Highlights:
- Graph for Understandable Artifact Composition systematically organizes information, such as software bills of materials, into a knowledge graph. This approach assists users in grasping the intricate interdependencies within their software’s supply chain.
- GUAC’s main objective is to clarify the assembly of different software components, which is crucial in the prevalent utilization of open-source libraries in contemporary software development.
Kusari Inc., a software supply chain security startup, recently secured USD 8 million in additional funding. The funding infusion is geared towards expediting the advancement of its solutions focused on enhancing the security of software supply chains.
Established in 2022 by three cybersecurity experts “on a mission to bring transparency and security to the software supply chain,” Kusari is dedicated to assisting organizations in promptly identifying and addressing supply chain vulnerabilities while enhancing the security of development practices. The company contends that insufficient transparency in the software supply chain and development lifecycle can result in expensive security vulnerabilities.
Kusari’s platform aids users in comprehending the composition of any software artifact using GUAC or Graph for Understandable Artifact Composition. This open-source tool is specifically crafted to tackle the issue of transparency within software supply chains. GUAC systematically organizes information, such as software bills of materials, into a knowledge graph. This approach assists users in grasping the intricate interdependencies within their software’s supply chain.
GUAC’s main objective is to clarify the assembly of different software components, which is crucial in the prevalent utilization of open-source libraries in contemporary software development. Frequently, open-source libraries depend on additional libraries, forming complex dependency trees that pose challenges in terms of navigation and security.
Introduced and validated in 2023, GUAC has gained market acceptance. Boasting a community of 50 contributors, it has accumulated over 1,100 stars on GitHub, emphasizing its popularity and endorsement within the developer community. The project receives support from diverse companies, including Yahoo! Inc., Google LLC, Guidewire Software Inc., Microsoft Corp., Red Hat Inc., and ClearAlpha Technologies Inc.
Utilizing the funding, Kusari aims to expedite and enhance its ongoing progress in crafting software supply chain security solutions. The goal is to empower organizations with actionable insights, diminish incident response costs, and alleviate the pressures on security and developer teams.
J2 Ventures Management LLC and Glasswing Ventures I LP spearheaded the Seed Round, with additional participation from Unusual Ventures Management LLC.
Kleida Martiro, a partner at Glasswing Ventures, expressed ahead of the announcement: “Code breaches are increasingly becoming a top priority for chief information security officers. In an era where software supply chain attacks are on the rise, the demand for stringent security measures has never been more critical.”