Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Code Analysis Firm Semmle Launches With $21 Million in Funding

Semmle, a company whose software engineering analytics platform is already used by several major companies, on Tuesday announced its global launch, along with a $21 million Series B funding round.

Semmle, a company whose software engineering analytics platform is already used by several major companies, on Tuesday announced its global launch, along with a $21 million Series B funding round.

This funding round, led by Accel Partners with participation from Work-Bench, brings the total raised by the company to date to $31 million. The newly acquired funds will be used to accelerate Semmle’s go-to-market efforts serving large tech and financial services companies worldwide.

Semmle offers two products designed to help organizations find coding errors that can introduce critical vulnerabilities. One of the products, QL, is a software analytics engine that treats code as data so that it can be quickly and accurately analyzed by developers and security response teams.Semmle launches globally

“The same kinds of logical coding mistakes are made over and over again, sometimes repeatedly within a single project, and sometimes across the whole software ecosystem. These mistakes are the source of many of today’s critical software vulnerabilities,” Semmle explained on its website. “Using QL, you can codify such mistakes as queries, find logical variants of the same mistake elsewhere in the code, and prevent similar mistakes from being introduced in the future by automatically catching them before code gets merged.”

QL powers Semmle’s second product, LGTM, whose name stems from “Looks Good to Me,” which programmers use to express approval when reviewing software.

LGTM is a software engineering analytics platform that combines deep semantic code search and data science insights from a community of hundreds of thousands of developers. The platform, which Semmle claims is easy to integrate into the developer workflow, provides feedback, coding recommendations, and benchmarking insights.

Semmle’s platform has already been used in the past years by Microsoft, Google, Capital One, Credit Suisse, Nasdaq and NASA, which has helped the company perfect its product, said Oege de Moor, CEO and co-founder of Semmle.

The commercial product is now being made available to the rest of the world.

“On August 21, for the first time, any company can have access to our enterprise product and benefit from the work of leading technology companies like Google and Microsoft. Every customer benefits from the work that these security researchers report back to our vulnerability analysis repository — we are pioneering security as a public good,” de Moor told SecurityWeek.

“The LGTM community is our security research team, and this is one of the most powerful aspects of our platform. The leading companies using our tools have now made insights available to the rest of our customers, who might not have the resources or scale to invest in product security teams to hunt for vulnerabilities,” he added.

Semmle is the company that last year reported CVE-2017-9805, an Apache Struts vulnerability that ended up being exploited in the wild.

Related: Financial Services Has Most Code Vulnerabilities of All Industries

Related: Virsec Raises $24 Million in Series B Funding

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Forty cybersecurity-related M&A deals were announced in January 2023.