Software supply chain security provider Phylum has secured $15 million in Series A funding led by ClearSky, with contributions from Atlassian Ventures, SixThirty Ventures, First In and TechOperators. With the Series A investment and the recent hire of Patrick Sheehan as Chief Revenue Officer, the company plans to grow its go-to-market team and continue the invention of new heuristics and machine learning models to proactively identify risk in open-source packages.

With the recent release of version 2.0 of the platform, Phylum’s clients continue to bolster their DevSecOps missions.

Phylum was founded in 2020 by Aaron Bray, Louis Lang and Peter Morgan, who are all career security researchers and developers with an accomplished history in cyber offense. Experienced in both commercial and government sectors, the team observed the rise in open-source usage and associated risk in the software supply chain, and created Phylum to combat the threats that continue to go unaddressed using traditional methods.

Phylum automates the entire process of identifying packages, analyzing the supply chain risk, and categorizing these risks into all five domains: Malicious Code, Vulnerability, License, Author, and Engineering risk. Phylum ingests and analyzes each package as it is published into a package registry, and automates risk analysis and malware detection to convict malicious packages with an average time of 11 minutes. This approach enables the classification and removal of hundreds of unidentified malicious packages and their respective authors, per month.