While every company may well be a software company these days, the software development sphere has evolved greatly over the past decade to get to this stage, with developer operations (DevOps), agile, and cloud-native now core considerations for businesses.

Moreover, with APIs and open source software now serving as critical components of most modern software stacks, tracking code changes and vulnerabilities introduced by external developers can be a major challenge. This is something that fledgling startup Moderne is setting out to solve with a platform that promises to automatically “fix, upgrade, and secure code” in minutes, including support for framework or API migrations and applying CVE (common vulnerabilities and exposures) patches.

The Seattle-based company, which will remain in private beta for the foreseeable future, today announced a $4.7 million seed round of funding to bring its SaaS product to market. The investment was led by True Ventures, with participation from a slew of angel and VC backers, including GitHub CTO Jason Warner; Datadog cofounder and CEO Olivier Pomel; Coverity cofounder Andy Chou; Mango Capital; and Overtime.vc.

Version control

If a third-party API provider or open source framework is updated, for example, with the older version no longer actively supported, this necessitates action from companies to ensure their software remains secure and compliant. “It requires revving dependencies [updating version numbers in configuration files] and changing all the call sites for the APIs that have changed — it’s tedious, repetitive, but hasn’t been automated,” Moderne CEO and cofounder Jonathan Schneider told VentureBeat.

Moderne is built on top of OpenRewrite, an open source automated code refactoring tool for Java, which Schneider developed at Netflix several years ago. While developers can already use the built-in refactoring and semantic search features included in integrated development environments (IDEs), if they need to perform a migration or apply a CVE patch, they need to follow multiple manual steps. Moreover, they can only work on a single repository at a time.

“So if an organization has hundreds of microservices — which is not uncommon for even very small organizations, and larger ones have thousands — each repository needs to be loaded into [the] IDE and operated one-by-one,” Schneider said. “A developer can spend weeks or months doing this across the codebase.”

OpenRewrite, on the other hand, provides “building blocks” — individual search and refactoring operations — that can be composed into an automated sequence called recipes that can be used by anyone. And that is what Moderne offers — it’s complementary to OpenRewrite, and allows companies to apply these recipes in bulk to their codebases.

Enterprises, specifically, can accumulate vast amounts of code. One of Moderne’s early product design partners is a “large financial institution” which incorporates some 250 million lines of Java code — or “one eighth of all Github Java code,” Schneider noted, adding that this is actually on the “low-to-medium” side for what a typical enterprise might have.

“Some of this code is obsolete (e.g. accrued through historical acquisitions), some is under rapid development (e.g. mobile apps) — but the majority represents super valuable business assets, such as ATM software and branch management software,” Schneider said.

And let’s say a company decides to redeploy developers internally to work on rapid development projects — it still needs to consider all the core software components that underpin the business, and which needs to be maintained. That is where Moderne comes into play, as it automates the code migration and CVE patching process, freeing developers to work on other mission-critical projects.

When Moderne eventually goes to market, it will adopt an open core business model, with a free plan for the open source community and individual users, while the premium SaaS plan will support larger codebases and teams with additional features for collaboration.

The company said that it plans to use its fresh cash injection to grow a “vibrant open source community for OpenRewrite,” expand its internal engineering team, and bolster its SaaS product ahead of launch.