MergeBase is a technology company.
MergeBase has raised $1.0M across 1 funding round.
MergeBase has raised $1.0M in total across 1 funding round.
MergeBase is a cybersecurity company founded in 2018 that builds a comprehensive software supply chain security platform specializing in Software Composition Analysis (SCA), Software Bill of Materials (SBOM) generation, and AI-powered attack surface reduction.[1][2][3] It serves enterprises and development teams by identifying vulnerabilities in proprietary, open-source, and third-party code across the entire software development lifecycle (SDLC)—from coding and building to deployment and runtime—while accelerating remediation through automated component upgrades and dynamic application hardening.[1][2][5][6] The platform solves critical problems like high false positives in traditional SCA tools, compliance burdens (e.g., regulatory SBOM requirements), and expanding attack surfaces by reducing vulnerabilities by 60-70% and eliminating unused/vulnerable components, enabling faster, more secure software delivery.[2][5][6] MergeBase raised $360K before being acquired by Finite State in June 2024, enhancing the acquirer's binary analysis with MergeBase's source code expertise for end-to-end SDLC protection.[1][2]
MergeBase was founded in 2018 in Burnaby, Canada, by Oscar van der Meer (CEO and Co-Founder), an experienced executive with a background in AI, architecture, security, and growing technology in finance.[1][3][4] The leadership team includes Kelly West (CTO, with 20+ years in digital products), Bob Lyle (CRO, 30 years in sales/marketing and partnerships), and Ken Warkentyne (Principal Engineer, PhD in computer science and architect of banking software).[3] The idea emerged to address gaps in software supply chain security, launching as a developer-oriented SCA solution with industry-low false positives and full DevOps coverage, as introduced by van der Meer in a company video emphasizing protection from coding to runtime.[4][5] Early traction built through endorsements from security leaders at organizations like Payments Canada and Meta/RL, culminating in its 2024 acquisition by Finite State—a pivotal moment that integrated its tech into a broader platform for connected-world risk management.[1][2][3]
MergeBase stands out in the crowded SCA market through these key strengths:
MergeBase rides the explosive growth of software supply chain security, fueled by surging vulnerabilities (e.g., Log4j-scale incidents), mandatory SBOM regulations like U.S. Executive Order 14028, and the shift to DevSecOps in connected devices and cloud-native apps.[1][2][6] Its timing aligns perfectly with 2020s market forces: rising cyber threats to open-source ecosystems, AI-driven automation demands, and the need for runtime protections beyond static analysis, where traditional tools falter.[2][5] By pioneering Runtime SCA and deep integration with binary analysis post-acquisition, MergeBase influences the ecosystem by raising standards for proactive risk reduction, empowering enterprises to deploy secure embedded systems and infrastructure while pressuring competitors to match its developer-friendly, low-friction approach.[1][2]
Post-2024 acquisition, MergeBase's technology will likely drive Finite State's expansion into a dominant full-lifecycle security powerhouse, blending source/binary analysis for unmatched visibility and remediation.[1][2] Trends like AI-enhanced threat detection, zero-trust supply chains, and embedded/IoT security boom will shape its trajectory, potentially evolving into broader runtime protection suites amid escalating global regulations.[2][6] As software risks intensify, its influence could redefine secure SDLC norms, turning supply chain vulnerabilities from a liability into a competitive edge for adopting organizations—cementing MergeBase's legacy as a pioneer in reducing attack surfaces at scale.[1][5]
MergeBase has raised $1.0M in total across 1 funding round.
MergeBase's investors include .406 Ventures, Andreessen Horowitz, Aviso Ventures, Lytical Ventures, Sweater Ventures, Vertex Ventures, Grant Miller.
MergeBase has raised $1.0M across 1 funding round. Most recently, it raised $1.0M Seed in February 2022.
| Date | Round | Lead Investors | Other Investors |
|---|---|---|---|
| Feb 1, 2022 | $1.0M Seed | .406 Ventures, Andreessen Horowitz, Aviso Ventures, Lytical Ventures, Sweater Ventures, Vertex Ventures, Grant Miller |