CleanStart announced a strategic partnership with Sysdig aimed at providing continuous verification across the software supply chain, from development through runtime.
The companies said the collaboration is designed to address growing security risks in software supply chains, where attackers increasingly target open-source dependencies, CI/CD pipelines and container images to introduce malicious code. Organizations are also under pressure to document how software is built and ensure workloads remain compliant in production environments.
Under the partnership, CleanStart will focus on build-stage integrity by enforcing isolated, reproducible builds that generate cryptographically signed artifacts and provenance metadata. According to the company, only validated and policy-compliant artifacts will be allowed to move through CI/CD pipelines, creating auditable records of how software is produced.
Sysdig will provide runtime visibility into containers and cloud workloads, including real-time threat detection. The company said its platform correlates workload behavior with build provenance data to identify drift, anomalous activity and potential threats. Sysdig also supports ongoing compliance validation across frameworks including CIS, NIST, ISO, SOC 2, GDPR and DPDP, generating audit-ready records.
Executives from both companies said the partnership connects build-time verification with runtime monitoring to create a continuous trust model across the container lifecycle.
The companies said the joint offering will support use cases such as CI/CD image gating with runtime validation, forensic traceability from runtime to source, automated compliance evidence generation and container enforcement policies based on origin and behavior.
