Maintaining source code is one of the toughest challenges that software developers face. In a 2020 survey from Sourcegraph, 51% of developers said that they have more than 100 times the volume of code they had ten years ago while 92% say the pressure to release software faster has increased. The growing responsibilities can lead to poor-quality code slipping into production environments, increasing costs. One report estimates the impact of buggy software at $2.84 trillion per year.

Products have emerged over the years to address the problem of code maintenance, including the cloud-based code quality management service SonarSource. SonarSource, whose technology detects reliability and vulnerability issues in code, today announced that it raised $412 million in a funding round co-led by Advent International and General Catalyst at a $4.7 billion valuation.

“Organizations across all industries have long understood that software is critical to running their businesses. Recently, they’ve begun to realize and recognize that source code is the key component of their software — source code dictates how software will behave and also perform — and as such must receive good care,” SonarSource CEO Olivier Gaudin told TechCrunch via email. “SonarSource enables companies to improve the quality of their source code.”

Detecting issues in source code

Gaudin says he launched SonarSource to enable developers to administer best code quality practices that, in theory, could help to fix problematic code. It’s an acute problem. An alarming report from Veracode and Enterprise Strategy Group found that nearly half of organizations knowingly ship vulnerable code despite using cybersecurity tools, often to meet release deadlines. A separate survey from Veracode suggests that the majority of software library flaws — 92% — can be fixed via an update, but that 79% of the time, developers never update libraries after they’re added to a codebase for fear of breaking functionality.

Gaudin has a financial industry background, having worked at JP Morgan as a developer and Deutsche Bank as a software team leader before cofounding SonarSource. Freddy Mallet, SonarSource’s second cofounder, was a project architect at E-Trade and CTO at agtech startup Hortis. Third cofounder Simon Brandhof also worked at Hortis and was a lead developer at online trading platform CPR Online.

sonarsource raises $412m to scan codebases for bugs and vulnerabilities

One of the code analysis dashboards in SonarQube.

“SonarSource was created to accommodate the market’s eventual realization that software — and its source code — is the foundation of business and must be stewarded as such,” Gaudin said. “From the beginning, SonarSource’s mission has been to empower every single developer — and thus every organization — to build software right.”

SonarSource was incorporated in 2008, and one of its first products was the open source program SonarQube. Designed to perform static code analysis — i.e., debugging by examining a program’s code without actually executing the program — SonarQube embeds clean code into the development process, supporting programming languages including Python, Java, C#, and JavaScript.

In 2010, SonarSource’s open source project hit a milestone of over 2,000 downloads per month. The startup sought to capitalize on its success with View, a commercial plugin for project portfolio management. After releasing more plugins and software including SonarCloud (which analyzes open source projects) and SonarLint (an integrated developer environment extension for static analysis), SonarSource expanded the scope of its analyzers to cover standards that encompass maintainability, reliability, and security.

“Many competitors focus on just one part of delivering clean code, such as the security aspect. That’s a promise to a risk or compliance department,” Gaudin said. “SonarSource has a different approach — we’re going to help the engineering team do a better job delivering code and help them invest the time they spend actually writing new code, as opposed to debugging old code. We provide a solution that allows these departments to raise their game and deliver better code. More time is spent on innovation and solving difficult problems for the organization.”

Accelerating momentum

SonarSource competes with a number of companies in the static code analysis software market, which one firm predicts could be worth $1.74 billion by the end of 2026 (up from $643 million in 2022). For example, R2C and DeepSource focus on code analysis for security and performance, while ShiftLeft attempts to automatically patch any code vulnerabilities that it finds.

All static code analysis products have downsides. They can’t support every programming language, sometimes produce false positives and negatives, and can provide a false sense of security. They’re only as good as the rules they’re using to scan with, after all — which is why they aren’t likely to replace quality assurance teams anytime soon.

SonarSource doesn’t claim have overcome these. To the extent that it has them, the company’s advantages are a head start and strong industry traction. SonarSource grew its commercial customer base by more than 2,000% over the last four years to more than 16,000 organizations. Over 300,000 organizations including 80 Fortune 100 companies, meanwhile, use a mix of the company’s commercial and free products.

sonarsource raises $412m to scan codebases for bugs and vulnerabilities

Image Credits: SonarSource

SonarSource’s gross margin profile is above 90% and annual recurring revenue stands at $175 million, which the company projects will reach $240 million this year. SonarSource plans to expand its headcount from 290 employees to “north of 400” to meet that goal, according to Gaudin.

