A new open source startup is setting out to help software development teams glean deeper insights from their codebases, using SQL to query all the data sources they use in the software building process.
MergeStat, as the startup is known, has flown under the radar until now, but with plans to launch a commercial product on top of its existing open source project, the company today announced a $1.2 million pre-seed round of funding and gave some insights on where it is and where it’s going in the months ahead.
For context, MergeStat’s origins can be traced back to mid-2020 when the first commits to a project called Gitqlite were made, which was essentially an experiment that brought together SQLite and Git to make it easier to query historical data in code repositories.
“At the time, I was very interested in exploring the history of source code to learn about legacy codebases I was working in,” MergeStat founder and CEO Patrick DeVivo explained to TechCrunch. “Could Git history be used to determine the best people to contact for questions about certain features or parts of a codebase? As a way to identify ‘experts’ in certain areas of code, and provide aggregated context around who was responsible for what parts of the source code? Similarly, could it surface areas of high risk that were dependent on someone who no longer works on a project?”
In essence, it’s all about diving into code history — this includes querying basic elements such as commit history and displaying author metadata via the “Git blame” command, but its intention is to go far beyond this and enable developers to leverage SQL to ask questions about the code itself.
“Operational analytics”
Fast-forward to April 2021, and the commercial MergeStat company was officially born, with DeVivo going on to lure Josue Lopez from cloud giant Equinix to serve as chief operating officer (COO), as well as official co-founder.
“This has led us to where we are today, where our mission is to support operational analytics for software engineering teams,” DeVivo said. “If it’s involved in building or shipping software, we’d like to make it possible to query with SQL.”
Essentially, any tool that works with PostgreSQL — including most business intelligence (BI) and data visualization tools — works with MergeStat. The platform itself includes a management interface and a PostgreSQL database, with MergeStat synchronizing data from various software development lifecycle (SDLC) sources into the main PostgreSQL database. Users can then query that data from within MergeStat’s app, or connect it to a third-party tool such as Grafana, Tableau or Superset.
But what are the kinds of use cases that MergeStat might support? Well, at its core it’s about garnering insights from information that may be spread across different codebases and developer teams. For example, if a manager at a large enterprise wants to know how many teams — and which teams — have adopted a new tool, or how many codebases use a specific version of a programming language or library, they can use MergeStat to ask that. Alternatively, they might want to extract all the third-party dependencies or configuration file values, and again MergeStat could help here.
Knowing the answers to such questions are vitally important if a company is conducting a huge migration project, or if they’re figuring out their potential attack surface area where there is a known vulnerability in a particular dependency.
Other potential use cases include auditing and compliance, so that companies can follow proper procedures and best practices as part of a regulatory framework. For example, a service provider might need to demonstrate that they are properly managing their customers’ data as part of a SOC 2 audit — MergeStat can be used to gather and present this evidence, showing who has accessed a specific file or who has modified what code.
Competitive landscape
It’s worth pointing out here that it’s already possible to get answers to these questions, but this typically involves a manual process involving multiple screens and tools, and copying text into spreadsheets, which can be a resource-intensive process. MergeStat automates much of it by allowing engineers to ask questions via SQL, and viewing answers in dashboards, reports and alerts through BI tools.
“MergeStat can continuously answer these questions, as teams go about their normal work — the underlying data MergeStat accesses changes to reflect the updated state,” DeVivo added.
There are also many SaaS tools out there that fulfill at least one segment of what MergeStat promises. For instance, engineering metrics is covered by the likes of LinearB or Jellyfish, while code search is a core component of Sourcegraph and GitHub itself. And in the audit and compliance sphere, there is Drata, Vanta and Laika, which integrate with GitHub for evidence gathering.
While these all bring value, MergeStat is betting that many engineering leads don’t want pre-built “canned” metrics and charts around subjective concepts such as “velocity” or “productivity.” MergeStat posits that many would prefer access to the underlying data across the software development lifecycle, with the flexibility to query it in ways that are relevant to their specific organization and use case.
“Every organization is different, and we believe giving them tools to work with their data, to craft more specific questions, leads to better outcomes,” DeVivo said. “We are positioning ourselves as a data infrastructure product and believe that giving ‘lower level’ access to the data involved in building and shipping software is generally useful for engineering organizations to operationalize it.”
Being open source, of course, is also a big part of MergeStat’s flexibility promise. It gives companies full control of their data and deployment, while they are able to slice-and-dice it however they see fit — locally on a laptop, if they like — to figure it all out before going all-in.
What’s next
While MergeStat is still pretty much an open source project for now, the company is currently working on a hosted cloud product and an enterprise-focused incarnation that can be self-hosted or deployed on any cloud of the customer’s choosing. Much of this will be built around its recently announced “PostgreSQL approach,” which involves synchronizing data into a Postgres database for powering queries further downstream.
In the build up to its commercial launch, MergeStat said that it’s already working with “a number of companies” in early tests, including the team at Equinix Metal, which DeVivo says is currently using a self-hosted MergeStat instance across 800 repositories.
MergeStat’s pre-seed round was led by OSS Capital, with participation from Caffeinated Capital and a slew of angel investors.
Comment