How Apiiro leverages application security for the software supply chain

Application security is something that organizations cannot afford to overlook. The average company’s environment has around 254 applications, and many organizations develop code internally. As a result, there is a vast attack surface for threat actors to exploit using ransomware and supply chain attacks. 

Yet, many vendors are looking at application security as the key to securing the software supply chain. 

Application security provider, Apiiro, today announced it has raised $100 million in series B funding. Its solution is designed to help developers and application security engineers identify vulnerable applications, code and APIs. It allows users to identify risks and prioritize remediation with a context-based risk graph. 

By taking this approach, security teams can fix application vulnerabilities within their development environments early in the CI/CD pipeline before they’re pushed live. 

How application security can secure the software supply chain 

The announcement comes amid an industry-wide effort to secure the software supply chain following the Biden Administration’s Executive Order aimed at improving cybersecurity nationwide after a spate of high-profile supply chain attacks like the SolarWinds breach. 

Because cybercriminals look to exploit any vulnerabilities they can find in an organization’s application stacks, both security teams and developers need to be extremely proactive at pinpointing and remediating vulnerable applications and code throughout the software supply chain. 

Apiiro aims to do this by enabling developers to discover every API, service and artifact to create a software bill of materials (SBOM), as well as to identify exposed secrets, AOPI and OSS vulnerabilities and misconfigurations that increase risk.

“The unrelenting demand for next-generation application security solutions has allowed us to deploy our product at scale with leading Fortune 500 customers,” said Idan Plotnik, cofounder and CEO of Apiiro. “Early innovation enables us to grow faster and more efficiently than the competition, and we are building the company for hyper-growth. The combination of our team, business momentum, and support from top-tier investors positions Apiiro to continue to lead a growing industry.”

Reviewing the application security market 

As more providers focus on securing the software supply chain, the application security market continues to grow rapidly. Researchers anticipate that the market will grow from a value of $6.2 billion in 2020 to reach a value of $13.2 billion by 2025. 

One of Apiiro’s main competitors in the market is Snyk, offering developers a platform that can automatically discover and fix vulnerabilities in code, open-source dependencies and containers through the use of security intelligence, which provides actionable advice to eliminate security issues. 

Last year, Snyk raised $530 million and achieved a valuation of $8.5 billion. 

Another competitor in this area is Sonarqube, a solution that uses static code analysis rules to identify vulnerabilities in application code bases in 29 different programming languages. SonarQube’s parent company SonarSource announced it had raised $412 million in funding earlier this year, bringing its valuation to $4.7 billion.