Belfast-based Cloudsmith, a cloud-native artifact management platform for software supply chain security, has raised a €21.9 million Series B funding round.
The round was led by TCV, with participation from Insight Partners. Existing investors MMC, Frontline, Techstart, Sorenson, Tapestry, and Shasta continued their support, increasing their investments in Cloudsmith as part of this funding round.
“Cloudsmith was founded to redefine artifact management, and with this investment, we’re accelerating towards our mission at full scale,” said Lee Skillen, Cloudsmith’s CTO and Co-founder. “Alan [Carson] and I remain deeply committed to making Cloudsmith the definitive global leader in software supply chain security.”
Founded in 2016, Cloudsmith is a cloud-native, enterprise-ready artifact management platform for securely developing and distributing software. Cloudsmith is used by enterprises that need control, security, and scalability in their software supply chain.
Cloudsmith reportedly grew nearly 150% last year, significantly expanding its enterprise customer base by adding Fortune 500 and Global 2000 companies switching to modern artifact management.
Cloudsmith serves a worldwide customer base, with 75% of revenue from U.S.-based customers.
New capital from this oversubscribed funding round will go towards expanding sales, marketing, and customer success teams, innovation in software supply chain security product features, and investing in AI R&D.
Enterprises are racing to secure and control their software supply chain as software threats and compliance pressures mount. Over 90% of a typical enterprise software application is sourced from open-source and third-party code, making binary artifact security as critical as source code scanning.
According to Cloudsmith, developers, Platform Engineering teams, and DevOps teams need to be able to rely on a centralised artifact management platform that can scale across a global enterprise. Cloudsmith’s cloud-native platform has proven to be an efficient scalable solution for providing a standardised, compliance-driven approach to artifact management across hundreds of developer teams using disparate formats, programming languages, and technologies.
“The way software is built is fundamentally changing, making artifact management mission-critical for developers, cybersecurity professionals, and platform engineers alike,” said Glenn Weinstein, Cloudsmith’s CEO. “Enterprises need real-time observability, security, and control over their software supply chain. This new investment will help us to keep scaling up to meet the needs of the world’s largest and most complex organisations.”
According to Gartner, 44% of organisations plan to significantly increase spending on supply chain cybersecurity, highlighting a demand for stronger artifact security. Enterprises face mounting pressure to comply with regulations like the U.S. Executive Order on Cybersecurity and the EU’s Digital Operational Resilience Act (DORA).
These mandates highlight the need for greater visibility, control, and security across the software development lifecycle. In this context, Cloudsmith’s fully managed, globally distributed architecture helps engineering teams proactively mitigate risk without slowing down.
“We believe in Cloudsmith’s vision to become the backbone of modern software supply chains,” said Morgan Gerlak, Partner at TCV. “Cloudsmith is showing why artifact management is a crucial component of the DevOps toolkit, enabling enterprises to better control, secure, and distribute software. We’re excited to support the company in its next phase of growth.”