DevSecOps Startups funded by Y Combinator (YC) 2026

GitLab is the first single application for the entire DevOps lifecycle. Only GitLab enables Concurrent DevOps, unlocking organizations from the constraints of today’s toolchain. GitLab provides unmatched visibility, radical new levels of efficiency and comprehensive governance to significantly compress the time between planning a change and monitoring its effect. This makes the software lifecycle 200% faster, radically improving the speed of business. GitLab and Concurrent DevOps collapses cycle times by driving higher efficiency across all stages of the software development lifecycle. For the first time, Product, Development, QA, Security, and Operations teams can work concurrently in a single application. There’s no need to integrate and synchronize tools, or waste time waiting for handoffs. Everyone contributes to a single conversation, instead of managing multiple threads across disparate tools. And only GitLab gives teams complete visibility across the lifecycle with a single, trusted source of data to simplify troubleshooting and drive accountability. All activity is governed by consistent controls, making security and compliance first-class citizens instead of an afterthought. Built on Open Source, GitLab leverages the community contributions of thousands of developers and millions of users to continuously deliver new DevOps innovations. More than 100,000 organizations from startups to global enterprise organizations, including Ticketmaster, Jaguar Land Rover, NASDAQ, Dish Network and Comcast trust GitLab to deliver great software at new speeds.

Sourcebot is an open source code understanding platform for massive codebases. We’re used by thousands of engineers in some of the largest companies in the world, including NVIDIA, Red Hat, Wikimedia, and Arista Networks. Understanding code, not writing it, is the primary bottleneck for large engineering teams. For developers, this means onboarding onto complex codebases faster. For AI agents, it means getting the necessary code context to minimize hallucinations and maximize cohesion within the wider codebase. Sourcebot solves this by giving developers and AI agents the ability to regex search across millions of lines of code instantly, as well as ask questions across thousands of repos using any flagship reasoning model. Being open source and on-prem, we can get deployed in enterprises within minutes before other tools even get approval. We met a decade ago at McGill University and have been building together full time for over 2 years. We’ve personally felt the pain of understanding large codebases while working at Microsoft, EA, Ubisoft, Google, and Meta.

Alter is a zero-trust identity and access control platform purpose-built for AI agents. It wraps every tool call in strong authentication, fine-grained authorization, and real-time guardrails, so agents can move fast without breaking things. Each request is verified at the parameter level, authorized against granular policies, executed with least-privilege access, and fully audited in real time. Unsafe actions, whether it’s a rogue DROP TABLE or a payment above policy limits, are blocked before they touch production. Behind the scenes, Alter manages credentials, issuing ephemeral, scope-narrowed access for every interaction, then rotating or expiring it in seconds. The result: no long-lived secrets, no blind spots, and no surprises in audit. With Alter, teams can move fast on AI agent initiatives while staying fully compliant with SOC 2, HIPAA, GDPR, and internal security standards. A CISO-ready dashboard delivers real-time visibility, detailed audit logs, and compliance-ready controls, removing silos, eliminating excessive permissions, and providing complete oversight of every agent workflow.

Mattermost provides secure collaboration for technical and operational teams that work in environments with complex nation-state level security and trust requirements. We serve technology, public sector, national defense and financial services industries with customers ranging from tech giants, to the world’s largest banks, to the U.S. Department of Defense and governmental agencies around the world. Our self-hosted and cloud offerings provide team messaging, file sharing, integrations, audio and screen share, workflow automation and project management on an open source platform deployed by the world’s most secure and mission critical organizations. We co-build the future of collaboration with over 4,000 open source project contributors who’ve provided over 30,000 code improvements towards our shared product vision, which is translated into 20 languages.

Metalware develops advanced firmware security solutions for critical infrastructure, protecting industries like aerospace, defense, automotive, telecom, and healthcare from cyber threats. Our product is an automated, intelligent binary fuzzer that enables organizations to efficiently discover and remediate security weaknesses in hardware products before deployment.

AI coding tools made your team ship faster. But standards are slipping through review. Continue runs source-controlled AI checks on every pull request, enforcing your team's conventions, security patterns, and architecture boundaries as native GitHub status checks. Each check is a markdown file in your repo, running as a full AI agent. It only enforces what you asked for and never misses it. Consistency over breadth. Standards as checks, enforced by AI, decided by humans. With hundreds of thousands of users, Continue is loved by developers worldwide at organizations ranging from small startups to Fortune 500 companies. Continue has raised $5.1M from Heavybit, Y Combinator, and angel investors. The company was founded in 2023 and is based in San Francisco. We believe the time is now to create a future where developers are amplified, not automated.

