Semgrep, a code & supply chain security search engine, raises Series C

Semgrep, formerly known as r2c, has raised $53 million in a Series C funding round led by Lightspeed Venture Partners, with participation from Felicis, Redpoint, and Sequoia, to further develop its open-source code scanning tool designed for security and software engineers. Unlike traditional black-box scanners, Semgrep offers transparency and flexibility by allowing engineers to view, edit, or create scanning rules, thereby enhancing their ability to identify and eliminate root causes of vulnerabilities. The company has introduced two commercial products—Semgrep Code and Semgrep Supply Chain—which utilize proprietary technology to significantly reduce false positives in vulnerability scanning and provide comprehensive analysis of both first-party and third-party code. Semgrep's innovative approach has garnered positive feedback from users, who appreciate its ease of use and effectiveness in finding bugs that other tools miss, and it is increasingly being adopted as a standard for static analysis by leading security consultancies and platforms like GitLab and Datadog. With a growing library of over 40,000 unique rules across 30+ programming languages, Semgrep is positioned as a creative platform for developers and security engineers to customize their security processes, and it is exploring the integration of large language models to further enhance its capabilities.