Formerly r2c, Semgrep rebrands and realigns for rapid growth in a funding round led by Lightspeed
SAN FRANCISCO, April 18, 2023 — Semgrep, a code security solution designed for engineering-centric security programs, today announced $53M in Series C funding led by Lightspeed Venture Partners. With added participation from previous investors Felicis Ventures, Redpoint Ventures, and Sequoia Capital, this round brings the company’s total funding to $93M to date. Semgrep is designed for engineers – software and security alike – who need to maintain a fast cadence of software development and solve the root causes of security issues. Semgrep uniquely enables developers at all levels and security teams to customize their code scanning (no PhD required), which results in ROI significantly beyond that of traditional code scanning tools.
Companies need both security and velocity in their software development, but legacy tools were designed for older programming languages and development cycles where releases were months apart, rather than hours. With the rise of DevOps, 60% of engineers release code twice as quickly than traditional development processes, however improved speed comes with a cost: Almost half of enterprises knowingly release insecure code.
Semgrep solves these challenges with its engineer-centric approach: surfacing security findings during software development that are relevant to a given engineer. Once findings are presented, engineers can easily remediate, edit noisy rules, and provide feedback to the security team to strengthen security policies, thus making the security process collaborative.
“Our users are looking for complete security solutions rather than point solutions,” said Isaac Evans, Founder and CEO at Semgrep. “This round of funding will enable us to extend our application security platform to cover the entire modern development process, all built on top of the Semgrep engine, so as to profoundly improve software security and reliability for all.”
“From our very first conversation, it was clear that Semgrep is not a traditional enterprise security company,” said Will Kohler, Partner at Lightspeed. “The Semgrep user base is passionate and engaged. Their product is customizable, scalable, and ultimately helpful for modern security teams. It was a no-brainer for us to get involved and we’re enthused to watch them grow their market share and develop additional products for modern security teams.”
Semgrep will use the Series C funds to invest in its product roadmap, expand its sales and growth marketing efforts, and expand internationally.
Rebranding r2c to Semgrep
The company’s funding round is coupled with the change in the company’s name from r2c to Semgrep. Since its launch in 2020, Semgrep has become the tool of choice for modern security teams looking to eliminate entire classes of vulnerabilities. The rise of Semgrep and its broad acceptance within the developer-focused security community has differentiated the company’s product. This rebrand is recognition of Semgrep as the technology layer that is underpinning the company mission now and going forward. This is one small step in the company’s journey to reduce organizational tension between developer productivity and code security.
Rob Picard, Security Lead at Vanta said, “It’s easy enough to write rules for Semgrep that security and other engineering teams often reach for it to solve complex problems. The flexibility is a huge win, and the library of managed rules means we only have to write our own when we have custom problems.”
For additional information on this announcement, please see Isaac Evans’ blog post to learn more.
Semgrep is also hiring in a number of positions. For more information, on positions in the Bay Area and remote work, please see job openings.
About Semgrep
Semgrep is an open-source platform for scanning code for security, reliability, & other issues. Semgrep’s mission is to profoundly improve software security and reliability by bringing world-class security tools to engineers—software and security alike. It’s Semgrep’s conviction that the security process must enable rapid software development, instead of hindering it. Semgrep is funded by Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, and has become an essential safeguard for code at customers like Snowflake, Dropbox, and more.
SOURCE Semgrep