Cloudsmith raises $23M to improve software supply chain security

The software supply chain is notoriously porous: a reported 81% of codebases contain high- or critical-risk open source vulnerabilities. A single vulnerability can have a far-reaching impact on the wider software supply chain, as evidenced by the likes of the Log4Shell exploit that saw millions of applications exposed to potential remote code execution hacks via the Log4j logging library. Northern Irish startup Cloudsmith is setting out to solve this exact problem with its cloud-native “artifact management platform,” which it touts as a more modern alternative to legacy software supply chain platforms such as JFrog or Sonatype. To help drive its next phase of growth, the startup on Monday said it has raised $23 million in a Series B round of financing led by TCV, with participation from Insight Partners and some returning investors. New build An “artifact,” in the context of Cloudsmith’s industry, refers to any software package, binary file or component that is created or distribut ... Read full article.