“SonarSource will use [the latest] investment to double its sales force in 2022 and grow its marketing team across existing offices in Geneva, Switzerland; Annecy, France; Bochum, Germany and Austin, Texas … In addition, SonarSource will open a new regional headquarters in Singapore, allowing the company to build its business within the burgeoning Asia-Pacific market,” Gaudin added. “Many competitors focus on just one part of delivering clean code, such as the security aspect. That’s a promise to a risk or compliance department. SonarSource has a different approach — we’re going to help the engineering team do a better job delivering code and help them invest the time they spend actually writing new code, as opposed to debugging old code.”

Insight Partners and Permira also participated in SonarSource’s latest financing round.

TECH NEWS RELATED

How to grow your startup with email marketing using Gmail

You've got a great idea for a startup, and you're ready to make it happen.  You don’t have a surefire marketing strategy in mind yet. But you know one thing - you gotta have an active email list ASAP.    

View more: How to grow your startup with email marketing using Gmail

PP Control & Automation launches PP+ to help bridge ‘valley of death’

A UK manufacturing outsourcing specialist is aiming to help domestic businesses cross the well-publicised ‘valley of death’.

View more: PP Control & Automation launches PP+ to help bridge ‘valley of death’

What tech startups are doing to combat Parkinson’s disease

Startups Magazine looks at the amazing work that startups are doing with AI and other tech to bolster the medical world’s diagnosis, treatment, and overall understanding of Parkinson’s disease.

View more: What tech startups are doing to combat Parkinson’s disease

Google will reimburse developers $90 million to settle a lawsuit over Play Store earnings

Google said Thursday it will pay $90 million to settle a lawsuit with US developers that accused Google of abusing its power of app distribution and charging an unfair fee of 30% for app purchases and in-app purchases made through the Play Store. The company noted that US developers who ...

View more: Google will reimburse developers $90 million to settle a lawsuit over Play Store earnings

Bringing an idea to market

The demand for app development doesn't show signs of getting slower any sooner. As apps are an accessible type of technology, where people can have access from anywhere, the consumers' interest in this technology is vital. Therefore, many companies are taking this trend and changing their traditional environment to mobile for effective business positioning. But developing an app isn't easy and takes time and teamwork for a positive outcome.

View more: Bringing an idea to market

Meta’s co-accused Sama to retain BCorp status until case is determined

Meta’s main subcontractor for content moderation in Africa, Sama, will retain its BCorp certification until the case against it in Kenya, over claims of union busting and exploitation, is determined. The referenced case, which also includes allegations against Meta, was filed in May this year by Daniel Motaung, a ...

View more: Meta’s co-accused Sama to retain BCorp status until case is determined

Sharpen your credit card, the Apple Store is down

At June’s WWDC, Apple launched a slew of new and exciting products, only to mention that they’d be available to order at some point later this month. Well, as the end of the month draws closer by the minute, it looks like Apple is updating its store, presumably to ...

View more: Sharpen your credit card, the Apple Store is down

Early-stage VC investments in Q1FY23 up 30% on year even as growth-stage investments come under pressure

(Representative Image) Early-stage venture capital (VC) investments in India rose by nearly a third in the first quarter of 2022-23 (FY23) from a year earlier as investors turned cautious and made smaller-sized and longer-duration bets amid a correction in global financial markets. In April-June 2022, early-stage VC investments in ...

View more: Early-stage VC investments in Q1FY23 up 30% on year even as growth-stage investments come under pressure

China’s tech giants promise speculation-free NFTs

Visby Medical tests positive for a Series E extension at $1B+ valuation

Micro-pyramid lenses triple light hitting solar panels

Crypto wants its own iPhone

Daily Crunch: OpenSea, an NFT marketplace, revealed email data breach that may have affected 1.8M users

3 questions for the startup market as we enter Q3

Fleetzero begins its search for the first giant ship to convert to battery power

Instagram test ditches video posts in favor of Reels

Nikola delays shareholder meeting to drum up support to issue more shares

The SEC rejected bitcoin spot ETFs again. Now what?

Raspberry Pi introduces a $6 board with Wi-Fi

Here’s Carta’s response to venture becoming more global

OTHER TECH NEWS

Top Car News Car News