Venture Capital Access Online logo
Venture Capital Access Online

StepSecurity Secures $3 Million Seed Funding to Protect CI/CD Pipelines

Share This Article

SEATTLE, May 1, 2024-- StepSecurity, a leader in protecting CI/CD pipelines and infrastructure, announced today the closing of its $3 million seed funding round led by Runtime Ventures, with participation from Inner Loop Capital, SaaS Ventures, DeVC, and several notable industry leaders as angel investors.

Founded two years ago by cybersecurity leaders Varun Sharma and Ashish Kurmi, StepSecurity has rapidly gained traction within both the open-source community and enterprise sectors.

Over 3,000 open-source projects, including those from the Cybersecurity and Infrastructure Security Agency (CISA), Google, Microsoft, Datadog, Kubernetes, Node, and Ruby, use StepSecurity to harden their CI/CD pipelines. StepSecurity also recently detected a CI/CD supply chain attack in a Google open-source project.

StepSecurity's enterprise tier continues to gain traction, serving customers in high-tech, crypto, and healthcare industries. "Enterprises typically have robust application and cloud security solutions. However, CI/CD, the crucial link between these two environments, remains unprotected," said Varun Sharma, CEO of StepSecurity. "We analyzed past CI/CD security breaches and built our platform using a first-principles approach."

Michael Sutton, General Partner & Co-Founder at Runtime Ventures, commented, "Attackers have learned not only that the CI/CD pipeline represents the weak link in application security, but also that a successful supply chain attack can deliver an exponential impact. Supply chain attacks such as SolarWinds and Codecov impacted thousands of entities given the broad usage of the vulnerable applications. Security leaders have learned the hard way that CI/CD security can no longer be ignored, and StepSecurity is at the forefront of this paradigm shift."

The urgency of securing CI/CD environments has never been clearer due to recent high-profile security breaches. Several incidents, such as XZ Utils and SolarWinds, originated in CI/CD. As a result, the Center for Internet Security (CIS), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and National Institute of Standards and Technology (NIST) have released guidance and benchmarks urging enterprises to harden their CI/CD environments.

StepSecurity plans to use these funds to invest in its open-source community and expand its enterprise offerings. StepSecurity already supports GitHub Actions and plans to expand its product to cover other CI/CD environments, such as GitLab CI, Harness, and Azure DevOps. The company is also actively hiring across engineering, sales, and marketing to support its growth.

For more information or to get started with StepSecurity, please visit

Jaya Ramsinghani

News Index
Venture Capital Database | Private Equity Database
VCPro Database

VCPro Database 2024

Limited-Time Special Offer!

Special Price: $99.5 (includes a free mid-year update in July 2024)

Easily access venture capital with the affordable VCPro Database 2024: the premier directory for venture capital and private equity.