Codeburner – security-focused static code analysis for everyone

at March 11th, 2016


Last year, the Application Security team set out to improve upon a challenging situation: with a single security team and such a large developer community, how do we keep on top of security analysis for the ever-increasing mountain of code?

The answer came about as the result of a GeekOn project to trigger automated static code analysis based on internal deployment notifications.

After some time in development adding features and getting things just right, we’re proud to announce the open source release of Codeburner!

What is Codeburner?

Codeburner uses the OWASP pipeline project to run multiple open source and commercial static analysis tools against your code, and provides a unified web interface to sort and act on the issues it finds.

Since the core backend and scanning engine is built on Rails, Codeburner also provides a full REST API for easy integration with other tools or an existing CI process.

Key Features:

  • Asynchronous scanning (via sidekiq) that scales
  • Advanced false positive filtering
  • Publish issues via GitHub or JIRA
  • Track statistics and graph security trends in your applications
  • Integrates with a variety of open source and commercial scanning tools
  • Full REST API for extension and integration with other tools, CI processes, etc.


You can find full documentation for Codeburner at

Get Involved!

If you’d like to contribute, fork us on GitHub and check out the Developer Guide.

Girl Scouts explore the world of STEM at Groupon’s 4th Scout Out Engineering

at February 15th, 2016


This President’s Day, we welcomed 100 3rd – 6th grade scouts to Groupon, 85 in our Chicago office and 15 in Palo Alto, with the support of almost 50 employee volunteers from the Engineering and Product teams. Throughout the day, the girls got to work with our technical employees to walk through activities on, practice the process of iteration in a hands-on bridge building activity, hear from a panel of female employees, and say hello to our friends across the country all while earning their very own “Scout Out Engineering” merit badge.

_1060225 copy

Chicago volunteer and Software Development Engineer, Shilpa, mentioned, “It’s exciting to see so many young girls here, because I don’t want to be the only girl on the Engineering team. Diversity on our Engineering teams is so important. People solve problems that they can see; and when we have diverse teams, we are more likely to solve a problem from multiple angles and build a better product.”

_1060334 copy

I could not be more proud of the work that employee volunteers have done to grow this program as we’ve traditionally hosted Scout Out Engineering in October with one event in Chicago – and this year, we have had so much excitement around supporting STEM Education and women in technology that we added a February event to the calendar and expanded programming to the west coast.

_1060386 copy

In addition to expanding the program, this year, even the grown-ups got in on the fun as we know it’s so important for students to have the opportunity to continue learning outside of the classroom. Girl Scout Moms, Diana and Carmen, hopped on, and they were hooked. “As Girl Scout parents and troop leaders, this type of program helps our girls to see themselves as the engineers of tomorrow. It gives the girls the opportunity to see different types of STEM careers and meet a number of grown up scouts in the jobs that they could fill in the future. It was fun to hear the girls saying ‘I want to do this when I grow up!’ as they worked with the Groupon volunteers.” both moms stated.

_1060417 copy

Palo Alto volunteer and fellow Software Development Engineer, Sarah, said, “It’s really cool to see girls have the opportunity to be immersed into this kind of environment at such a young age. Growing up, I didn’t have opportunities to meet people like me, so I’m excited to volunteer and help open the doors for young girls to stay interested in STEM.”

STEM Education is an area that Groupon’s Social Responsibility team has committed to as we work to help people and communities thrive and prosper. Our portfolio of community initiatives is designed to help us achieve greater impact and value for society, our employees and the business. Our hope for STEM Education is for more students in diverse and under-served communities to have access and be inspired to pursue education and careers in science, technology, engineering, and math. We are excited to continue this work with the Girl Scouts and show them how cool technology really is!

_1060431 (1) copy

Geekfest Palo Alto Meetup: Machine Learning from Lukas Biewald

at January 15th, 2016

Screen Shot 2016-01-15 at 4.02.33 PM

Groupon’s Palo Alto office is excited to be the newest chapter participating in Geekfest! Our first talk in this monthly series will be from Lukas Biewald of Crowdflower. Lukas will be speaking about machine learning, active learning and human in the loop computing; exploring how artificial intelligence systems interact with human intelligence systems.

The event is Tuesday evening, January 19th at the Groupon office in Palo Alto. See our Meetup page for details and to RSVP.

Geekfest is a technology-agnostic software developer meetup. We strive to have both technical presentations as well as presentations about intra- and inter-personal relationships. We have chapters in Chicago, Seattle and now Palo Alto. If you are interested in speaking at Geekfest please email us at

Hope to see you there on Tuesday!

Kill Bill Metrics

at December 3rd, 2015

Thank you to Kofi Jedamzik for contributing to this project and blog post.

CyberSource rate

Status quo

At Groupon, the majority of applications use a system called Grapher for monitoring. It can plot simple rrd graphs with one minute resolution. However, during the Kill Bill migration, we encountered multiple deficiencies with the existing solution:

  • Grapher offers limited support for templates, which makes it difficult to reuse and maintain the rrd graph definitions.
  • Timerange and Timezone are stored in a cookie, thus sharing the graph link will most likely lead to a different graph (so we ended up sharing screenshots).
  • It is time consuming to change and add new metrics because most of them are based on Splunk searches or cron jobs.
  • The biggest deficiency is the high cardinality of our metrics: we need a lot of context around our metrics. For example, we wanted to get notified when a specific payment method in a specific country for a specific client starts failing. But the number of combinations caused capacity problems in our Splunk cluster.

