Led by Eurazeo with participation from Sapphire, the round positions GitGuardian as a leader in the code security market
Paris, France - December 7, 2021 - GitGuardian, the world's leading secret detection* platform, today announced a $44 million growth round. Led by Eurazeo and joined by Sapphire, with participation from existing investors including Balderton, BPI and Fly Ventures. The round reflects GitGuardian’s accelerated adoption among enterprises’ security and development teams, as well as individual developers.
GitGuardian is trusted by large companies such as Talend, Mirantis, Instacart, Genesys, Now: Pensions and Maven Wave. The investment round will be used to accelerate the strategies that drove GitGuardian to quadruple its recurring revenue in both 2020 and 2021, extend its secret detection solution to become a comprehensive code security platform, expand its go-to-market, and grow its teams across the US and Europe.
In 2022, GitGuardian will establish a strong presence in the United States, with Jeremy Thomas, the founder and CEO, moving from France to open the American office and recruit key team members to better address this strategic market that already represents 75% of GitGuardian’s revenue.
The unmet demand of code security platforms
The way applications are built has changed drastically, creating largely unmet needs and the proliferation of vertical DevSecOps solutions. As software rules the world, the ability to deliver secure applications quickly is a competitive advantage, even in the most physically-rooted industries.
Achieving this requires a total change in the way applications are built:
- Organizational change: Large, growing, distributed Dev, Sec, and Ops teams producing more code, faster.
- Technological change: DevOps-native applications are no longer standalone monoliths. They are made up of an increasing number of building blocks (cloud infrastructure, managed databases, SaaS applications, open-source components, internal microservices, etc.), technologies and frameworks.
- Cultural change: Security is now a shared responsibility between Dev, Sec and Ops teams, which is continually addressed throughout the Software Development Life Cycle (SDLC) so that defects can be identified earlier and remediated at lesser costs.
These new ways of building software create the necessity to support new vulnerabilities and new remediation workflows. These needs have emerged so abruptly that they have given rise to a young and highly fragmented DevSecOps tooling market. Solutions are specialized based on the type of vulnerabilities being addressed: SAST, DAST, IAST, RASP, SCA, Secrets Detection, Container Security, and Infrastructure as Code Security.
A need for security platforms to enforce code security at scale has emerged
The “Application Security (AppSec) Shared Responsibility Model” is emerging as the only approach to AppSec that is truly scalable and finally allows the unlock of secure applications’ quick release. However, developers are underserved in terms of code security tools. The market is fragmented, tools are not educational and triggering irrelevant alerts that are harming developers’ productivity. They are often not well-integrated into the developers’ workflow.
With 150M developers on the different code hosting platforms (GitHub, GitLab, Bitbucket) in 2025, the code security market is estimated to reach between $50B and $100B.
GitGuardian, founded in 2017 by Jérémy Thomas and Eric Fourrier, has emerged as the leader in secrets detection and is now focused on enabling the Shared Responsibility Model of AppSec by starting first with getting the developers' experience right.
Jérémy Thomas, GitGuardian CEO shares his vision: “GitGuardian's mission is ambitious but is built on a very simple philosophy at its core. Developing and launching secure applications must be a shared responsibility between Dev, Sec and Cloud Ops. Developers in particular, want a wingman at every step of the SDLC to help them write more secure code without limiting their productivity. And as defining threat signatures and keeping pace with the thousands of technologies that developers use will always be a never-ending battle, we have already laid the foundation of a powerful and flexible code security framework that can be extended rapidly to encode a wide variety of vulnerabilities.”
From secrets to a wide variety of vulnerabilities
GitGuardian’s powerful and flexible framework currently addresses secrets detection. With more than 300 detectors, it can detect secrets in both public and private repositories and containers and be deployed either in SaaS or on-premise. With more than 130K installs, GitGuardian is the n°1 security application on the GitHub Marketplace. Its enterprise-grade features truly enable AppSec and Development teams in a collaborative manner to deliver a secret-free code.
