Company Research Report: Semgrep, Inc.

Company Overview

• Name: Semgrep, Inc.

• Mission: To profoundly improve software security and reliability by empowering all engineers to use code analysis.

• Founded: 2017

• Founders: Drew Dennison, Isaac Evans, and Luke O'Malley

• Key People:

• Brendan Go (Engineer)

• Oliver Kopitz (Product Sales Advisor)

• Annika Peterson (Senior Software Engineering Manager)

• Daghan Atlas (Chief Revenue Officer)

• Headquarters: San Francisco, CA, USA

• Number of Employees: No information is available

• Revenue: No information is available

• Known For: Semgrep is known for its advanced static application security testing (SAST) and software supply chain security tools, which are trusted by leading engineering teams for their reliability and accuracy in detecting software vulnerabilities.

Products

Semgrep Code

• Description: A static application security testing (SAST) solution that encourages developers to actually fix the majority of the issues they see.

• Key Features:

• Supports scanning in over 30 languages.

• Provides high-confidence rules to assist in easy remediation.

• Offers fast scan times, with most scans completed in under 5 minutes.

• Includes capabilities for auto-triage and automated fixes using Semgrep Assistant.

Semgrep Supply Chain

• Description: A tool that helps find and remediate the small percentage of dependency vulnerabilities that are actually reachable in code.

• Key Features:

• Includes dataflow reachability analysis to filter noise and prioritize actionable alerts.

• Allows auditing of license compliance and manages dependencies.

• Supports integration with major SCMs like GitHub, GitLab, and CI/CD tools.

Semgrep AppSec Platform

• Description: A comprehensive platform to automate, manage, and enforce code standards across the organization covering code, supply chain security, and secret management.

• Key Features:

• Automates code scans and integrates with developer workflows.

• Diff-aware scans to focus on current changes.

• Provides triage, reporting, and remediation guidance tailored for AppSec programs.

Semgrep Secrets

• Description: Detects and remediates hardcoded secrets, API keys, and sensitive data with precision.

• Key Features:

• Uses semantic analysis and entropy analysis for high-precision detection.

• Validates credentials by checking if tokens are active.

Recent Developments

• New Products Launched:

• Semgrep Secrets (2023): A new product added for identifying and managing secrets within the code.

• Updated Features:

• Dependency Graph: Launched in December 2024, this new feature for the Supply Chain module provides a visualization of dependencies to help identify vulnerabilities more efficiently.

• Support for Scala and Swift: In December 2024, reachability analysis was expanded to these languages, improving signal relevance for these ecosystems.

• Platform Updates: As of October 2024, introduced team-based reporting metrics and new triage workflows within the Semgrep platform to enhance reporting and finding categorization.

• Partnerships:

• Expanded reachability analysis to additional languages, supported by strong community and customer collaboration efforts.

• Financial Developments:

• Raised $53M in Series C funding in 2023, led by Lightspeed Venture Partners, enhancing the company's ability to innovate and expand further.

This report highlights Semgrep’s focused mission in software security, its impressive product lineup designed to integrate seamlessly into developer workflows, and its recent strategic advancements in product capabilities and reach, underscoring its commitment to improving code security practices industry-wide.