ArmorCode adds $8M for comprehensive application security platform

ArmorCode announced today it has added $8 million to its seed round of funding to further develop its “AppSecOps” platform, which brings together an array of different application security solutions and integrations into a unified offering.

The new funding—which completes the seed round for ArmorCode at $11 million—will also be used to expand the startup’s go-to-market efforts, in addition to supporting product development. Customers for ArmorCode so far include Guardant Health, ChargePoint, Shutterfly, and Nirmata. The the Palo Alto, Calif.-based startup is not disclosing how many customers it has in total.

Centralizing application security

ArmorCode says that the core capability for its platform is in application security posture management (a term adopted by the company and several other vendors).

Application security posture management centralizes app security findings from tools for static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA), according to the company. The solution also prioritizes the findings, reduces triage time, and serves as system of record for application security findings and remediation, ArmorCode says.

The platform offers integrations with more than 80 security, development, and operational products out-of the box, ArmorCode cofounder and CEO Nikhil Gupta said in an email. The integrations include DAST/SAST/SCA tools (such as Contrast Security, Snyk, and Veracode); cloud-native application protection platforms (such as Aqua Security, Qualys, and Palo Alto Networks Prisma); issue tracking (such as Jira); and a number of other tools.

ArmorCode’s platform then combines its application security posture management solution with other capabilities including vulnerability management, continuous compliance, and workflow automation for DevSecOps (development, security, and operations).

Ultimately, using the ArmorCode platform, “teams are able to control their AppSec chaos, reduce risk, and achieve AppSec operational efficiency,” Gupta said in an email.

Avoiding blind spots

Sitaraman Lakshminarayanan, director of security architecture at Guardant Health, said in a news release that the ArmorCode platform “gives us insight into our security posture across all applications, APIs, and microservices in our environment, allowing us to avoid blind spots and improve security.”

Gaining these insights, combined with workflow automation, “significantly reduces our costs associated with fixing vulnerabilities and allows us to provide a safe and secure service for our customers,” Lakshminarayanan said in the release.

ArmorCode was founded in July 2020 by Gupta and chief technology officer Anant Misra, formerly the CTO of FabHotels. Gupta—formerly an executive at companies including ForeScout, VMware, and Cisco—had most recently cofounded and served as the CEO of Avid Secure, acquired by Sophos in 2019.

ArmorCode emerged from stealth and launched its platform into general availability in May 2021.

Top competitors in the space include Enso, Threadfix (acquired by Coalfire), and CodeDx (acquired by Synopsys), Gupta said.

However, ArmorCode is “the only platform that enables organizations to scale application security posture, compliance and vulnerability management, and DevSecOps workflow automation all from a single platform,” he said.

Growth funding

The additional seed funding was led by Cervin Ventures, and included investments from Sierra Ventures—which had led the startup’s initial funding that was announced last May—and from Tau Ventures.

With the funding, ArmorCode plans to expand its team from 50 employees to 75 within the next six months, Gupta said.

In terms of product development, ArmorCode plans to expand the platform’s capabilities around providing insights and automation to better streamline DevSecOps orchestration, while improving operational efficiency for application security overall, he said.