Introduction

Cloudsmith, a Northern Irish startup, has raised $23 million in a Series B round to improve software supply chain security. The company's cloud-native artifact management platform helps enterprises secure and manage their software packages.

The Problem

The software supply chain is notoriously porous, with a reported 81% of codebases containing high- or critical-risk open source vulnerabilities. A single vulnerability can have a far-reaching impact on the wider software supply chain, as evidenced by the likes of the Log4Shell exploit.

The Solution

Cloudsmith's platform serves as a private registry for binary artifacts, ensuring that they are always available for future builds, even if they change or disappear from their original sources. The platform also scans dependencies for vulnerabilities, licensing issues, and malware before exposing them to developers.

Investment and Growth

The Series B round was led by TCV, with participation from Insight Partners and some returning investors. Cloudsmith plans to use the funding to hire across sales, marketing, and customer success, as well as invest in R&D for new AI applications.

Future Plans

Cloudsmith aims to transform vast banks of software package consumption data into actionable insights for developers. The company plans to help developers choose better, safer open-source packages by providing recommendations and creating internal curated registries.