Semgrep, the code scanning platform designed to improve application security, has successfully raised a Series D funding round to further its mission of transforming how software vulnerabilities are detected and mitigated. The round was led by Menlo Ventures, with participation from existing investors including Felicis Ventures, Harpoon Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital. This significant infusion of capital will enable Semgrep to expand its capabilities and continue to innovate in the field of software security.

Advancing the Vision for Autonomous Security

Semgrep’s core mission is to make software exploitation expensive and prevent security teams from being overwhelmed by the constant growth of software vulnerabilities. The company envisions a future where its platform functions like an AppSec engineer, eliminating noise, automating fixes, and enabling better communication with developers. The Series D funding will accelerate the development of these autonomous features, pushing Semgrep closer to its goal of scaling security decision-making with transparency and precision.

Addressing the Security Team Challenge

As software continues to dominate the tech landscape and artificial intelligence accelerates its growth, the demands on security teams are becoming increasingly difficult to manage. Many security teams are struggling with an overwhelming ratio of developers to security professionals, with developers often outnumbering security engineers by a wide margin. Semgrep recognizes this challenge and is dedicated to providing a solution by creating a platform that does more than just identify vulnerabilities – it helps eliminate entire classes of issues through advanced automation, freeing security professionals to focus on high-priority work.

Semgrep’s Approach to Extensibility and Open-Source Tools

Semgrep’s journey began with a commitment to building a platform that offered both extensibility and transparency, moving away from vendor-specific black-box solutions. The platform has evolved significantly, releasing thousands of rules and enabling users to contribute to its development. The company’s open-core model ensures that smaller security teams and individual engineers have access to powerful scanning capabilities through Semgrep’s Community Edition, while larger teams benefit from the full suite of features within the Semgrep AppSec Platform.

Integrating AI to Enhance Security Capabilities

The introduction of Semgrep 2.0 marks a significant advancement in the platform’s capabilities, blending traditional static analysis with the power of large language models (LLMs). This new hybrid engine maintains the rule-based determinism of Semgrep 1.0 while incorporating the persuasive, context-aware communication of LLMs. While LLMs can be non-deterministic and prone to errors, they excel at explaining complex security issues, making them valuable for security applications when used in combination with traditional techniques.

The Path Forward for Semgrep

Since its inception, Semgrep has focused on creating a tool that empowers developers and security teams to collaborate more effectively and shift security practices left, integrating security earlier into the software development lifecycle. The company’s next goal is to simplify the process of using Semgrep, making it more accessible to teams overwhelmed by the complexity of securing modern software. While the Community Edition will remain a cornerstone of Semgrep’s offerings, the company plans to enhance the platform for enterprise users, streamlining the process to deliver real, actionable security value quickly.

New Additions to the Team

To help drive this vision forward, Semgrep has made two key additions to its leadership team. Garrett Souza, with experience at Matillion and Snyk, will join as VP of Sales Worldwide, bringing a wealth of knowledge to support the company’s growth. Mark McLaughlin, former CEO of Palo Alto Networks, will join as a board observer and angel investor, offering valuable insight into scaling and securing a company at Semgrep’s stage.

Semgrep’s successful Series D funding round marks an important milestone in the company’s journey to revolutionize application security. With the continued support of top investors and the addition of key leadership, Semgrep is well-positioned to accelerate its development of autonomous security tools that empower teams to stay ahead of emerging threats. As the need for scalable, efficient security solutions grows, Semgrep’s vision of shifting left and automating security at scale will play a crucial role in reshaping the industry.