Cloudsmith Inc., a startup that helps software teams manage application components, has secured $72 million in new funding.
The Series C round was led by TCV, which was also a major backer in the company’s previous raise last year. Cloudsmith said in its funding announcement today that the venture fund was joined by other existing investors and Insight Partners. The company’s total foreign capital now exceeds $110 million.
Developers download open source components that they use in software projects not only from GitHub repositories but also from many other sources. Artificial intelligence models, for example, are often found on Hugging Face Inc.’s website. For administrators, ensuring that all open source components used by developers meet cybersecurity requirements can be time-consuming.
Belfast-based Cloudsmith sells a cloud platform that makes the job easier. It is a type of application store designed to store open source projects and other building blocks of software. Administrators can manage those components, which is easier than monitoring third-party repositories spread across multiple websites.
Cloudsmith can store not only code but also a list of other artifacts, an umbrella term for software project files. The platform is able to host, among others, configuration documents, AI models and applications.
Another use supported by Cloudsmith is to store software containers. A container can contain more than ten artifacts each, each representing a potential cybersecurity risk. Cloudsmith addresses that difficulty by automatically creating a software or bill of materials, or SBOM, for each container. An SBOM is a file that lists the components of a workload.
Before making an open source component available for download, Cloudsmith scans it for known vulnerabilities. The platform determines the severity of each bug it finds using a framework called the Exploit Prediction Scoring System. The framework estimates the likelihood that the vulnerability will be exploited by cybercriminals in the next 30 days.
Cloudsmith also finds other problems besides vulnerabilities. According to the company, its platform scans open source components for license terms that may confuse software projects. Cloudsmith may recognize, among other things, license clauses that prohibit commercial use.
Customers can use the data exposed by the platform to create automated workflows. For example, a company can create a policy that blocks open source components if they contain high risks. Customers write automated workflows in Rego, a special programming syntax optimized for tasks such as configuring cloud environments.
“AIs generate so much software, so fast, it’s almost impossible for humans to carefully review it all,” said Cloudsmith CEO Glenn Weinstein. “Cloudsmith has the scale, and the broad vision across the open source space, to protect businesses from the new types of threats that AI-driven advancements are introducing.”
The company will invest its new capital in the development of the feature. In particular, Cloudsmith plans to add more cybersecurity controls and AI-powered automation capabilities.
Photo: Cloudsmith
Support our mission to keep content open and free by engaging with the CUBE community. Join CUBE’s Alumni Trust Networkwhere technology leaders connect, share wisdom and create opportunities.
- 15M+ viewers of CUBE videosenabling conversations across AI, cloud, cybersecurity and more
- 11.4k+ CUBE alumni – Connect with more than 11,400 technology and business leaders who are shaping the future through a unique network based on trust.
About SiliconANGLE Media
Founded by technology visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media products that reach 15+ million elite technology professionals. Our new ownership of CUBE AI Video Cloud is starting to engage with audiences, using CUBEai.com’s neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
