The software supply chain is under threat from all sides. According to a 2024 report from the Ponemon Institute, more than half of organizations have experienced a software supply chain attack, and 54% experienced an attack in the past year.
Supply chain attacks typically target third-party vendors or open source software services that make up a company’s technology stack, and can financially devastate an organization. According to Juniper Research, supply chain cyberattacks could cost the global economy an estimated $81 billion in lost revenue and damage by 2026. The White House has shown a willingness to address the broader issue of software supply chain security, publicly declaring it a national security issue and issuing an executive order to establish mitigation criteria.
These threats have fueled demand for platforms that can detect and, in a perfect world, mitigate attacks on a company’s software supply chain. One startup building such a platform, Lineaje (a semi-phonetic spelling of “lineage”), closed a $20 million Series A funding round today.
Founded in 2021 by Javed Hasan and Anand Revashetti, Lineaje develops tools to detect tampered software and outdated, potentially vulnerable open source software in an organization’s supply chain. When Lineaje finds a potential vulnerability, it recommends a fix (if available) and warns against implementing a fix that could compromise your software.
“For organizations concerned about the risks their software poses to their organization and their customers, it’s important to focus on and manage that risk,” Lineaje CEO Hasan told TechCrunch. “Lineaje was born to discover, manage, and protect software, regardless of where it’s built.”
Hasan and Revashetti both come from the cybersecurity industry, having worked for vendors including Symantec, McAfee, and Norton. The two met at McAfee, where Revashetti was a fellow and chief architect.
“Software supply chain attacks and concerns are steadily increasing,” Hassan said. “When we look at this space, it’s clear that supply chain is a top three concern for CISOs and the U.S. government.”
Lineaje is in a competitive market. Kusari, Ox Security, Chainguard, Dustico, and Endor are among its competitors, and big tech companies like Google, Amazon, and Microsoft are making efforts to improve the security of open source software in general.
But one way Lineaje is trying to stand out is by embracing the defense industry. Hasan claims the company has a contract with the U.S. Air Force to support its “Eagle Eyes” anti-terrorism program, and has relationships with other unnamed federal agencies.
Public sector agencies certainly deal with similar software supply chain issues as the private sector. According to a recent report from the U.S. Department of Homeland Security, one U.S. government cabinet agency spent months responding to a vulnerability in Apache’s Log4j2 library, a Java-based logging utility, in part because security teams had difficulty identifying where the vulnerable package was in their software environment.
Lineaje's Series A funding brings the total amount the startup has raised to $27 million and will bolster its efforts to acquire more U.S. public sector clients, Hasan added.
“The Series A funding round will cover us until at least early 2027,” he said, adding that last year was Lineaje’s first full year of revenue. “We currently have about 30 employees, and we plan to double that by the end of the year.”
The round was co-led by Prosperity7 Ventures, Neotribe, and Hitachi, with participation from Tenable Ventures, Carahsoft, Wipro Ventures, SecureOctane, and AlumniVentures.
