CleanStart Announces Strategic Partnership with Sysdig to Deliver Continuous Software Supply Chain Verification from Build to Runtime

Partnership brings together SLSA-aligned build integrity and eBPF-based runtime intelligence to help enterprises build with trust and run with proof

SINGAPORE, Feb. 25, 2026 /PRNewswire/ — CleanStart, a provider of secure-by-design, hardened container images built for regulatory compliance, today announced a strategic partnership with Sysdig, the leader in real-time, AI-powered cloud security, to help enterprises secure their software supply chain through continuous verification from source to production.

Software supply chains have become prime targets for cyberattacks, with adversaries increasingly exploiting open-source dependencies, CI/CD pipelines, and container images to introduce malicious code into trusted environments. At the same time, organizations face growing pressure to prove how software is built, what is allowed to run, and whether workloads remain trustworthy in production.

Through this partnership, CleanStart will deliver verifiable build integrity, while Sysdig will provide runtime visibility across the software lifecycle, including real-time threat detection. Combined, they enable a continuous trust model that links software provenance, deployment integrity, and runtime behavior from code production through cloud detection.

“Build-time trust without runtime validation leaves a critical gap, and runtime visibility without provenance lacks proof,” said Biswajit De, CTO of CleanStart. “Our partnership with Sysdig connects reproducible, cryptographically signed builds with real-time workload context, establishing a continuous verification loop across the software lifecycle.”

CleanStart establishes trust at the source by enforcing isolated, reproducible builds that generate cryptographically signed artifacts, verifiable records, and provenance metadata. Only validated and policy-compliant artifacts are permitted to progress through CI/CD pipelines, providing auditable proof of how software is built and what is allowed to run.

Sysdig extends this trusted foundation into runtime with deep visibility into containers and cloud workloads, correlating live workload behavior with build provenance, detecting drift and anomalous activity, and identifying active threats. Sysdig also continuously validates compliance across major frameworks such as CIS, NIST, ISO, SOC 2, GDPR, and DPDP, generating forensic and audit-ready evidence to support governance and regulatory requirements.

“Modern cloud-native security must extend seamlessly from build through runtime,” said Zaher Hulays, VP of Technology Alliances at Sysdig. “By combining CleanStart’s hardened, verifiable container images with Sysdig’s in-use vulnerability insights and real-time threat detection, organizations gain layered protection across the entire container lifecycle to reduce risk without slowing innovation in this new era of AI attacks.”

The partnership supports high-impact use cases including verified CI/CD image gating with runtime validation, drift detection linked to build provenance, runtime-to-source forensic traceability, automated compliance evidence generation, vulnerability prioritization based on live workload context, and zero trust enforcement for containers based on both origin and behavior.

Together, CleanStart and Sysdig provide enterprises with a unified, partnership-driven approach that transforms vulnerability management from reactive patching into proactive, data-driven security, delivering continuous verification at every stage of the software lifecycle. To learn more, visit www.cleanstart.com

About CleanStart

CleanStart delivers secure-by-design, hardened container images built from source to provide a near-zero vulnerability foundation for modern applications. CleanStart enables organizations to establish trust at the earliest stages of the software lifecycle through reproducible builds, cryptographically verifiable provenance, and policy-driven deployment of compliant artifacts. Founded by cybersecurity leaders with decades of global experience, CleanStart helps enterprises accelerate innovation while meeting the strictest security and compliance requirements. The company operates globally.

Media Contact:
Kyle Porter
Virgo PR
[email protected]
(212) 584-4289

View original content to download multimedia:https://www.prnewswire.com/news-releases/cleanstart-announces-strategic-partnership-with-sysdig-to-deliver-continuous-software-supply-chain-verification-from-build-to-runtime-302697035.html

SOURCE CleanStart