With this funding, GitGuardian will build from its secret detection expertise and extend to encode a wide variety of vulnerabilities to compete with legacy code security platforms.
Its massive dataset and large developer community will allow fast testing. Broadening the detection scope will increase numbers of high assurance and high-value findings, making GitGuardian even more relevant for enterprises, individual developers and small development teams.
Jérémy Thomas, GitGuardian CEO GitGuardian is now an undisputed leader in secrets detection, a key pillar of the new code security landscape. In 2022, we will keep our lead in secrets detection and expand into other code security verticals, always keeping the developers’ best interests in mind. A great developer experience is the only truly scalable approach to application security!
Eric Fourrier, GitGuardian CTO This new funding is a great opportunity to fuel our innovation and gives us the ability to build world-class products that can be embedded into single-developer and large enterprise workflows. GitGuardian will now fulfill its ambition to become the go-to solution for code security, enabling true collaboration between dev, ops and sec teams.
Nicolas Debock, Eurazeo We are really proud to join the GitGuardian adventure by leading this new financing round that will give the company the ability to serve its fast-growing customers base from the USA to Japan. Code security is a key element of the DevSecOp stack and with the quality of its solutions, GitGuardian earned the trust of 100s of thousands of developers around the globe. We are committed to supporting the company for the next growth phases of the company.
Andreas Weiskam, Sapphire Corporate security is a top priority for every single organization around the world, which is why we’re thrilled to back GitGuardian, a leader in real-time secrets detection and security policies enforcement. Founders Jeremy and Eric have built a truly developer-focused product that addresses security vulnerabilities associated with API keys, certifications, usernames and passwords—to name a few. We’re looking forward to GitGuardian capitalizing on the market opportunity, and helping Jeremy, Eric and team build a category-defining company of consequence.
Suranga Chandratillake, Balderton GitGuardian is one of the fastest-growing enterprise software companies in our portfolio and the take-up from global enterprises is nothing short of remarkable. The company's ground-up adoption via developers - GitGuardian is Github Marketplace's most popular security app by a significant margin - also demonstrates just how much of a challenge AppSec is in the new world of software development.
Scott Chacon co-founder @GitHub and investor in GitGuardian GitGuardian undoubtedly is the most advanced secrets detection solution out there. With its industry lead in one of the most important code security verticals, GitGuardian is now in pole position to be a future leader in the overall code security market!
*Secret: In the context of software development, secrets generally refer to digital authentication credentials that grant access to systems or data. These are most commonly API keys, usernames and passwords, or security certificates.
Eurazeo is a leading global investment group, with a diversified portfolio of €27.0 billion in Assets Under Management, including €19.2 billion from third parties, invested in over 450 companies. With its considerable private equity, real estate and private debt expertise, Eurazeo accompanies companies of all sizes, supporting their development through the commitment of its 350 professionals, and by offering deep sector expertise, a gateway to global markets, and a responsible and stable foothold for transformational growth. Its solid institutional and family shareholder base, robust financial structure free of structural debt, and flexible investment horizon enable Eurazeo to support its companies over the long term.
To learn more about Eurazeo, visit: https://www.eurazeo.com/
Sapphire is a leading global technology-focused venture capital firm with more than $8.8 billion in AUM and team members across Austin, London, New York, Palo Alto and San Francisco. For more than two decades, Sapphire has partnered with visionary management teams and venture funds to help scale companies of consequence. Since its founding, Sapphire has invested in more than 170 companies globally resulting in more than 30 IPOs and 45 acquisitions. The firm's investment strategies — Sapphire Ventures, Sapphire Partners and Sapphire Sport — are focused on scaling companies and venture funds, elevating them to become category leaders. Sapphire's Portfolio Growth team of experienced operators delivers a strategic blend of value-add services, tools and resources designed to support portfolio company leaders as they scale. To learn more about Sapphire, visit: https://sapphireventures.com.
GitGuardian is a global cybersecurity startup focusing on code security solutions for the DevOps generation. A leader in the market of secrets detection and remediation, its solutions are already used by more than 200K developers in all industries.