Semgrep
AppSec platform combining deterministic SAST with LLM-powered triage and autonomous remediation
cybersecurity
📍 San Francisco, CA
Founded 2017
Current Valuation
Private
as of 2025-Q1 (undisclosed)
PRIVATE
Semgrep (originally r2c) is an application-security platform that pairs an extensible, deterministic static-analysis engine with LLM-powered triage to flag code vulnerabilities, supply-chain risk, and hardcoded secrets across ~40 languages. Its Series D in February 2025 was led by Menlo Ventures with Sequoia, Lightspeed, Redpoint, Felicis, and Harpoon — bringing total funding to $193M. Mark McLaughlin (former Palo Alto Networks CEO) joined as board observer and angel.
Company Profile
Last Round
Series D — $100M (Feb 2025) · Lead: Menlo Ventures
Founders & Key People
Isaac EvansLuke O'MalleyDrew Dennison
Investors
Menlo Ventures · Felicis Ventures · Harpoon Ventures · Lightspeed Venture Partners · Redpoint Ventures · Sequoia Capital
Products
- Semgrep Code (SAST)
- Semgrep Supply Chain (SCA)
- Semgrep Secrets
- Semgrep AppSec Platform
- Semgrep Workflows
- Semgrep Community Edition (open-source)
Competitors
Snyk · Checkmarx · Veracode · GitHub Advanced Security · SonarQube · Endor Labs
CybersecurityDevSecOpsAppSecOpen Source
Private-company numbers are not real-time. Reflects publicly disclosed valuations from press releases, news reports, and tender offers as of 2025-Q1 (undisclosed). Refreshed quarterly.