You may not have heard of SonarSource, a “clean-code” platform, but the Swiss company quietly raised a hefty $412 million in new investment this week as it seeks to “sing the gospel of Sonar”.
SonarSource offers products including SonarQube, SonarCloud and SonarLint, which help developers and organisations write and maintain clean code, free of technical debt.
(SonarCube, for example, is a tool to detect bugs that integrates with existing workflows to enable continuous code inspection across project branches and pull requests. It can either run on your build or as part of your continuous integration pipeline performing a scan whenever the build process is triggered.)
The company, which as of this investment round is valued at $4.7 billion, has kept a relatively low profile outside of the DevOps community, as CEO and co-founder Olivier Gaudin admitted.
“I was talking to a journalist in [Sonar’s home] Geneva, Switzerland this morning, and he was telling me, ‘how is it possible that we don’t really know you guys?’” he told The Stack (strikingly, given the company counts 80 Fortune 100 companies, including Microsoft, IBM, Barclays and Alphabet among its customers).
Founded in 2007 by Freddy Mallet, Simon Brandhof and Gaudin, SonarSource initially focused on Java — the company now covers 29 programming languages — and has open source roots*.
This relative lack of awareness is one thing Gaudin plans to address with the new funding, which has come from a trio of some of the biggest investor names out there: private equity behemoth Advent International, VC firm General Catalyst, and with prior SonarSource investor, established VC heavyweight Insight Partners.
Follow The Stack on LinkedIn
“From a go-to-market perspective, we have been very much in the passenger seat, more seeing the business coming to us, rather than going out trying to, to push on revenue,” said Gaudin, who believes the business case for SonarSource’s products is very clear: “If we bring the technical debt down on software, suddenly, developers are going to be more productive, they’re going to be able to invest more time into something which is intellectually challenging and is probably going to create more value for enterprises.
“It’s also about retaining also developers – if you have crappy code, this is a work environment for developers. So don’t be surprised if you have a high attrition rate – people are not going to want to stay working in a bad environment,” Gaudin adds on a call with The Stack.
He compares SonarSource’s products to tools such as spell-checkers or Grammarly, helping developers as they write code – as well as being able to check existing code for issues: “The beauty of this approach that we have is that it costs no more; for the same investment, you have good code, which later on you’re going to have a greater return on investment. Because when you have crap code, the truth is that your developers are going to spend their life to fix it, patch it, read it, try to understand it, change it etc, it’s going to be a lot of rework. So it’s really a, it’s really a good investment to actually make it right from the beginning,” said Gaudin.
With offices in Geneva, France, and Austin, Texas, SonarSource currently has around 40 sales people, which Gaudin describes as “a little infant… compared to the kind of business that we have”.
The company’s priority is to double that sales force in 2022, and potentially double it again in 2023.
“We have great accounts, where we know that if we can help these accounts, they’re going to consume more,” said Gaudin. “It’s a huge market – there is so much value to be created for enterprises, there is so much money to save for enterprises that, to me the sky’s the limit in this market…”
SonarSource funding: “We want to sing the gospel of Sonar”
Along with growing its sales team, SonarSource plans to increase its outreach efforts to developers, as well as improving access to tutorials and education on how to get the best from its products.
“We want to sing the gospel of Sonar, basically, which is, ‘hey, you guys have a problem, you haven’t really realised that you can have an impact on it, we have a solution, which integrates into development pipeline on for like, no extra cost, you can no extra time invested, you actually can do a better job’,” said Gaudin.
On education he added: “We really want to make sure that developers, when they get this information, they are going to be able to use it. If they don’t understand this information, we generate no value. Basically they are going to ignore that. So we want to have training tutorials and education as part of the tool.”
Gaudin also wants to expand SonarSource’s product range: “We also want to work not only on going deeper in security, but also going deeper on bug detection. To the nobody’s really covering this area, the only people who cover this are Synopsys with the C++ language. But on other languages, there is no coverage, we believe we are really in an ideal position to add this, this coverage on get maximum adoption.”
Around three-quarters of SonarSource’s code is open-source, and the company sells software and support licences, rather than consulting. For many organisations the free version of SonarSource’s tools is sufficient, according to Gaudin – but for companies which need more features, paid versions are available, and currently generating around $175 million in annual revenue for the company.
“Our first company mission was actually to democratise access to good quality tools, which at the time, you had to pay a high price to get something like a top management monitoring tool. And we wanted to have something for dev teams. And we wanted that to be accessible by all because we felt it would it would change the industry,” said Gaudin.
*It licenses basic versions of its software under the copy left LGPL 3.0 license but doesn’t have a hugely broad external community of contributors. A quick look at its SonarCube repo shows the company saying “we are not actively looking for feature contributions… it’s extremely difficult for someone outside SonarSource to comply with our roadmap and expectations. Therefore, we typically only accept minor cosmetic changes and typo fixes.