StepSecurity Secures $3 Million Seed Funding to Protect CI/CD PipelinesSEATTLE, May 1, 2024-- StepSecurity, a leader in protecting CI/CD pipelines and infrastructure, announced today the closing of its $3 million seed funding round led by Runtime Ventures, with participation from Inner Loop Capital, SaaS Ventures, DeVC, and several notable industry leaders as angel investors..

StepSecurity获得了300万美元的种子资金，用于保护CI/CD管道。ATTLE，2024年5月1日——保护CI/CD管道和基础设施的领导者StepSecurity今天宣布，由Runtime Ventures牵头的300万美元种子资金回合结束，内环资本、SaaS Ventures、DeVC以及几位著名的行业领袖作为天使投资者参与。。

Founded two years ago by cybersecurity leaders Varun Sharma and Ashish Kurmi, StepSecurity has rapidly gained traction within both the open-source community and enterprise sectors.

两年前，网络安全领导人瓦伦·夏尔马（VarunSharma）和阿希什·库米（AshishKurmi）创立了StepSecurity，它在开源社区和企业领域迅速获得了吸引力。

Over 3,000 open-source projects, including those from the Cybersecurity and Infrastructure Security Agency (CISA), Google, Microsoft, Datadog, Kubernetes, Node, and Ruby, use StepSecurity to harden their CI/CD pipelines. StepSecurity also recently detected a CI/CD supply chain attack in a Google open-source project..

3000多个开源项目，包括来自网络安全和基础设施安全局（CISA）、谷歌（Google）、微软（Microsoft）、Datadog、库伯内特斯（Kubernetes）、节点（Node）和红宝石（Ruby）的项目，使用StepSecurity来强化其CI/CD管道。StepSecurity最近还检测到谷歌开源项目中的CI/CD供应链攻击。。

StepSecurity's enterprise tier continues to gain traction, serving customers in high-tech, crypto, and healthcare industries. 'Enterprises typically have robust application and cloud security solutions. However, CI/CD, the crucial link between these two environments, remains unprotected,' said Varun Sharma, CEO of StepSecurity.

StepSecurity的企业层继续获得吸引力，为高科技、加密和医疗保健行业的客户提供服务企业通常拥有强大的应用程序和云安全解决方案。StepSecurity首席执行官瓦伦·夏尔马（VarunSharma）说，然而，CI/CD是这两个环境之间的关键环节，仍然没有得到保护。

'We analyzed past CI/CD security breaches and built our platform using a first-principles approach.'.

“我们分析了过去的CI/CD安全漏洞，并使用第一原则方法构建了我们的平台。”。

Michael Sutton, General Partner & Co-Founder at Runtime Ventures, commented, 'Attackers have learned not only that the CI/CD pipeline represents the weak link in application security, but also that a successful supply chain attack can deliver an exponential impact. Supply chain attacks such as SolarWinds and Codecov impacted thousands of entities given the broad usage of the vulnerable applications.

Runtime Ventures的普通合伙人兼联合创始人迈克尔·萨顿（Michael Sutton）评论道：“攻击者不仅了解到CI/CD管道代表了应用程序安全的薄弱环节，而且成功的供应链攻击可以产生指数级的影响。鉴于脆弱应用程序的广泛使用，SolarWinds和Codecov等供应链攻击影响了数千家实体。

Security leaders have learned the hard way that CI/CD security can no longer be ignored, and StepSecurity is at the forefront of this paradigm shift.'.

安全领导人已经艰难地认识到，CI/CD安全不再被忽视，StepSecurity处于这种范式转变的最前沿。”。

The urgency of securing CI/CD environments has never been clearer due to recent high-profile security breaches. Several incidents, such as XZ Utils and SolarWinds, originated in CI/CD. As a result, the Center for Internet Security (CIS), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and National Institute of Standards and Technology (NIST) have released guidance and benchmarks urging enterprises to harden their CI/CD environments..

由于最近备受关注的安全漏洞，保护CI/CD环境的紧迫性从未如此明显。几起事件，如XZ Utils和SolarWinds，起源于CI/CD。因此，互联网安全中心（CIS）、网络安全和基础设施安全局（CISA）、国家安全局（NSA）和国家标准与技术研究所（NIST）发布了指导和基准，敦促企业加强CI/CD环境。。

StepSecurity plans to use these funds to invest in its open-source community and expand its enterprise offerings. StepSecurity already supports GitHub Actions and plans to expand its product to cover other CI/CD environments, such as GitLab CI, Harness, and Azure DevOps. The company is also actively hiring across engineering, sales, and marketing to support its growth..

StepSecurity计划使用这些资金投资其开源社区并扩大其企业产品。StepSecurity已经支持GitHub操作，并计划将其产品扩展到其他CI/CD环境，例如GitLab CI、Harness和Azure DevOps。该公司还积极招聘工程、销售和营销人员，以支持其增长。。

For more information or to get started with StepSecurity, please visit https://stepsecurity.ioContact:

有关更多信息或开始使用StepSecurity，请访问https://stepsecurity.ioContact:

Jaya Ramsinghani

贾亚拉姆辛哈尼

Email: jaya@stepsecurity.io

电子邮件jaya@stepsecurity.io