Belfast-based Cloudsmith, a cloud-native artifact management platform, has raised $23 million in Series B funding to enhance software supply chain security and expand AI-driven package analysis.
The round was led by TCV, with participation from Insight Partners and existing investors.
Securing Open-Source and Proprietary Software Dependencies
Cloudsmith provides a private registry for software artifacts, ensuring:
- Secure storage for open-source and proprietary dependencies.
- Real-time vulnerability scanning to detect security flaws, malware, and licensing risks.
- Reliable package mirroring, preventing supply chain disruptions.
CEO Glenn Weinstein explained:
“Most enterprises lack visibility into the security of their software dependencies. Cloudsmith acts as a security checkpoint, scanning and blocking problematic artifacts before they reach production.”cess in transforming university innovations into high-potential startups as a key reason for federal investment.
Advertisement
Enterprise Adoption & Expansion Plans
The startup currently supports 100+ companies, including those in banking, healthcare, and government sectors. With 75% of its revenue now coming from U.S. customers, the company plans to:
- Expand its AI-powered security features for automated software integrity checks.
- Grow its team across sales, marketing, and customer success.
- Help cybersecurity teams create internal curated registries to prevent the use of compromised software.
Addressing the Growing Threat of Supply Chain Attacks
With 81% of codebases containing high-risk open-source vulnerabilities, Cloudsmith’s security-first approach is becoming increasingly critical.
Co-founder Alan Carson emphasized the shift:
“Cloudsmith is now a category leader in software supply chain security, helping enterprises control and secure their development pipelines.”
With $23M in fresh funding, the company is set to redefine how companies secure their software dependencies, ensuring resilient, risk-free software development at scale.
