r2c raises $27M to scale its security-focused code evaluation service

Written by Jeff Lampkin

This morning r2c, a startup constructing a SaaS service across the Semgrep open-source project, introduced that it has closed a $27 million Sequence B. Felicis led the spherical, which the corporate mentioned was a pre-emptive deal.

Prior buyers corporations Redpoint and Sequoia additionally participated within the fundraising occasion; r2c final raised a $13 million Series A in October of 2020.

The startup suits into a number of traits that TechCrunch has explored in latest quarters, together with what seems to be a rising variety of open-source (OSS) grounded startups elevating capital, extra rounds coming to exist because of buyers seeking to get the soar on inside rounds earlier than they will type.

On the OSS level, r2c works with Semgrep, which the corporate likens to a “code-aware grep.” Nonetheless confused? Don’t fear, that is all a bit technical, however attention-grabbing. Grep is a instrument for looking out via plain-text that has been round for many years. Semgrep is said, however targeted on discovering issues inside written code.

Given the sheer quantity of code that’s written day by day on the planet, you may think about that there’s an ever-rising demand for locating specific bits of textual content shortly; Semgrep is an evolution of the unique mission, that was initially constructed inside Fb.

Per r2c CEO Isaac Evans, nevertheless, the mission failed to draw a lot consciousness. His startup has constructed what Evans described to TechCrunch has the “canonical” Semgrep fork, or model, and has crafted a software program service across the code to make it simpler for different firms to make use of.

The r2c group, by way of the corporate.

There are various methods to generate income from open-source software program. Two common monetization routes are througuh assist companies or gives to host specific tasks. However, R2c is a doing one thing a bit completely different. The startup sells a month-to-month, per-developer subscription (SaaS) that packages a broad set of security-focused guidelines throughout completely different coding languages, permitting firms to simply examine their very own software program for attainable safety points.

Or as Evans succinctly defined it, r2c gives one thing akin to software safety in a field.

Specializing in cybersecurity is an inexpensive tack for the corporate. Given the ever-growing variety of breaches that the general public endures, serving to firms leak much less information, and endure fewer intrusions is massive enterprise.

You don’t should pay r2c, nevertheless. Semgrep is OSS and the principles related to numerous languages can be found beneath a LGPL license — extra on that definition here. Builders may construct their very own model of what the corporate gives. However, Evans argued, it gained’t be prepared that will help you decide which guidelines you could wish to apply to your code, one thing that his firm is blissful to assist with for a charge.

From a large lens, r2c suits into the developer instruments class. It’s content material to land and broaden inside firms, maybe permitting it a decrease value of buying prospects than we see at some SaaS startups. However that doesn’t imply that the corporate gained’t go to market to promote its service. Per Evans, the startup has traditionally underinvested in advertising and marketing, one thing that it might now be capable of focus extra on because of its latest financing.

It isn’t unusual to see firms with technically-minded founders initially spend too little on the gross sales and advertising and marketing components of working a software program enterprise. However our impression after discussing the corporate’s plans with Evans is that r2c intends to get that a part of its home so as.

Evans advised TechCrunch that his firm took aboard extra cash as a result of it doesn’t wish to construct the most effective search instrument for, say, the C programming language. It needs to go broad, fusing what the CEO described because the “customizability of Semgrep” and vast language assist.

Let’s see how shortly the corporate can employees up, bolster its advertising and marketing efforts, and tackle enterprise purchasers. Elevating a Sequence C places the corporate someplace previous its startup adolescence, so from right here on out we will pester the corporate for concrete development numbers.

About the author

Jeff Lampkin

Jeff Lampkin was the first writer to have joined He has since then inculcated very effective writing and reviewing culture at GamePolar which rivals have found impossible to imitate. His approach has been to work on the basics while the whole world was focusing on the superstructures.