Matano is a modern SIEM, built for cloud-first security teams. It replaces traditional SIEM databases like Splunk or Elastic with a cybersecurity platform built on top of a cost-effective Security Data Lake.

Pluralith automates compliance by documenting cloud infrastructure directly from the codebase. Companies like Jefferson Health pay us to automate their infrastructure compliance and save 5h a week per infrastructure engineer. More simply put: We generate infrastructure diagrams directly from Terraform state.

Dagger is a programmable CI/CD engine that runs your pipelines in containers. Develop your pipelines as code, in the same programming language as your application. Choose your SDK and start coding! Dagger executes your pipelines entirely as standard OCI containers. This has several benefits: - Instant local testing - Portability: the same pipeline can run on your local machine, a CI runner, a dedicated server, or any container hosting service. - Superior caching: every operation is cached by default, and caching works the same everywhere - Compatibility with the Docker ecosystem: if it runs in a container, you can add it to your pipeline. - Cross-language instrumentation: teams can use each other's tools without learning each other's language.

Firezone connects your workforce to the computing resources they need, wherever they are, securely. Unlike traditional VPNs, Firezone uses a least-privileged approach to access control known as Zero Trust Access. Connect your identity provider and define granular policies in minutes, then rejoice in the IT support requests you won't receive due to our lightweight, WireGuard-powered clients which work great on all platforms.

Massdriver helps engineering and operations teams build secure, production-ready internal developer platforms in minutes. With over 50+ infrastructure components engineering teams can build golden paths quickly on Kubernetes, serverless, or VMs. Get the flexibility product engineers need, with the auditing and security operations teams’ demand. We handle all the boring parts of cloud operations like IAM, secrets, continuous deployment, alerting, and monitoring so your team can focus on the product. Massdriver supports anti-lockin, by running in your cloud, and open-sourcing all of our infrastructure components.

Netmaker is an open source virtual networking platform based on WireGuard. With Netmaker, you can bridge, clouds, the edge, IoT devices, and Kubernetes clusters. Netmaker provides the fastest possible virtual networks, with an average speed 10x faster than standard alternatives. Think of Netmaker like your VPC for distributed systems.

We help DevOps teams to improve the security of their Cloud infrastructure. Our solution value increases for companies using multi-cloud (like GCP, Azure, AWS) or have multi-accounts (like Dev, Test, Prod)

hoop.dev prevents developers from blocking on Devops tasks. We do this by enabling any engineer do Devops work under the supervision of the Devops team. You can think of us as code review for Devops tasks.

Infracost shifts cloud costs left and makes FinOps proactive. It sits in the engineering workflow (CI/CD), and shows the cost impact of code changes (IaC) before the code is shipped to production. This catches costly mistakes before any money has been spent. It also checks to make sure all resources are tagged with your set tagging policy, and runs checks on the code against our FinOps policy packs, ensuring best practices are followed (e.g. using Graviton processors and storage lifecycle rules). This creates a cost-aware engineering culture.

Speedscale helps engineers validate their code with real, sanitized traffic. We simulate realistic production conditions in Kubernetes so you no longer need to manually script or use large and complex environments. Catch performance defects before they reach production and reduce weeks-long test cycles down to a few days.

Your central source of truth from local development to production for every language, stack, and infrastructure. Doppler simplifies secrets management so you can automate security, eliminate config drift, and deliver reliable software fast.

Infield helps software teams keep their open source dependencies up to date. We’re automating away the toilsome work of reading changelogs, assessing risk, and upgrading packages so that software teams can focus on shipping features. We’re a small team of repeat founders passionate about making open source easier to use.

Termius is an SSH client that works on desktop and mobile. It syncs and shares data via a secure vault in the cloud, like a password manager. With Termius, engineering and DevOps teams can share the list of servers that can be organized in groups and tagged for faster search. Termius also has built-in Terminal and Snippet Sharing. Terminal Sharing enables getting instant help from colleagues via providing a unique link instantly, and snippets are frequently-used shell commands that allow teammates to learn from each other easily.

