SourceClear
SourceClear enables teams to visualize vulnerabilities across all their development projects in real time.
| Date | Investors | Amount | Round |
|---|---|---|---|
| investor investor investor investor | €0.0 | round | |
| investor investor | €0.0 | round | |
| N/A | €0.0 | round | |
N/A | Acquisition | ||
| Total Funding | 000k | ||
SourceClear operated as a software security company with a sharp focus on open-source code, a critical area given that applications are often comprised of 90-95% open-source components. The company was established in 2013 by Mark Curphey, a notable figure in the application security space and the original founder of the Open Web Application Security Project (OWASP). Curphey's extensive background includes roles at Charles Schwab, Foundstone (acquired by McAfee), and Microsoft, where he led security tools teams, providing him with a deep understanding of the friction between developers and traditional security tools. This experience directly shaped SourceClear's mission: to create security tools designed specifically for developers' workflows.
The company developed a Software Composition Analysis (SCA) platform delivered as a cloud service. This platform was designed to integrate seamlessly into a developer's existing toolchain, including repositories like GitHub and continuous integration systems, supporting languages such as Java, JavaScript, Ruby, Python, and Node.js. SourceClear's core function was to scan applications to identify all open-source components and their dependencies, check them for known vulnerabilities, and provide actionable remediation advice. A key feature was its ability to determine if the vulnerable part of a library was actually being used by the application, helping developers prioritize the most critical fixes. The service utilized machine learning and a dedicated research team to identify vulnerabilities beyond what was listed in public databases.
SourceClear's business model targeted a range of customers, from technology and social media companies to finance and defense industries. It provided both free and commercial versions of its tools. The company secured a $1.5 million seed round in June 2014 and a $10 million Series A round in October 2015 from investors including Index Ventures and Storm Ventures. In April 2018, CA Technologies acquired SourceClear to bolster its DevSecOps capabilities and integrated the technology into its Veracode cloud platform. Later that year, Broadcom acquired CA Technologies and subsequently sold the Veracode division, including the integrated SourceClear technology, to private equity firm Thoma Bravo.
Keywords: SourceClear, Software Composition Analysis, SCA, open-source security, DevSecOps, application security, vulnerability scanning, dependency management, Mark Curphey, OWASP, Veracode, CA Technologies, secure coding, developer security tools, third-party code security, library vulnerability, continuous integration security, GitHub security, automated security testing, software supply chain security