Securing the future of healthy code: “Make it simple, scalable & a no-brainer for teams of all sizes”

A dream is often born when things get tough and tedious. While DevSecOps is a process that has aided many development teams in getting to that clean code that shows the green flag for go-to-market, it can be a lengthy process full of repeated reviews and flaws that slip through.

That’s how DeepSource was born, a cutting-edge DevSecOps platform that empowers enterprises to deliver reliable and secure software. The Sociable spoke to Jai Pradeesh, the co-founder of DeepSource, who recalls how difficult code reviews used to be even when he was working with a small engineering team of about 20 people.

“We kept running into the same frustrating problem during code reviews. We’d point out the same issues again and again,” he remembers.

Not only was the process tedious, but it also got worse when onboarding new team members.

“We’d end up repeating ourselves like a broken record. On top of that, when we tackled big features, the pressure to move fast meant code reviews often weren’t as thorough as they should’ve been, and bugs would slip through the cracks. We tried cobbling together open-source tools and linters, but it was a clunky mess, hardly a solution. I figured if this was a pain point for a small team like ours, it had to be a nightmare for larger ones,” he adds.

Looking back at the pre-2010s, Continuous Integration and Continuous Delivery (CI/CD) was like a complex beast only big companies could tame, until companies like Travis CI came along and made it accessible to everyone, driving massive adoption. That’s what inspired Pradeesh and his co-founder Sanket Saurav, “We wanted to do for code quality and security scanning what Travis CI did for CI/CD, make it simple, scalable, and a no-brainer for teams of all sizes,” he says.

DeepSource is a code health platform that gives organizations all the tools they need to write maintainable and secure code to improve their software’s stability and increase developer velocity. Their customers include startups to Fortune 500s, such as Visa, Ancestry, Babbel, Intel, Aritzia and more. A unified DevSecOps platform, DeepSource can secure an entire development lifecycle with static analysis and AI, from code quality and SAST, to open-source security. Trusted by more than 6,000+ companies, the startup recently introduced DeepSource SCA, an open-source security and license compliance, with reachability analysis, Autofix™ AI, and transparent pricing.

Pradeesh’s journey in technology began in 2013 as an open-source contributor, where he made notable contributions to the Firefox OS project, particularly around hardware abstraction APIs. His deep involvement led him to become a senior application reviewer for the Firefox OS Marketplace at Mozilla, where he collaborated with the engineering team to review code for hosted and privileged web apps. 

He was also instrumental in bringing Firefox OS to India, working closely with OEM partners to integrate the mobile OS into devices. In 2015, Pradeesh joined DoSelect as one of its early team members, taking on the role of Technical Lead. There, he architected key systems, including an on-demand container orchestrator for code assessments and a web-based IDE equipped with a virtual file system for real-time, collaborative coding. Before co-founding DeepSource, these experiences shaped his strong foundation in developer tools and platform engineering.

The challenges for developer tooling startups

Bringing this vision to life was not without challenges. On the technical side, creating a source code analysis platform meant Pradeesh and his team had to support all the major programming languages out there. That wasn’t just a matter of writing standard application code and logic, it meant hiring specialized engineers for each language, which was a logistical puzzle. 

“Talent like that isn’t easy to find and coordinating it all was a challenge,” he recalls.

In 2018, when they stepped into the ecosystem, Bengaluru wasn’t exactly a hotbed for developer tooling startups. 

“Investors here weren’t used to betting on companies like ours, so raising money felt like an uphill battle. We had to prove ourselves in a space where the playbook wasn’t written yet,” he says.

The game changer for both founders happened when they got into Y Combinator’s Winter 2020 batch, but it didn’t happen overnight, says Pradeesh.

“It took three tries. The first time, we just had an idea and got a polite “no.” The second time, we had a product, got an interview, but it wasn’t enough to get accepted. By the third try, we had users, traction, and a story to tell, and that’s what got us in,” he recalls.

Under Pradeesh’s guidance, DeepSource emerged from the Y Combinator W20 batch and went on to raise over US$7.7 M from leading investors including YC Continuity, 645 Ventures, and Pioneer Fund, firmly establishing itself as a rising force in the DevSecOps landscape. Today, Pradeesh is spearheading the integration of Large Language Models into the platform, with a focus on Autofix AI, an innovative feature that automatically detects and resolves issues related to code quality, performance, and security. 

“As a first-time founder, YC was like a crash course in building a company. The partners, who had worked with thousands of startups and its founders, gave us sharp, practical, and no-nonsense advice on a daily basis, which gave us a framework to operate by, how to prioritize, how to talk to users, how to think about growth. It shaped me into a leader who’s obsessive about clarity and execution,” he gushes with pride.

Turning point 

After the Y Combinator stint, the duo moved to the Bay Area, in San Francisco, California, and nothing was ever the same again.

“That move, even temporarily in the beginning, was a massive pivot for us. It was like stepping into a different world. San Francisco is buzzing with tech events almost every night, meetups, talks, you name it. We’d show up, demo DeepSource to code maintainers and speakers, and get real-time feedback,” he says.

That hustle paid off when the team landed their first big-name users like Uber and Slack. 

“Seeing their engineering teams adopt DeepSource for their open-source projects was a huge validation. It was proof we were onto something. Plus, it gave us the momentum to raise our pre-seed round from angel investors in under three months. That move opened doors we couldn’t have cracked from Bengaluru alone,” he adds.

AI in DevSecOps?

According to GitHub, 97% of developers worldwide reported using AI coding tools at work at some point. As DevSecOps becomes the norm in the world of emerging technologies, AI has the ability to enhance it by analyzing code and committing histories to identify security vulnerabilities and outliers. 

Pradeesh says he is definitely excited about AI, “The speed at which AI is taking off since large language models hit the scene is mind-blowing. It’s not just hype; there’s real potential to transform industries if it’s done right.”

As these tools continue to learn, they improve threat detection. The use of machine learning (ML) algorithms for real-time pattern analysis streamlines the identification of potentially malicious actions, giving developers a chance to deal with them right away, considerably bringing the time to resolution. That doesn’t mean humans are out of the loop though.

“Beyond coding, I’m excited about AI’s potential, but I think the key is a slow-and-steady approach with humans in the loop. In the coding world, AI’s ability to crank out code is incredible, but it’s not perfect. These models still screw up sometimes, and in sensitive fields like finance or healthcare, or anywhere, security is on the line, those mistakes can be brutal if they’re not caught early. As AI writes more code (and that’s definitely the direction we’re heading), tools like DeepSource become the gatekeepers, making sure sloppy code doesn’t sneak in and tank a business,” he reassures.

Advice to today’s founders

At DeepSource, Pradeesh was the chief architect behind the core infrastructure of its static analysis platform, establishing the technical backbone that powers the company today. As the driving force behind security and source code analysis, he has led the development of advanced security capabilities that help enterprises ship software with fewer vulnerabilities and greater confidence. His advice to today’s founders is to pick a niche and absolutely nail it. 

“Build something exceptional that solves a real problem for a specific group. You can branch out later but start by being the best at one thing. In tech and AI, models are getting commoditized fast, so the real edge comes from the value you deliver, not just the tech itself,” he says.

He also advises first-time founders to lean into programs like YC if possible. 

“They’re gold for structure and learning what to avoid,” he says.

He adds that it’s also a good idea, if possible, to spend some time in the Bay Area, even if just for a stint, “It’s a pressure cooker of ideas and connections that can fast-track your validation and growth. At the end of the day, it’s about staying focused and shipping something people can’t live without.”

Disclosure: This article mentions a client of an Espacio portfolio company.