Business

Sonarsource Raises $412M to Scan Codebases For Bugs and Vulnerabilities

Sonarsource Raises $412M to Scan Codebases For Bugs and Vulnerabilities

One of the most difficult difficulties that software engineers confront is maintaining source code. According to a Sourcegraph poll from 2020, 51% of engineers believe they have more than 100 times the amount of code they did ten years ago, and 92% think they need to deploy software quicker has grown. As responsibilities expand, it’s possible that low-quality code may find its way into production settings, raising expenses. According to one study, the annual cost of defective software is $2.84 trillion. Over time, products have evolved to solve the challenge of code maintenance, like SonarSource, a cloud-based code quality management service. 

SonarSource, whose technology detects code dependability and vulnerability flaws, revealed today that it has secured $412 million in a $4.7 billion investment round headed by Advent International and General Catalyst. “Software has long been recognized as important to the success of enterprises across all industries. They’ve just realized and recognized that source code is a critical component of their business – source code determines how software behaves and performs — and that it requires special attention,” SonarSource CEO Olivier Gaudin told TechCrunch via email. “Companies may use SonarSource to improve the quality of their source code.”

Finding flaws in source code, Gaudin says he started SonarSource to make it easier for developers to use best code quality standards, which may, in principle, help them correct faulty code. It’s a serious issue. According to an alarming survey released by Veracode and Enterprise Strategy Group, over half of companies ship risky code while utilizing cybersecurity solutions, frequently to meet release deadlines. According to a second Veracode poll, the majority of software library issues — 92 percent — can be remedied with an update, but developers seldom update libraries after they’ve been introduced to a codebase for fear of destroying functionality.

Gaudin has a history in the financial business, having worked as a developer at JP Morgan and as a software team leader at Deutsche Bank before co-founding SonarSource. Freddy Mallet, SonarSource’s second co-founder, worked at E-Trade as a project architect and as the CTO of Hortis, an agtech firm. Simon Brandhof, the third co-founder, previously worked at Hortis and was a key developer at CPR Online, an online trading platform.

“SonarSource was founded to accommodate the market’s eventual recognition that software — and its source code — is the cornerstone of company and must be managed as such,” Gaudin added. “SonarSource’s purpose has been to enable every single developer — and consequently every organization — to build software correctly from its inception.” The open source tool SonarQube was one of SonarSource’s initial offerings when it was founded in 2008. SonarQube is a static code analysis tool that supports Python, Java, C#, and JavaScript programming languages.

SonarSource’s open source project reached a milestone of over 2,000 monthly downloads in 2010. With View, a commercial project portfolio management plugin, the business hoped to leverage on its success. SonarSource increased the scope of its analyzers to incorporate standards such as maintainability, dependability, and security after releasing new plugins and tools such as SonarCloud (which analyzes open source projects) and SonarLint (an integrated developer environment extension for static analysis).

“Many rivals concentrate on a single component of creating clean code, such as security. Gaudin explained, “That’s a guarantee to a risk or compliance department.” “At SonarSource, we’re taking a different approach: we’re trying to assist the engineering team produce code faster and spend more time building new code rather than troubleshooting existing code.” We offer a solution that enables these departments to step up their game and produce better code. For the organization, more time is focused on innovation and tackling complex challenges.”