Announcing Chainguard’s Series D: Building the Safe Source for All Open Source

How do you secure the entire open source supply chain? One link at a time.

Today, Chainguard raised a $356 million Series D, led by Kleiner Perkins and IVP, at a $3.5 billion valuation. New investors Salesforce Ventures and Datadog Ventures, and all existing investors like Sequoia, Spark, Amplify, Redpoint, Lightspeed, Mantis, and Kerrest & Co. also participated in the round. The funding helps accelerate our mission to be the safe source for open source, and will enable us to continue to scale our go-to-market team to support our growing customer base. I’m tremendously proud of what we’re building, but we still have so much left to do.

When we started Chainguard three years ago, supply chain security had the curiosity of the industry. Today it has their attention. Whether it’s struggling to patch fleets of containerized systems to address the endless onslaught of new vulnerabilities, or holding endless postmortems to measure or mitigate supply chain breaches like xz-utils or the tj-actions GitHub Action compromise, the industry and regulators are all realizing the old ways of building and using open source software don’t work anymore.

At Chainguard, we believe there’s a better way to build software – one where you don’t need to compromise innovation for security. We can’t be the safe source for open source without securing all open source. We started at the end of the supply chain with our Containers product, and over the past year, we’ve grown from 400 to 1,400 container images, increased revenue from $5 million to $40 million (with plans to exceed $100 million in revenue this year), and most importantly, added over 100 customers that use and love our product every day.

We never intended to stop there. In fact, to even secure this piece we needed to build a software factory — similar to a factory for physical goods like cars, appliances, and electronics — that operates at many other places throughout the chain. The Chainguard Factory is building, patching, updating, testing, and hardening over 13,000 individual packages and git repositories to build the 1,400 container images we currently offer and sell.

At Assemble last month, I was thrilled to announce the next chapter for Chainguard with two new products: Chainguard VMs and Chainguard Libraries. These rely on the same Chainguard Factory we built for our Containers product, and now we’re moving both up and down the stack to secure and harden even more open source.

Our customers and the impact they’re seeing from Chainguard drive us to innovate. Collectively, we’ve helped them save more than 288,000 engineering hours. It never gets old to hear their stories – whether it’s vulnerability management teams thinking their scanners are broken after seeing the results of our Containers, or platform teams getting days and weeks of time back every month. Our success is deeply tied to our customers’ success, and every day we’re motivated by helping them reduce risk and drive efficiencies within their organizations.

To our customers, our team, and our investors who have supported us this far, I want to extend a huge thank you. We have the best community possible.

This is just the beginning for us. We’re going to keep doing more of what we do best. Our mission is still to be the safe source for open source, and our roadmap is still More Safety, More Sources, and More Open Source. Let’s fucking go!