Semmle
Semmle is a company.
Active
Updated: ·
Financial History
Total Raised
N/A
Valuation
N/A
Leadership Team
Key people at Semmle.
Semmle is a company.
Key people at Semmle.
Key people at Semmle.
Semmle was a software company specializing in code analysis technology, offering the LGTM platform powered by CodeQL—a semantic code analysis engine for automating code review, tracking developer contributions, identifying security vulnerabilities, and enabling custom queries on codebases.[1][3] It served major enterprises like NASA, Uber, Microsoft, Google, Credit Suisse, and Nasdaq, solving critical problems in software quality, security, and engineering analytics by treating code as queryable data for continuous monitoring and variant analysis.[1][2][4] Founded in 2006 with around $31M in funding, Semmle achieved strong growth, doubling revenue in 2018 before its acquisition by GitHub in September 2019, after which its technology integrated into GitHub's security tools, with free access for open-source projects.[1][3][4]
Semmle spun out from the University of Oxford in December 2006, leveraging research on querying software source code as data, initially for applications like software renovation and application intelligence.[1][3][4] Key founders included CEO Oege de Moor and co-founder Pavel Avgustinov (VP of platform engineering), who built on academic work in object-oriented query languages like QL (now CodeQL).[3][4] Early traction came from industrial tools like SemmleCode for Java analysis in Eclipse, evolving from business analytics for development processes to security-focused variant analysis.[3][7] Pivotal moments included a $2M seed in 2011, $8M Series A in 2014 from Accel Partners, and $21M Series B in 2018 (also led by Accel, totaling $31M raised), fueling expansion to 60 employees across San Francisco (HQ), Oxford, Copenhagen, New York, Seattle, and Valencia.[2][4][7][8] In 2019, it hired its first CSO, Fermín Serna (ex-Google/Microsoft), amid high-profile CVE disclosures.[2]
Semmle rode the shift toward DevSecOps and automated security in software supply chains, enabling "secure all software" by uniting security researchers and developers amid rising zero-day threats and open-source dependencies.[2][5] Timing was ideal post-2010s funding boom for code analytics, aligning with enterprise needs for scalable analysis as codebases exploded (e.g., at FAANG-scale orgs).[2][4] Market forces like CVE proliferation, regulatory pressures (e.g., on supply chain security), and AI-driven tools favored its query-based model, influencing ecosystems via GitHub integration—now powering Advanced Security for millions of repos and standardizing semantic analysis.[1][3] It democratized elite security expertise, boosting open-source safety and enterprise productivity.
Post-2019 GitHub acquisition (under Microsoft), Semmle's CodeQL lives on as a cornerstone of GitHub Advanced Security, with ongoing enhancements in AI-powered querying and broader language support amid rising cyber threats.[1][3] Trends like AI in security, zero-trust dev pipelines, and massive open-source scrutiny will amplify its reach, potentially evolving into fully autonomous vulnerability hunting. Its legacy as a code-to-data pioneer positions it to shape secure software at global scale, fulfilling the original mission from Oxford's labs.
