- Cloudsmith raised $23 million in a Series B round, led by TCV and Insight Partners, to improve software supply chain security.
- The platform scans dependencies for vulnerabilities, licensing issues, and malware, ensuring safe and repeatable builds for developers.
Northern Irish startup Cloudsmith has raised $23 million in a Series B round led by TCV, with participation from Insight Partners and returning investors.
The funding will support the company's mission to secure the software supply chain, a critical issue given that 81% of codebases contain high- or critical-risk open-source vulnerabilities.
Cloudsmith offers a cloud-native “artifact management platform,” which it describes as a modern alternative to legacy software supply chain platforms such as JFrog or Sonatype.
The platform serves as a private registry for binary artifacts, such as libraries, configuration files, and compiled applications.
By providing mirrors of these packages, Cloudsmith ensures they remain available for future builds, even if the sources become unavailable or change.
The platform goes beyond merely storing packages. It scans dependencies for vulnerabilities, licensing issues, and malware, protecting developers from potential security risks.
Cloudsmith’s focus is primarily on open-source packages from popular indexes like PyPI, Docker Hub, Maven Central, and Npmjs, though it also supports in-house developed packages.
Founded in 2016 by Alan Carson and CTO Lee Skillen, Cloudsmith has raised a total of $49 million, with the Series B funding enabling the company to expand its team and invest in new AI applications.
The company now sees three-quarters of its revenue coming from U.S. customers, as it pivots toward large enterprises and their software supply chain challenges.
The fresh funding will help Cloudsmith hire in sales, marketing, and customer success, while also investing in research and development to provide actionable insights for developers on safer open-source package choices.
The company's vision is to help developers source better and more secure packages with the aid of curated internal registries.
Edited by Annette George
