Skip navigation
rows of lockers with locks Getty Images Raises $31M to Automate DevSecOps for Containers

Founders of the open-source DockerSlim project raise money for vendor to improve DevSecOps by optimizing container security automation.

DevSecOps vendor announced on Jan. 26 that it has raised $31 million in a Series A round of funding to advance its vision of enabling automated container security workflows.

An application container contains multiple layers of code that can come from any number of sources. Among the popular ways to optimize containers is with the open-source DockerSlim project, which helps developers “slim down” Docker containers and optimize deployment. DockerSlim is a community open-source project; however, its founders realized that there was a need for more capabilities in a platform model to support organizations that want to automate container security workflows, which is the goal of

"The mission is to help developers become more productive at building secure, ready-for-production software," John Amaral, co-founder and CEO of, told ITPro Today. "Today that revolves around the idea that the unit of software for the cloud-native world is a container."

From DockerSlim to for Automated Container DevSecOps

With seed money it received at the end of 2019, began building a software-as-a-service (SaaS) platform for DockerSlim at the beginning of 2020.

While DockerSlim can help developers with container software composition, in an enterprise DevSecOps (development, security, and operations) workflow, there are additional concerns and integrations that need to be addressed.

Amaral explained that extends the value of DockerSlim and provides integrations in an organization's CI/CD system, enabling security analysis and software composition. Additionally, the platform can help developers identify what's in containers taken from different container registries.

Sean Michael interface interface also enables developers to analyze differences across containers over time. As such, a developer can discover if a specific code library was changed in a container hosted on a specific registry and how it might differ from the same container on a different container registry. Container registries, such as Docker Hub and Google Container Registry, provide a hosted repository for application container images.

Automatic Optimization Workflow for DevSecOps in

The DockerSlim workflow is now being expanded for DevSecOps in to help enable automatic optimization, according to Amaral. With, after a developer chooses a base image for a container, the platform can optimize the image for deployment and operations, he said.

As organizations use containers more, there is the potential for sprawl, with multiple container versions running in different environments. To that end, has a container collections management feature that allows developers to keep track of containers, wherever they are deployed.

For example, Amaral said a developer could have a container where the base image comes from Docker Hub and a database instance container that comes from AWS. will hold records for those containers in its system, and monitor and manipulate them regardless of where they are deployed.

"Developers don't really have to manually keep track of where containers live anymore," Amaral said. "With, they are all recorded in one place, and it's sort of managed like a federated registry."

Amaral said will continue to build out its platform with features that help further enable an automated DevSecOps workflow.

"We want to make tools for developers so that when they are using or producing containers, that they can do things easily and optimally, and so that the supply chain risks for those containers are reduced," Amaral said. "It's not just about vulnerability reduction; it's about knowing the composition of your software and having an easy way to control it."

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.