Today, cybersecurity provider Legit Security announced it’s raised over $30 million in funding in a Series A round. The company has also announced the launch of a SaaS-based software supply chain protection solution out of stealth.

Legit Security’s platform helps enterprises protect software supply chains by automatically discovering pipelines, infrastructure, code, and other Software Development Life Cycle (SDLC) assets, as well as enabling companies to visualize them in one place to identify vulnerabilities and generate security incident reports.

The solution will offer security teams and technical decision-makers a way to increase transparency over the software supply chain and what vulnerabilities exist in the environment.

The reality of supply chain attacks

The announcement comes as supply chain attacks are on the rise, with Gartner anticipating that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a threefold increase from 2021.

Threat actors realize they can breach a single software supplier and gain access to the information of dozens of downstream organizations in one fell swoop.

At the same time, organizations can do little to defend against these attacks because they don’t have control over the security practices and procedures implemented by third-party suppliers.

However, Legit Security is attempting to address this challenge by automatically identifying SDLC assets and highlighting vulnerabilities to the user so they can take action to better protect their critical data assets.

“Legit Security protects software supply chains from attack by automatically discovering and securing the pilings, infrastructure, code and people so that businesses can stay safe while releasing software fast,” said CEO Roni Fuchs in an interview.

“Attacks to software supply chains have increased dramatically since the SolarWinds attack and are estimated to be increasing between 3x to 6x per year. New security solutions are needed that can go beyond code scanning to instead secure the broader software supply chain environment,” he said.

Automating software supply chain visibility

Legit Security’s launch places it within the fast-growing supply chain security market, which is projected to grow from $903 million in 2021 to $1.23 billion by 2026. The market contains a range of software development lifecycle (SDLC) providers all vying to provide the definitive solution to supply chain attacks.

One of the organization’s most relevant competitors is Chainguard, a solution that uses zero-trust principles to help organizations secure the supply chain and recently raised $5 million in seed funding.

Another is Sonatype, a tool that can automatically detect and fix open source vulnerabilities, which recently generated over $100 million in annual recurring revenue.

However, Legit Security aims to differentiate itself from existing SDLC providers in a number of ways.

“The Legit Security platform is unique in at least three areas: the breadth and depth of our automated SLDC discovery and analysis capabilities; the hundreds of best practice software supply chain security policies that can be enforced in our product; and our Legit Security Score, which allows you to measure and track the security posture of teams and development pipelines,” Fuchs said.

The funding round was led by Bessemer Venture Partners and TCV.