures I LP, with participation from Unusual Ventures Management LLC.

“Code breaches are increasingly becoming a top priority for chief information security officers,” Kleida Martiro, a partner at Glasswing Ventures, said ahead of the announcement. “In an era where software supply chain attacks are on the rise, the demand for stringent security measures has never been more critical.”

Image: Kusari