Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybersecurity Funding

Code Security Firm SonarSource Raises $412 Million at $4.7 Billion Valuation

Geneva-based code quality company is cashing in on heightened investor interest in the software supply chain security space

Geneva-based code quality company is cashing in on heightened investor interest in the software supply chain security space

Swiss code quality software firm SonarSource on Tuesday announced a $412 million funding round at a heady valuation of $4.7 billion as investors continue to pour money into startups tackling software supply chain security.

SonarSource said the financing was led by new investors Advent International and General Catalyst. Insight Venture Partners, which invested $45 million back in 2016, also participated in the latest round.

Sonar Source logoFounded in Switzerland in 2008 by Olivier Gaudin, Freddy Mallet and Simon Brandhof, SonarSource provides products for continuous code quality of applications. The company competes with the likes of Veracode and Checkmarx in a fast growing market for tools to secure code in the software supply chain.

SonarSource, which maintains dual headquarters in Geneva and Texas, provides an IDE extension for on-the-fly analysis and coding guidance and products to handle static analysis for continuous codebase inspection and CI/CD workflows.

The company claims its products help more than 5 million developers write high-standard code that is free of bugs and security vulnerabilities.

As software gets updated continuously, SonarSource tools can be used to embed clean code directly into the development process, improving the overall health of the code base and reducing tech debt, the company said.

SonarSource said it will use the new investment to grow its go-to-market team globally as the company drives toward an ambitious $1 billion revenue target.

The company plans to open new regional headquarters in Singapore to drive a push into the APAC market. 

Advertisement. Scroll to continue reading.

Related: Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack

Related: Code Analysis Company SonarSource Acquires RIPS Technologies

Related: Critical GoCD Authentication Flaw Exposes Software Supply Chain

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.