Cloud computing vets Craig McLuckie and Luke Hinds are leading a new startup that helps enterprises vet software supply chains amid a rise in cyber-breaches stemming from open-source code.
Stacklok emerged from stealth mode Wednesday, announcing $17.5 million in Series A funding led by Madrona Venture Group and Accel.
When he was a product manager at Google, McLuckie helped create Kubernetes, the open-source container system that simplifies how developers deploy software. He then founded Seattle startup Heptio, which made Kubernetes easier to use. VMWare acquired Heptio in 2018 for $600 million.
Following the acquisition, McLuckie worked at the cloud computing giant for four years as its VP of research and development. After a brief stint as an entrepreneur-in-residence at Accel, he co-founded Stacklok.
Hinds is the project founder of Sigstore, a tool to verify and authenticate software artifacts. He serves as the chair of Sigstore’s Technical Steering Committee. Hinds is also a founding board member of the Linux Foundation’s OpenSSF, a cross-industry effort to improve open-source software security, and was a distinguished engineer at Red Hat.
Stacklok’s platform vets a company’s software supply chain — which describes any software used to create and deploy products — by ensuring open-source code from Github, code repositories, and dependencies are authenticated and not prone to vulnerabilities. It also recommends security enhancements, helping developers throughout the development process.
“We are focused primarily on helping developers better understand the emerging standards that are driving software supply chain security so that they can build more securely,” McLuckie told GeekWire in an email. “Ultimately, we help bridge the gap between enterprise organization needs and the open-source community as being a way to create commercial value.”
McLuckie said Stacklok is committed to supporting the Sigstore project, which is “already seeing significant adoption in the software industry.” It is used by Google, Cisco, HPE, and others.
The startup’s launch comes as software supply chain attacks are on the rise and a growing number of enterprises are turning to open-source software, leaving them vulnerable to breaches. This will only be accelerated by the emergence of AI and productivity tools like GitHub Copilot, according to Madrona, which wrote about its investment in a blog post.
Madrona previously backed Heptio. “Craig and Luke are brilliant technology and product strategists who complement each other well,” the firm wrote in its post. “They have strong go-to-market and company-building superpowers, and together we believe they can build an enduring and scalable business in this incredibly important category.”
