CASE STUDY
ÉTUDE DE CAS

Dagger gets compliant in half the time with Vanta and BARR Advisory

COMPANY
ENTREPRISE
Dagger
EMPLOYEES
EMPLOYÉS
<25
LOCATION
EMPLACEMENT
SF Bay Area, California
SOLUTION
SOLUTION
INDUSTRY
INDUSTRIE
DevOps Software
VANTA CUSTOMER SINCE
ANNÉES AVEC VANTA
2023
Time savings and increased efficiency

Partnering with Vanta and BARR Advisory, a Vanta MSP Partner, enables Dagger to achieve compliance in half the time.

Always audit-ready

Powered by Vanta’s continuous monitoring, Dagger stays audit-ready with minimal effort.

Accelerated growth driven by trust

Dagger's enhanced ability to demonstrate trust externally has been a key driver of their significant growth.

“There is a tremendous amount of trust that people are putting into Dagger, and because of this, trust goes to the heart of everything we do."

Sam Alba
Dagger Co-Founder
The company

Taking control of the software factory 

Dagger (YC '19), headquartered in the San Francisco Bay Area with a globally distributed team, is an open-source DevOps tooling company focused on dramatically improving CI (Continuous Integration). 

Dagger was founded in 2018 by Docker co-founder Solomon Hykes, along with early Docker employees Andrea Luzzardi and Sam Alba, to transform how software is built and tested by making Continuous Integration (CI) programmable. Traditional CI pipelines are often a major pain point for companies, relying on messy, hard-to-debug YAML configurations and inconsistent shell scripts that don’t work well across different CI providers or environments. As a result, developers are left to "push and pray" — waiting for pipelines running on remote servers to return a green light, instead of getting immediate feedback from their code.

Dagger changes this by containerizing application delivery pipelines. With "Daggerized" pipelines, developers can run the same pipeline locally as they would on any CI provider, ensuring faster feedback and reducing last-minute surprises. This unified approach empowers developers and DevOps teams to fully control their software development process, enabling them to think more strategically about the entire Software Development Life Cycle (SDLC). By streamlining and accelerating the SDLC, Dagger helps teams achieve their goals more efficiently with fewer iteration cycles.

Positioned at the center of the software supply chain, Dagger sits at a company’s core, serving as the integration point across its ecosystem, making  trust and security critical to its adoption. 

As Dagger expanded its customer base up-market, co-founder Sam Alba received more inquiries about the company's security posture. Recognizing the critical role of security in Dagger's growth, Sam made SOC 2 compliance a top priority in their strategy to scale.

The challenge

Scaling commercial offerings demands stronger security

As Dagger's technology gained traction with upmarket prospects, it became evident to Sam that strengthening the company’s security posture was essential to sustaining rapid growth. Given Dagger's role in handling one of the most sensitive aspects of any business—its code— security has been a priority from the beginning. “There is a tremendous amount of trust that people are putting into Dagger, and because of this, trust goes to the heart of everything we do,” says Sam. 

Despite the team’s strong security mindset, Sam recognized the challenges of leading a fast-growing startup. “Even if you have the best team that's very security-minded, [without support] it's very easy to break compliance,” says Sam. In recognizing this risk, Sam sought out solutions that would not only enhance Dagger’s security foundation, but also more proactively demonstrate their commitment to trust.

As Sam evaluated potential solutions to help Dagger secure a SOC 2 attestation, he drew on his experience managing Docker’s security program, which he recalls as being highly manual. The labor-intensive and frustrating process at Docker left Sam skeptical about available alternatives. “In the early days of Dagger, we thought we’d be stuck for a long time with many of the manual controls we needed to implement and then maintain, and that this would actually slow us down without actually making Dagger more secure.”

The solution

Streamlining compliance with the leading trust management platform and top MSP 

As Sam searched for security and compliance partners, he turned to the YCombinator community for recommendations. Vanta quickly emerged as a top choice, with many founders citing it as their go-to solution. To dig deeper, Sam reached out to fellow YCombinator alumnus and Vanta customer, Airbyte (YC '20), to hear firsthand about their experience. Through these discussions, Sam was also introduced to BARR Advisory, a Vanta MSP (Managed Service Provider) partner known for helping companies achieve compliance and implement robust cybersecurity programs.

In conversations with Mitch Evans, Director at BARR, and Larry Kinkaid, Manager of Cybersecurity Consulting, Sam discovered BARR's deep expertise in leveraging Vanta to create long-term security strategies. BARR’s approach focuses on partnering with security-minded clients committed to making security a core priority, not just checking the compliance box. “At BARR, we help our clients navigate their audit successfully, and we arm them with the ability to close more deals faster by reducing friction in the sales cycle. We do this by setting up trust centers and questionnaire automation, and helping our clients integrate their security compliance processes into the sales workflows. Vanta is the foundation for these efforts, helping our clients build real security programs,” says Larry. He emphasizes how Vanta enables him to shift from a “reactive to proactive” mindset, providing increased visibility and control in managing his clients' security programs.

Recognizing that BARR’s philosophy aligned with Dagger’s security needs, Sam saw the value in partnering with BARR’s service delivery team, powered by Vanta’s platform, to accelerate Dagger’s security journey. “BARR has brought deep security program expertise and helped us strategize, especially regarding what auditors will look for. I’m sure our engagement with BARR eliminated a bunch of unnecessary back and forths with our auditor,” says Sam. BARR’s deep knowledge of Vanta’s platform proved instrumental in helping Dagger achieve SOC 2 compliance and a live trust center within months. 

Reflecting on the process, Sam emphasizes Vanta's platform as a key factor in streamlining Dagger's compliance efforts and significantly reducing manual workload. Sam also notes that Vanta's continuous monitoring approach has delivered outsized value, enabling the team to operate efficiently and remain audit-ready with minimal ongoing effort. “With continuous monitoring, there’s no additional work when preparing for an audit. We could do an audit every 3 months and it wouldn’t make a difference [for our internal team]. Our trust center is a guarantee to our users and customers that we’re trustworthy. That’s a clear value add,” says Sam. Without continuous monitoring, audits would feel far more challenging, “[Without Vanta], the next time you go into an audit you realize that 40% of the previous work is outdated. You have to catch up, which adds a lot more work. With Vanta, we’re always audit-ready,” Sam adds. 

The impact

Turning trust into a growth accelerator 

Since partnering with Vanta and BARR Advisory, the Dagger team estimates they’ve achieved their security and compliance goals 50% faster than before. Beyond improved efficiency, Dagger’s VP of Marketing, Neela Jacques, credits their enhanced security posture with helping drive the company's accelerated growth, “We've really seen a hockey stick growth curve, and that growth coincides with our adoption of Vanta. I definitely believe that our ability to demonstrate trust to our users has been a critical part of that growth.”

By partnering with Vanta, the leading trust management platform, and top MSP BARR Advisory, Dagger has established a strong, scalable security culture that will support their continued growth. Looking ahead, the Dagger team is eager to pursue additional certifications and further strengthen trust with their users and customers, while expanding their market presence. In particular, Neela also sees the opportunity to broaden the conversation about trust and security in the pipeline management space and views Vanta as an enabler to help elevate the conversation, “Security and trust are at the core of our business. We're thrilled to have Vanta as a partner, helping us stay focused and achieve our security goals.”

Sam Alba
Dagger Co-Founder
Sam Alba
Dagger Co-Founder