It’s ideal to test the code during the development phase of an application to find any vulnerabilities before the final product is released. Semgrep (formerly r2c), a San Francisco-based startup, has developed a solution like this over the past five years.
The company raised $53 million in Series C funding today. They weren’t looking for the money, and this is a time when VC dollars are hard to find. Isaac Evans, the CEO and founder of the company, said that investors approached them.
The solution of the company combines SaaS with open source. We have two open-source things: this engine that is like Google for code. The engine runs the code, which is then analyzed by you.
They don’t stop here. The rules are also free. You have both the engine as well as the rules, which together deliver an incredible amount of value for many people. This is much more than our competitors. Evans added that we have a SaaS vertically integrated solution on top.
Evans says that when the company was launched in 2017, Evans had a vision for something similar and set about building it. However, they were having difficulty creating something specifically designed for developers. Yoann Padieoleau was a former Facebook Engineer who recommended that they use an open-source product that could do what they wanted.
“He said, ‘hey, the product you’re building reminded me of this thing I built at Facebook’. So, you know, when we hired him, we did not even realize that he built this thing.”
Evans admitted that he didn’t want to hear the idea, but Padioleau showed it to his company a few days later and they realized he had a good thing going. “At the next hackathon he showed us what it could do, and added support for a language like Python because it only supported PHP in the Facebook era. We were smart enough to admit we were wrong,” said Evans.
The company would release an open-source version of the tooling at the end 2020. Today, the open-source tooling has about 2 million users. Last year, revenue-producing products of the company grew by 7.5x. This shows that they have been well received by both the developers and security teams.
The company currently has 90 employees and plans to hire around 50 new ones this year. He said he is thinking about building a more diverse team. It requires a slower and more deliberate hiring approach, but he has been willing to take it.
He said, “I’ve learned that if you’re looking to move quickly, it’s better to use referrals and in-network hirings. This will get you there faster, but you’ll have less diversity on your team.” He prefers to spend the time to search outside the obvious channels for people who may not be as well-connected.
Evans said that he didn’t plan to fund raise until the summer, but he received an offer he could not refuse. We had not planned to fundraise before the summer. We had a lot of runway but were preempted by a very attractive proposal. We knew that the cash we had in the bank allowed us to be aggressive [in terms of balancing product development and more go-to market activities].” he said.
The round today was led by Lightspeed Venture Partners, with previous investors Felicis Ventures Redpoint Ventures Sequoia Capital and Felicis Ventures participating. The company now has a total raised of $93 millions.