StepSecurity, a Seattle-area startup aiming to help developers secure their projects, raised a $3 million seed round led by Runtime Ventures.
Founded in 2022 by former Microsoft engineers and cybersecurity veterans Ashish Kurmi and Varun Sharma, StepSecurity focuses on CI/CD, an industry term known as continuous integration and continuous delivery that describes the process of automating the development and deployment of applications.
StepSecurity specifically targets developers using GitHub Actions and plans to expand to support other similar tools, such as GitLab CI, Harness, and Azure DevOps.
The startup has paying customers across industries including crypto, healthcare, and cybersecurity.
Kurmi and Sharma point to high-profile security breaches such as the SolarWinds and Codecov hacks that originated in CI/CD.
“The glaring lack of security in CI/CD pipelines that these incidents highlighted compelled us to start StepSecurity,” they wrote in a blog post. “We looked around, spoke with peers, and realized there was no solution to prevent such CI/CD attacks. So, a couple of years back, we started building our product in the open and offered it for free to help secure CI/CD pipelines for open-source developers. Little did we know that it would be the beginning of something special.”
Sharma previously spent nearly 15 years at Microsoft, most recently as a principal security software engineering manager. Kurmi spent almost eight years at Microsoft before joining Uber and Plaid as a security engineer.
Other investors in the seed round include Inner Loop Capital, SaaS Ventures, DeVC, and angel investors in leadership roles at companies such as Coinbase and Zscaler.
