Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Let the OSS Enterprise newsletter guide your open source journey! Sign up here.
While every company may well be a software company these days, the software development sphere has evolved greatly over the past decade to get to this stage, with developer operations (DevOps), agile, and cloud-native considerations at the forefront.
Moreover, with APIs and open source software now serving as critical components of most modern software stacks, tracking code changes and vulnerabilities introduced by external developers can be a major challenge. This is something fledgling startup Moderne is setting out to solve with a platform that promises to automatically “fix, upgrade, and secure code” in minutes, including offering support for framework or API migrations and applying CVE (common vulnerabilities and exposures) patches.
The Seattle-based company, which will remain in private beta for the foreseeable future, today announced a $4.7 million seed round of funding to bring its SaaS product to market. The investment was led by True Ventures, with participation from a slew of angel and VC backers, including GitHub CTO Jason Warner; Datadog cofounder and CEO Olivier Pomel; Coverity cofounder Andy Chou; Mango Capital; and Overtime.vc.
If a third-party API provider or open source framework is updated, with the older version no longer actively supported, companies need to ensure their software remains secure and compliant. “It requires revving dependencies [updating version numbers in configuration files] and changing all the call sites for the APIs that have changed — it’s tedious, repetitive, but hasn’t been automated,” Moderne CEO and cofounder Jonathan Schneider told VentureBeat.
Moderne is built on top of OpenRewrite, an open source automated code refactoring tool for Java that Schneider developed at Netflix several years ago. While developers can already use the built-in refactoring and semantic search features included in integrated development environments (IDEs), if they need to perform a migration or apply a CVE patch, they have to follow multiple manual steps. Moreover, they can only work on a single repository at a time.
“So if an organization has hundreds of microservices — which is not uncommon for even very small organizations, and larger ones have thousands — each repository needs to be loaded into [the] IDE and operated one by one,” Schneider said. “A developer can spend weeks or months doing this across the codebase.”
OpenRewrite, on the other hand, provides “building blocks” — individual search and refactoring operations — that can be composed into an automated sequence called recipes anyone can use. Moderne’s offering complements OpenRewrite and allows companies to apply these recipes in bulk to their codebases.
Enterprises, specifically, can accumulate vast amounts of code. One of Moderne’s early product design partners is a “large financial institution” that incorporates some 250 million lines of Java code — or “one-eighth of all GitHub Java code,” Schneider noted, adding that this is actually on the “low to medium” side for what a typical enterprise might have.
“Some of this code is obsolete (e.g. accrued through historical acquisitions), some is under rapid development (e.g. mobile apps) — but the majority represents super valuable business assets, such as ATM software and branch management software,” Schneider said.
And let’s say a company decides to redeploy developers internally to work on rapid development projects — it still needs to consider the core software components that underpin the business and need to be maintained. Moderne automates the code migration and CVE patching process, freeing developers to work on other mission-critical projects.
When Moderne eventually goes to market, it will adopt an open core business model, with a free plan for the open source community and individual users, while the premium SaaS plan will support larger codebases and teams with additional features for collaboration.
The company said it will use its fresh cash injection to grow a “vibrant open source community for OpenRewrite,” expand its internal engineering team, and bolster its SaaS product ahead of launch.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.