Our inaugural Semmle user group with Uber

March 28, 2019


Reading time

We recently had our first Semmle User Group (SUG) meetup, and it was a big success. First off, I want to give a big thank you to everyone who attended, especially Uber for providing a space and helping to make this meetup possible. I also want to give an extra special thanks to Martin Georgiev of Uber, who did a wonderful job MC'ing the event. Our goal with the SUGs is to bring Semmle enthusiasts together, to build and grow the Semmle user community. The SUG is a place where where users can interact with their peers, learn how to best utilize QL and LGTM, and have a direct line of communication to the Semmle team. We want to provide a platform where users are able to jointly discuss issues and learn tips and tricks from one another. We want these events to be user-driven and hosted by Semmle users, to ensure that the users build this community together. If Semmle's users build the community themselves, they will also be able to turn to each other for query writing help, problem solving, and troubleshooting.

The night started with pizza and beer, and time for everyone to arrive, settle in, and meet each other. After this, we had four lightning talks for the evening, two from Semmle staff and two from Semmle customers. Once the talks were over, we had a Q&A session, followed by more time for socializing and sharing knowledge.


The talks

The first talk of the evening was by Joel Margolis of Uber, on Automating LGTM Cluster Lifecycle Management. This was a fairly technical talk that dove deep into how Uber has deployed LGTM Enterprise on their own infrastructure. The next customer talk was by Michael Nowak of BlackLine. He gave a talk on Organization-Wide Style and Quality Enforcement Using LGTM. This talk provided excellent examples of how BlackLine uses LGTM with a custom bot to force developers into good coding habits by not allowing them to merge their code until it has zero LGTM alerts. I gave the next talk about Semmle’s new Community Platform. We are building up a new community site for Semmle users to discuss issues, ask questions, find information, learn QL, and interact with one another. We are very excited about bringing the online Semmle user community together. If you are interested in getting updates about the community, you can sign up for updates here. The final talk was by Bas van Schaik, Semmle’s Head of Product. This talk was a look into the future, and lightly touched on a number of features we are currently working on, including greatly increasing the speed of QL and using data science to enhance code analysis.

What went well

The team felt a number of things went exceedingly well for this first user meetup. The users came together and did a great job of making this a real Semmle user event, rather than a Uber event or a Semmle team event. Users also directly interacted with one another without the Semmle team needing to jump in and answer questions. The customer talks excelled at showing how their teams were able to utilize LGTM to provide new tooling and protections to their codebases. The Semmle talks were forward-looking and well received. Customers were also very sincere in their praises of QL and LGTM as tools to simplify their code security processes. Bas’ talk went especially well as it gave wonderful highlights for future features our team is excited about such as: community-driven knowledge, integration into the dev workflow, and combining deep semantic code search and data-science insights. His talk evoked excitement from both prospective customers and current users alike. Finally, the relaxed atmosphere of the event provided ample opportunity for the users to interact and ask questions of each other and the Semmle staff.

What we want to improve for next time

Our first meetup was not without its challenges. We definitely learned a thing or two for next time, (including dealing with a few technical issues) and I am sure our next Semmle User Group will be even better than this one. Aside from the technical issues, we will definitely spend some more of the pre-event time introducing QL and LGTM. A number of attendees were at the meetup by recommendation from a friend or by finding our meetup group online, and were brand new to Semmle’s technology. For such individuals, our future meetups will have a brief demonstration of QL and LGTM. We want to show more use cases of QL and LGTM, especially from current Semmle users who have used our product to tackle their unique security challenges. We also want to encourage more discussion between non-Semmle attendees, as the meetup’s main purpose is to foster connection between users. All in all, the first Semmle User Group went very well though. We look forward to seeing you at the next one.

If you have any ideas for talks you would like to submit for our next SUG, if you would like to help host the next SUG, or if you would like to set up a SUG in your area, please reach out to our team at dev-advocacy@semmle.com.

Note: Post originally published on LGTM.com on March 28, 2019