Less than a year after closing its last funding round, Chainguard Inc. today disclosed that it has raised another $140 million to support its sales growth.

Redpoint Ventures, Lightspeed Venture Partners and IVP jointly led the investment. The round, a Series C raise, also included Sequoia Capital and several other returning backers. Chainguard is now worth $1.12 billion.

The typical enterprise application includes multiple open-source components. If one of those components contains a vulnerability, hackers may have an opportunity to compromise the workload. Chainguard operates a kind of app store that promises to reduce the cybersecurity risk associated with open-source components.

The company’s app store offers custom, containerized versions of popular open-source technologies. It equips each such container with cybersecurity enhancements designed to reduce the risk of hacking. The company provides hardened versions of more than 700 open-source projects including databases, programming languages and analytics tools.

Each Chainguard container includes a custom Linux distribution called Wolfi. According to the company, the operating system makes it possible to create a detailed inventory of what software components ship with the container in which it’s installed. Having a list of the technologies in a software package makes it easier for developers to verify that there’s no vulnerable code inside.

Before adding an open-source tool to its app store, Chainguard removes any unnecessary components it may include. Each line of code in an application represents a potential attack vector. The less code an application includes, the fewer opportunities hackers have to launch cyberattacks.

The company updates the open-source tools in its marketplace every day. That ensures customers quickly receive access to patches if a vulnerability is found in the upstream version of a project. In the process, Chainguard’s updates remove the need for enterprises to manually apply upstream patches, which can require a significant amount of time and effort.

“The complexity and scale of vulnerability management has outgrown the capabilities of most organizations to manage on their own,” said Chainguard co-founder and Chief Executive Officer Dan Lorenc.

The company announced its Series C funding round today against the backdrop of an upgrade to its software marketplace. Customers now have access to a new set of containers, Chainguard AI Images, that include open-source tools commonly used in artificial intelligence projects. They ship with the same cybersecurity enhancements as the company’s other software bundles. 

Some of the new containers include hardened versions of AI development frameworks such as PyTorch. Others ship with more general-purpose tools, such as the Kafka data transfer engine, that weren’t designed specifically for machine learning but are often used to support AI applications. Chainguard has bundles several of the tools with dependencies, external software components that make them more useful.

“The current runtime release of the official PyTorch image on Docker Hub contains 1 critical, 23 high, 1,189 medium, and 72 low CVEs according to the Grype vulnerability scanner as run on July 24, 2024,” Dan Fernandez, a senior product manager at Chainguard, wrote in a blog post this morning. “By contrast, the Chainguard AI Image for PyTorch has zero CVEs as of today.”

Chainguard will use the capital from its new funding round to enhance its AI portfolio. On the go-to-market side, the company plans to grow its presence in international markets and the public sector. 

Image: Unsplash