Software supply chains face threats from all sides: According to a 2024 report from the Ponemon Institute, more than half of organizations have experienced a software supply chain attack, with 54% experiencing an attack within the past year.
Supply chain attacks, which typically target third-party vendor services and open source software that make up a company's technology stack, can cause financial harm to organizations. According to a study by Juniper Research, supply chain cyber attacks could cost the global economy approximately $81 billion in lost revenue and damages by 2026. The White House has signaled its intention to address the broader issue of software supply chain security, openly declaring it a national security issue and issuing an executive order aimed at establishing mitigation standards.
This threat has driven demand for platforms that can be used to detect and, ideally, mitigate attacks on an enterprise’s software supply chain. One startup developing such a platform, Lineaje (a semitone spelling of “lineage”), closed a $20 million Series A funding round today.
Founded in 2021 by Javed Hasan and Anand Revashetti, Lineaje develops tools to detect tampered, as well as outdated and potentially vulnerable open source software within an organization's supply chain. If Lineaje determines there may be a vulnerability, it recommends a fix (if available) and warns against implementing a fix that could break the software.
“For organizations that care about the risk their software poses to themselves and their customers, focusing on and managing this risk is critical,” Lineaje CEO Hasan told TechCrunch. “Lineaje was born to discover, manage and secure software, regardless of where it's built.”
Both Hasan and Revaschetti come from the cybersecurity industry, having worked for vendors such as Symantec, McAfee and Norton, and met while at McAfee, where Revaschetti was a fellow and chief architect.
“Attacks and concerns about the software supply chain have been steadily increasing,” Hasan said. “After researching the space, it was clear that supply chain is a top three concern for CISOs and the U.S. government.”
Lineaje occupies a crowded market, with rivals including Kusari, Ox Security, Chainguard, Dustico and Endor, as well as large tech companies such as Google, Amazon and Microsoft stepping up their efforts to improve the overall security of open source software.
But one way Lineage is trying to stand out is through its defense work: Hasan claims the company has contracts with the U.S. Air Force to support its “Eagle Eyes” counterterrorism program, as well as relationships with other federal agencies he declines to name.
Public organizations are certainly grappling with similar software supply chain challenges as the private sector: According to a recent report from the Department of Homeland Security, one U.S. government cabinet agency spent months responding to vulnerabilities in Apache's Log4j2 library, a Java-based logging utility, in part because its security team couldn't identify where vulnerable packages were located in its software environment.
Hasan continued by saying that Lineage's Series A raise brings the startup's total funding to $27 million and will bolster its efforts to acquire additional public sector customers in the U.S.
“Our Series A funding round will cover us until at least early 2027,” he said, adding that last year was Lineage's first year of profitability. “We currently have about 30 employees, but we plan to double that number by the end of the year.”
The round was co-led by Prosperity7 Ventures, Neotribe and Hitachi, with participation from Tenable Ventures, Carahsoft, Wipro Ventures, SecureOctane and AlumniVentures.