r2c Secures $27M Funding to Expand Code Analysis

r2c Secures $27 Million in Series B Funding

This morning, r2c, a company specializing in a SaaS offering built around the Semgrep open-source project, announced the successful completion of a $27 million Series B funding round. Felicis spearheaded the investment, which the company characterized as a preemptive agreement.

Previous Investment and Market Trends

Existing investors, including Redpoint and Sequoia, also contributed to this fundraising effort. r2c previously secured $13 million in a Series A round back in October 2020.

The company’s trajectory aligns with several emerging trends observed by TechCrunch, notably the increasing number of startups founded on open-source software (OSS) attracting capital. Furthermore, the prevalence of preemptive investment rounds is growing as investors seek early access.

Understanding Semgrep: A Code-Aware Search Tool

r2c leverages Semgrep, which the company describes as a “code-aware grep.” If this is unclear, it’s understandable – the technology is somewhat specialized. Grep is a long-standing tool for searching plain text.

Semgrep builds upon this concept, focusing specifically on identifying patterns within source code. Considering the vast quantities of code generated daily, the need for rapid text identification is substantial.

Initially developed within Facebook, the original project lacked widespread recognition, according to r2c CEO Isaac Evans.

r2c's Approach to Monetization

Evans asserts that his startup has developed the “canonical” Semgrep fork and has constructed a software service to simplify its adoption by other organizations.

Many open-source projects generate revenue through support services or project hosting. However, r2c employs a distinct strategy.

The company offers a monthly, per-developer subscription (SaaS) that provides a comprehensive suite of security-focused rules for various programming languages. This allows businesses to proactively scan their software for potential vulnerabilities.

Essentially, r2c delivers application security as a readily available solution.

The Importance of Cybersecurity

A focus on cybersecurity is strategically sound. With the increasing frequency of data breaches and security intrusions, assisting companies in minimizing data leaks and bolstering their defenses represents a significant market opportunity.

While utilizing r2c isn’t mandatory, Semgrep itself is OSS, and its language-specific rules are available under an LGPL license.

Developers could theoretically create their own equivalent system, but Evans contends that r2c’s expertise in rule selection and application provides substantial value.

Growth Strategy and Future Plans

r2c operates within the broader developer tools landscape. The company aims to expand its presence within organizations, potentially leading to lower customer acquisition costs compared to some SaaS businesses.

However, the startup also intends to actively market its services, having historically underinvested in this area, a situation the new funding should rectify.

It’s common for technically-focused founders to initially prioritize product development over sales and marketing, but r2c appears committed to addressing this imbalance.

Expanding Capabilities and Market Reach

Evans explained that the additional capital will enable r2c to move beyond specializing in a single programming language, such as C. The goal is to achieve broad language support while maintaining the “customizability of Semgrep.”

The company’s next steps involve scaling its team, strengthening its marketing initiatives, and attracting enterprise-level clients. With this Series B funding, r2c is transitioning beyond its early stages, and future scrutiny will focus on demonstrable growth metrics.