Scalable application security company DefectDojo Inc. announced today that it has raised $7 million in new funding to fuel innovation, product development and market expansion.

Founded in 2015 and based on the open-source project of the same name, DefectDojo offers a security automation and vulnerability management platform designed to help organizations manage security findings across multiple tools. The platform allows businesses to track vulnerabilities, prioritize them and automate workflows to improve security testing efficiency.

The company’s platform gives security and DevSecOp teams a unified command center that automates critical tasks such as vulnerability triage, enrichment, noise reduction, service level agreement management and risk acceptance. It tracks vulnerabilities across all stages — builds, releases, continuous integration/continuous delivery, repositories, engagements and endpoints — using machine learning algorithms that consolidate duplicates, eliminate false positives and identify vulnerability trends.

DefectDojo supports over 180 security tools, providing flexibility to rotate preferred security tools as needed, with real-time insights and analytics to refine security in a resilient DevSecOps environment. Its flexible data model also supports continuous feedback and optimization.

With its open-source roots, the company says, it’s also deeply committed to open-source software, with the open-source version of DefectDojo becoming a popular and fast-growing security project on GitHub.

“We first began our open source community over 10 years ago to reduce the repetitive, mundane tasks that take away from security professionals’ ability to operate strategically and meet the needs of a rapidly evolving threat landscape,” said founder and Chief Executive Greg Anderson. “As we continue to develop our DevSecOps platform, security will be able to scale far beyond what is possible today to stay one step ahead of tomorrow’s bad actors.”

Iolar Ventures and Aspenwood Ventures LP led the Series A funding round.

In addition to the funding announcement, DefectDojo also announced new enhancements to its Pro Edition, designed to improve automation and provide deeper insights. The company’s Pro Edition now offers enterprise scalability, improved visualization and premium support that builds on the company’s Community Edition’s foundation.

New features include enhanced automation to streamline AppSec workflows, powerful insights tools to support data-driven security decisions and data enrichment that incorporates the Exploit Prediction Scoring System for better threat and vulnerability context.

Image: DefectDojo