Legit Security, a cyber security company with an enterprise SaaS solution that secures software supply chains, today announced its launch out of stealth mode with a Series A funding round, topped at $30 million. This investment was led by Bessemer Venture Partners and TCV.

Enterprises are increasingly relying on software to do business by adopting cloud, DevOps, CI/CD, and agile techniques. As software supply chains are now at the heart of digital businesses, this increased adoption means there is a huge, new, unprotected attack surface for cybercriminals to target. Software supply chain attacks will continue to grow until new solutions are available to close diverse security gaps across these environments, so much so that 45% of organizations worldwide will have experienced attacks on their software supply chains by 2025– a three-fold increase from 2021. With such attacks escalating, companies can no longer rely solely on traditional security tools and code scanners for protection as more organizations adopt modern applications, agile development, and DevOps. There is a need for a new approach and a new solution to protect our new complex software supply chain infrastructure– one that is holistic, easy to deploy, and quickly delivers value.

Legit Security is filling this market need. Legit Security helps companies protect their end-to-end software supply chain environment and software releases in real-time through automated vulnerability discovery and analysis, security policy enforcement, and continuous assurance.

How does it work?

Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code, and people so that businesses can stay safe while releasing software fast. Essentially, the platform scans software development pipelines for gaps and leaks, checks for development infrastructure and systems within those pipelines, and analyses people and their security hygiene as they operate within it. The best part is that the solution doesn't interfere with existing development tools and workflows and includes continuous assurance and governance capabilities to monitor adherence to regulatory requirements and compliance frameworks in real-time.

With the clear visualization and analysis that Legit Security provides, users can inventory SDLC systems and security tools and address their configuration drifts, secure CI/CD pipelines, view developer activity, detect and remediate vulnerabilities, measure the security posture of different teams, see progress on improvements, and help apply security resources where it is needed most. All in all, the platform enables users to maintain high velocity with minimal security friction; users can now better identify risk factors and accordingly make proper adjustments, thus mitigating software development risk.

With the money raised so far, the company will expand its engineering team and continue building out its go-to-market organization in the United States with offices in Austin and Palo Alto.

“Legit is providing us with visibility across the entire supply chain, which helps us minimize risk and raise analyst productivity. Legit’s platform nicely complements our existing investments in application security tools and allows us to make better decisions in allocating our security controls and resources.” – James Robinson, Deputy Chief Information Security Officer at Netskope

Legit Security was founded by Roni Fuchs (CEO), Liav Caspi (CTO), and Lior Barak (VP of R&D). Their team consists of security experts from Israeli Defense Force’s Unit 8200, Checkmarx, Ping Identity, Duo/Cisco, Microsoft and other leading cybersecurity firms in the U.S. and Israel. They raised $3.5 million during their seed funding, which was led by Cyberstarts, the premier cybersecurity venture capital firm in Israel, and now have raised an additional 26.5$ million during their Series A round.