Semmle

Claim instruction:

Send us an email to claim@startus.cc from an official Semmle email account. The content must be:

StartUs buddies,

Please, allow me to claim rights over Semmle.

Best regards,
[your name]
Once sent the email click the Claim Startup button.
Our team will verify the origin account and will grant claim rights over the startup to the user if everything is ok.

https://www.startus.cc/company/semmle

Semmle Inc. 110 Fifth Avenue

New York, NY 10011

United States

Website

General information:

Semmle offers data-driven software engineering.

PRODUCT

Semmle brings visibility and clarity to all areas of software engineering. The Semmle analytics platform analyzes all relevant development data—source code, version history, development costs, team location, etc.— and presents results at appropriate levels of details for every level of an organization. Using Semmle analysis, a CTO might identify the top outsourcing providers; a program manager might determine how best to spend the training budget; and a developer might find a critical bug that slipped through testing. The result isn't just better code, it's better software development.

TECHNOLOGY

Semmle's patented technology creates a knowledge base using all available software-development data such as source code, bug tickets, and budget data. Semmle's state-of-the-art analytics engine allows its users to precisely query that knowledge base at unrivaled speeds.

COMPANY

Semmle is headquartered in central New York in the US with offices in Oxford, UK and Copenhagen, Denmark. We deeply care about software productivity, research and innovation. We are always on the look out for people who share our passion for software development to join the team, see our website for the latest information.

Company information:

Company type:

Startup

Industry:

IT - Software Development

Products and Services:

Code Exploration

Product category:

Software

Semmle™ QL, is a declarative, object-oriented query language. It is a modern variant of Datalog, and it is ideal for those who want an unbounded ability to ask questions of their code and related development team information by interrogating it the way they would any database.

Examples of the kinds of things you can do with Semmle QL include:

Find all instances of a security vulnerability
Check correct usage of an API
Search for usage of a specific library – where it’s used and by whom
Report metrics like lines of code, or number of test methods, etc.
Perform any other search or analysis you can imagine

QL syntax and libraries

The syntax of QL is modeled on Java, with a strong influence from other query languages like SQL. The object-oriented syntax, with support for recursion, allows you to define queries with very sophisticated logic. The complexity of that logic can be hidden from query users and made reusable by storing it in query libraries.

Semmle includes query libraries for many different programming languages. They implement rules for performing static code analysis on applications written in Java, JavaScript, C, C++, C#, Objective-C, Objective-C++, Scala, and Python, with support for COBOL and PL/SQL due out soon. The underlying technology in Semmle makes it easy to add support for new languages. We simply build an extractor that loads code written in the language into the Semmle knowledge base, and then create a query library for the new language.

The Semmle query libraries are totally open. The source code for them is included with Semmle. They contain hundreds of queries that you can use as examples to build on or customize to support your specific definitions of coding best practices standards.

QL in the wild

Using QL, any developer can quickly and simply write highly customized queries to be executed across a code base. For example:

Here is a case study of using QL to find instances of the infamous Heartbleed bug
NASA used it to find and correct a bug in the landing software of the Curiosity Mars rover

Mining all software engineering data

Software systems contain many artifacts that are not written in a traditional programming language, such as configuration files and interface specifications. QL gives you the flexibility to query those artifacts along with your source code. As your engineering process introduces new artifact types over time, Semmle can adapt by enabling you to easily write new analyses to support them.