Skip to main content

Redpoint and Sequoia are backing a startup to copy edit your shit code

Code is the lifeblood of the modern world, yet the tooling for some programming environments can be remarkably spartan. While developers have long had access to graphical programming environments (IDEs) and performance profilers and debuggers, advanced products to analyze and improve lines of code have been harder to find.

These days, the most typical tool in the kit is a linter, which scans through code pointing out flaws that might cause issues. For instance, there might be too many spaces on a line, or a particular line might have a well-known ambiguity that could cause bugs that are hard to diagnose and would best be avoided.

What if we could expand the power of linters to do a lot more though? What if programmers had an assistant that could analyze their code and actively point out new security issues, erroneous code, style problems, and bad logic?

Static code analysis is a whole interesting branch of computer science, and some of those ideas have trickled into the real-world with tools like semgrep, which was developed at Facebook to add more robust code-checking tools to its developer workflow. Semgrep is an open-source project, and it’s being commercialized through r2c, a startup that wants to bring the power of this tool to the developer masses.

The whole project has found enough traction among developers that Satish Dharmaraj at Redpoint and Jim Goetz at Sequoia teamed up to pour $13 million into the company for its Series A round, and also backed the company in an earlier, unannounced seed round.

The company was founded by three MIT grads — CEO Isaac Evans and Drew Dennison were roommates in college, and they joined up with head of product Luke O’Malley. Across their various experiences, they have worked at Palantir, the intelligence community, and Fortune 500 companies, and when Evans and Dennison were EIRs at Redpoint, they explored ideas based on what they had seen in their wide-ranging coding experiences.

r2c’s team, which I assume only writes bug-free code. Photo by r2c.

“Facebook, Apple, and Amazon are so far ahead when it comes to what they do at the code level to bake security [into their products compared to] other companies, it’s really not even funny,” Evans explained. The big tech companies have massively scaled their coding infrastructure to ensure uniform coding standards, but few others have access to the talent or technology to be on an equal playing field. Through r2c and semgrep, the founders want to close the gap.

With r2c’s technology, developers can scan their codebases on-demand or enforce a regular code check through their continuous integration platform. The company provides its own template rulesets (“rule packs”) to check for issues like security holes, complicated errors, and other potential bugs, and developers and companies can add their own custom rulesets to enforce their own standards. Currently, r2c supports eight programming languages including Javascript and Python and a variety of frameworks, and it is actively working on more compatibility.

One unique focus for r2c has been getting developers onboard with the model. The core technology remains open-sourced. Evans said that “if you actually want something that’s going to get broad developer adoption, it has to be predominantly open source so that developers can actually mess with it and hack on it and see whether or not it’s valuable without having to worry about some kind of super restrictive license.”

Beyond its model, the key has been getting developers to actually use the tool. No one likes bugs, and no developer wants to find more bugs that they have to fix. With semgrep and r2c though, developers can get much more immediate and comprehensive feedback — helping them fix tricky errors before they move on and forget the context of what they were engineering.

“I think one of the coolest things for us is that none of the existing tools in the space have ever been adopted by developers, but for us, it’s about 50/50 developer teams who are getting excited about it versus security teams getting excited about it,” Evans said. Developers hate finding more bugs, but they also hate writing them in the first place. Evans notes that the company’s key metric is the number of bugs found that are actually fixed by developers, indicating that they are offering “good, actionable results” through the product. One area that r2c has explored is actively patching obvious bugs, saving developers time.

Breaches, errors and downtime are a bedrock of software, but it doesn’t have to be that way. With more than a dozen employees and a hefty pool of capital, r2c hopes to improve the reliability of all the experiences we enjoy — and save developers time in the process.



from TechCrunch https://ift.tt/3eejXyP
via IFTTT

Comments

Popular posts from this blog

Max Q: Psyche(d)

In this issue: SpaceX launches NASA asteroid mission, news from Relativity Space and more. © 2023 TechCrunch. All rights reserved. For personal use only. from TechCrunch https://ift.tt/h6Kjrde via IFTTT

Max Q: Anomalous

Hello and welcome back to Max Q! Last week wasn’t the most successful for spaceflight missions. We’ll get into that a bit more below. In this issue: First up, a botched launch from Virgin Orbit… …followed by one from ABL Space Systems News from Rocket Lab, World View and more Virgin Orbit’s botched launch highlights shaky financial future After Virgin Orbit’s launch failure last Monday, during which the mission experienced an  “anomaly” that prevented the rocket from reaching orbit, I went back over the company’s financials — and things aren’t looking good. For Virgin Orbit, this year has likely been completely turned on its head. The company was aiming for three launches this year, but everything will remain grounded until the cause of the anomaly has been identified and resolved. It’s unclear how long that will take, but likely at least three months. Add this delay to Virgin’s dwindling cash reserves and you have a foundation that’s suddenly much shakier than before. ...

What’s Stripe’s deal?

Welcome to  The Interchange ! If you received this in your inbox, thank you for signing up and your vote of confidence. If you’re reading this as a post on our site, sign up  here  so you can receive it directly in the future. Every week, I’ll take a look at the hottest fintech news of the previous week. This will include everything from funding rounds to trends to an analysis of a particular space to hot takes on a particular company or phenomenon. There’s a lot of fintech news out there and it’s my job to stay on top of it — and make sense of it — so you can stay in the know. —  Mary Ann Stripe eyes exit, reportedly tried raising at a lower valuation The big news in fintech this week revolved around payments giant Stripe . On January 26, my Equity Podcast co-host and overall amazingly talented reporter Natasha Mascarenhas and I teamed up to write about how Stripe had set a 12-month deadline for itself to go public, either through a direct listing or by pursuin...