Accel Puts $8M Into Semmle To Grow Its Software Dev Analytics Platform

Semmle, a b2b startup with a business analytics platform that aims to optimize other companies’ IT projects by analyzing the quality of code their developers are writing and also by looking at factors such as how much money the business is spending on particular software development projects, has closed a new funding round — raising an $8 million Series A, led by Accel Partners.

Existing Silicon Valley-based angel investors, who invested in Semmle’s 2011 $2 million seed, also participated in the round. The new funding will be spent on expanding sales and marketing to grow its customer base, including establishing a permanent U.S. office. It also plans to spend on product development with a cloud product planned that will open up access to its platform to a wider range of companies.

Semmle is not disclosing customer numbers as yet, but counts the likes of Citi, Credit Suisse, Dell, Murex, Nasa and Trafigura among its users. Collectively its customers have used its platform to manage “tens of thousands” of developers, and parse “billions” of lines of code at this point.

Co-founder Oege de Moor said the focus for Semmle over the next 12 months will be on growing its customer base, and more generally on developing as a business itself from being a pure-play engineering entity to something more well-rounded — and therefore more reflective of the product it has created.

“We are almost entirely an engineering company right now. What I was looking for when I was trying to raise money was more than the money — advice on how to grow the business side,” de Moor told TechCrunch. “And so Accel was the obvious choice, because they have experience both in developer tools — they are the primary backers of Atlassian — but also in business intelligence. They were the backers of QlikTech. Really our company is between these two categories.

“On the one hand it’s very technical… with code analysis and all that. But it’s also business intelligence, trying to give the whole organization, including C-level executives insight in what’s going on in the engineering process.”

de Moor added that Semmle will also be spending money on strengthening its engineering team so it can integrate more data sources into the product.

Semmle’s technology analyzes version changes made to software to determine how good the code is, and to flag up bad code which may be causing problems.

“What we do is we look for patterns of bad or sub-optimal coding. For each language the set of patterns is different. We’ve got a knowledge repository which we store the source code and we look for particular common mistakes that people make in the different languages,” he said.

“We worked with customers like Nasa. Where they contacted us with a particularly bad problem that they found, and said it would be great if your analysis spots this whenever it happens in future. So then we created a new analysis to do precisely that. We work like that with many of our customers.”

“Out of the box we come with hundreds of particular issues that we look for but it’s very much an interactive process with our clients to continuously improve and refine those criteria,” he added.

Common coding problems the system can identify include violations of JavaBeans that are marked as stateless, and security issues such as potential cross-site scripting attacks in web applications.

Beyond specific code analysis, the product also pulls in other signals so it can provide a more holistic analysis of the business effectiveness when it comes to software development – looking at areas such as budgets, location of the team, and any IT tickets received.

“Our product looks at the version repository and it analyzes each change in turn, so you get very fine-grained information — not only about the quality of the code as it stands today, it’s also about how it came to be that way,” said de Moor.

“Because you analyzed every contribution separately you actually know who made the changes. You can slice the data by individual, or by team, or by location, or indeed by the company that that contributor works for. For many of our clients have tens of thousands of in-house software developers, but even more software developers contribute to their systems from outsourcing providers from different parts of the world — and in that situation it’s particularly important to understand who is delivering value for money.”

He added that Semmle’s approach sets the company out from others in the pure-play code analysis space, such as Coverity and Cast. “I think we are unique in taking this holistic approach… They are purely looking at the source code, they don’t look at the other data — [e.g.] when you slice by outsourcing provider, or you slice by location, or you correlate budget data, that sort of thing.”

Asked which business roles the product disrupts, he added: “We help people at every level of the organization. Typically our buyer would be a C-level executive who wants to have the high level overview but a program manager gets extremely detailed information to optimize the work of his team, individual developers get concrete advice on their desktop about what to fix, and also interestingly what they typically do wrong. It turns out that every software developer has a characteristic coding style.

“Simply by looking at the bad patterns that we identify you can guess who wrote the code.”