Semmle, startup that makes code searchable, hauls in $21M Series B

Semmle, a startup that originally spun out of research at Oxford, announced a $21 million Series B investment today led by Accel Partners. It marked the second time Accel has led an investment in the company.

Work-Bench also participated in the round. Today’s investment brings the total to $31 million.

Semmle has warranted this kind of interest by taking a unique approach to finding vulnerabilities in code. “The key idea behind our technology is to treat code as data and treat analysis problems as simple queries against a database. What this allows you to do is very easily encode domain expertise, security expertise or any other kinds of specialist knowledge in such a way it can be easily and automatically applied to large amounts of code,” Pavel Avgustinov, Semmle co-founder and VP of platform engineering told TechCrunch.

Screenshot: Semmle

Once you create the right query, you can continuously run it against your code to prevent the same mistakes from entering the code base on subsequent builds. The key here is building the queries and the company has a couple of ways to deal with that.

They can work with customers to help them create queries, although in the long run that is not a sustainable way of working. Instead, they share queries, and encourage customers to share them with the community.

“What we find is that the great tech companies we work with have the best security teams in the world, and they are giving back what they created on the Semmle platform with other users in an open source fashion. There is a GitHub repository where we publish queries, but Microsoft and Google are doing the same thing,” Oege de Moor, company CEO and co-founder explained.

In fact, the Semmle solution is freely available to open source programmers to use with their applications, and the company currently analyzes every commit of almost 80,000 open source projects. Open source developers can run shared queries against their code or create their own.

They also have a paid version with customers like Microsoft, Google, Credit Suisse, NASA and Nasdaq. They have relied mostly on these strategic partners up until now. With today’s investment they plan to build out their sales and marketing departments to expand their customer base into a wider enterprise market.

The company spun out of research at Oxford University in 2006. They are now based in San Francisco with 60 employees, a number that should go up with this investment. They received an $8 million Series A in 2014 and $2 million seed round in 2011.