Bitrise helps you automate your daily app development tasks from building through testing to deployment. With Bitrise you can configure these tasks with a unique, visual workflow editor, with dozens of service integrations ready to roll. We call these steps, and they are all open source! If the step you need is not in our collection you can create your own and share it with others. Project Managers can get a clear picture of the development and testing of apps, testers get regular notifications about available, testable builds, and clients are able to collaborate with the rest of the team. Bitrise is free to get started and takes just 50 seconds to setup your first project.

Teleport unifies identities — humans, machines, and AI — with strong identity implementation to speed up engineering, improve resiliency against identity-based attacks, and secure AI in production infrastructure.

Mezmo, formerly LogDNA, is an observability platform to manage and take action on your data. It ingests, processes, and routes log data to fuel enterprise-level application development and delivery, security, and compliance use cases. Mezmo was brought to life by three-time co-founders Chris Nguyen and Lee Liu and included in the Winter 2015 batch of Y Combinator. In 2018 the company partnered with tech giant, IBM, to become the sole logging provider for IBM Cloud. Mezmo is on a mission to empower people who build solutions that shape the world. We’re doing this by delivering a platform that enables enterprises to get more value from their observability data in real time, regardless of source, destination, use case, or scale. We’re not the only ones working on this problem but we have a few things the others don’t. We’re cloud-native and know how to make the most of modern technology like Kubernetes. We have scaled a solution from zero to petabyte scale in a short amount of time, while supporting thousands of active users across multiple environments. We are hungry for change and are surrounded by enterprises telling us they’re hungry, too. We have a kick-ass group of people who are thinking about the problem analytically and are excited to change the observability world for the better. Mezmo has helped some of the world’s most innovative companies transform how they manage their systems and applications. Still, we know that we can help them get more value from their observability data by providing more flexibility and control over how they use it. This will enable teams to spend less time switching between data silos so they can focus on shipping better, more resilient, and secure products. We have momentum on our side. Last year we saw triple digit revenue growth and added 800 new customers to our roster. Recent accolades include being named to YC’s Top Companies, CRN’s 10 Hottest DevOps Startups, and EMA’s Top 3 Observability Platforms.

Leverage cutting-edge AI to detect exposed credentials in real time and protect your organization from high-impact data breaches.

EdgeBit was acquired by FOSSA in July 2025: https://fossa.com/blog/fossa-acquires-edgebit/ EdgeBit enables engineering teams to ship security updates 10x faster with confidence by automating dependency update analysis. Our platform turns weeks of manual review into minutes, helping teams find and fix security vulnerabilities while maintaining a secure, up-to-date software supply chain without compromising productivity.

Fig is re-imagining the terminal. We make it more accessible to beginners and more productive for advanced engineers Our first product is autocomplete, but we plan to expand into a full App Store ecosystem for the Terminal. We can do a bunch of cool stuff, check out our website. And if you're interested, we are hiring 😀

Nestybox creates software that enables Linux containers to act like virtual machines. This increases the use cases for containers and gives enterprises a less expensive and more flexible alternative to virtual machines in many scenarios. Our first product is a "container runtime", the software that creates the containers. It's called "Sysbox" and integrates with the popular Docker and Kubernetes engines, enabling these tools to deploy containers that act like virtual machines. This technology provides software engineers with an alternative to VMs, one that easier to use, much more efficiency, and easily migrated across clouds. Hacker News Launch: https://news.ycombinator.com/item?id=24084758

Sqreen is the application security platform for the modern enterprise. More than 800 organizations trust Sqreen to protect, observe and test their applications, APIs and microservices. As opposed to pattern-based approaches, Sqreen analyses in-app execution in real time to deliver more robust security without compromising performance.

Your software is your competitive advantage, and your customer experience is everything. Armory Continuous Deployment solutions empower you and your teams to confidently deploy every application, every time; safely and securely, so you can accelerate your time-to-market, increase stability, and decrease customer-impacting issues.

Foxpass increases your organization's server and network security by ensuring employee accounts have access only to what they need. Our cloud-hosted LDAP and RADIUS systems help you bring best-practices to your infrastructure. And they're backed by your existing Google Apps accounts.

At Aptible, we envision a world where developers achieve more with less infrastructure. We’re building the platform that empowers developers at companies of all stages of development to move beyond the traditional method of managing infrastructure—DIY with expert infrastructure and platform engineers on AWS, GCP, or Azure. We’ve done this through our secure, compliant, reliable, and scalable Platform as a Service that’s been used by thousand of developers, hundreds of companies, and dozens of publicly traded and unicorn companies since 2013.

CryptoSeal provides Virtual Private Networks (VPNs) as a service.