As a result, we started looking for a simple solution to improve the situation. The starting point was the dropwizard metrics library, which has been established as the de facto standard for metrics in Java based applications. The library makes it very easy to measure different metrics within your application. It supports five different metric-types: Gauges, Counters, Histograms, Meters and Timers. You can also use numerous modules to instrument common libraries like Jetty, Logback, Log4j, Apache HttpClient, Ehcache, JDBI and Jersey.

The collected metrics are kept in metric registries, on top of those you can use reporters to publish your metrics: we use the JmxReporter to expose metrics as JMX MBeans and Metrics Servlets to publish the metrics as JSON objects via HTTP.

Storing metrics in a time series database

Additionally, we just started experimenting with InfluxDB. InfluxDB is a new time series database with promising features like tags and fields.

Tags are indexed and allow fast querying by tag values, which should give us the abilities to breakdown numerous attributes. Another noteworthy feature is its mechanism for downsampling stored data, called Continuous Queries: it lets you aggregate and precompute expensive queries on the fly.

Unfortunately, InfluxDB reporting is not yet supported by the metrics library but as InfluxDB supports the graphite line protocol we use the metrics-graphite reporter to stream the metrics directly into InfluxDB. The drawback is that we have to parse the metric name to extract the metadata. This can be done with InfluxDB’s Graphite Plugin which lets you extract tags from metric names by using a template. For example, instead of duration, host=myhost, method=create-payment, country=de value=1234 we send 1234 and configure a template like this: to extract the tags. This feature is a bit limited as you can only use wildcards and the dot separator, regular expressions would be a nice feature for the future.

Visualizing time series

To visualize the time series, we use Grafana. It supports a variety of time series data sources including InfluxDB and has lots of visualization options, for example annotations, which allow you to mark events like restarts or deployments in your graphs.

Dashboard templating lets you create dynamic visualizations, it even supports variables to change query parameters.

Grafana annotations


This stack was easy to deploy and mitigated a few of our pain points. Compared to the rrd graph syntax, it’s very nice to have a full featured graph editor.

Grafana editor

The dashboard definitions can simply be exported and synchronized with other instances via Grafana’s HTTP API. Sharing graphs is not a problem anymore, you can even choose between UTC and the browsers time zone.

But there is still work to do: instead of only creating metrics via Splunk queries, we measure them directly in the application. This makes the whole pipeline less error prone but the drawback is that the aggregation has to take place in InfluxDB or the application. In addition, the need for graphite templates to extract metadata from the metric name means frequent config changes when we change or add new metrics. So, we are currently figuring out what’s the best way to get support for tags and fields into Kill Bill directly.

Groupon Hosting Palo Alto iOS Meetup on tvOS

at November 9th, 2015

We are excited to host the lastest Palo Alto iOS Meetup next week. See details below and hope to see you there!

What: Palo Alto iOS Meetup on Introduction to tvOS
When: Tuesday, November 17
Time: 6:30-9pm
Where: Groupon Office, 3101 Park Blvd, Palo Alto

Details: Eric Hyche from Groupon will be giving a talk on tvOS. Eric has been on the team investigating a possible Groupon tvOS app, and will share his experience with the new platform. He will focus on the differences between tvOS and iOS, and will build a sample tvOS app during the talk.

About the speaker:
Eric has been with the Groupon iOS team since April 2013, and prior to that was a Principal Engineer with Seattle-based RealNetworks. Eric holds a B.S. in Electrical Engineering from Tennessee Tech University and a M.S. in Electrical Engineering from Georgia Tech.

Groupon adds Redis support to the open source Presto analytic engine.

at October 22nd, 2015

Groupon recently added support for Redis to Facebook’s Presto exabyte scale SQL query engine.

Presto is an open source distributed SQL query engine for running interactive analytic queries against various data sources. Redis is an open-source in-memory key-value data server.

The Redis connector allows querying of live data stored in Redis via SQL queries. This can be used to join data between different systems like Redis and Hive in a single SQL statement.

The Redis/Presto capability allows Groupon to provide value for both consumers and merchants by providing real-time insights via matching real-time customer data such as store foot traffic against historical data stored in Apache Hadoop.

Last year Groupon also added Kafka support to Presto.

Groupon Hosting Meetup on Networking in iOS

at October 20th, 2015

We are thrilled to be hosting this month’s Meetup on Networking in iOS NSSURLSEssion and NSStream. The featured speaker will be Manjula Jonnalagadda and she will go in depth about NSURLSession, how it works as well as NSStream APIs and when to use them. There will be plenty of time for questions, networking and tasty drinks and snacks. Please join us! Festivities start tonight (October 20th) at 6:30pm. Meetup Invite, here.

Celebrating Women in Engineering at Grace Hopper

at October 14th, 2015

2015 marks the third year of Groupon’s attendance at the Grace Hopper Celebration of Women in Computing (GHC). Each year, we have encouraged women within our Engineering and Product teams to participate in the conference, which brings together attendees from across the globe in a forum that celebrates diversity and women’s achievements in tech.


Groupon has sent over 60 employees to GHC in Houston, including some who are traveling from as far away as Santiago, Chile. We’ll be on the lookout for new recruits, we’ll be meeting colleagues we’ve only ever seen via video conference, and our employees will be expanding their minds by learning from other individuals who all appreciate the positive impact that diversity can bring to tech.

In a blog post I wrote for Groupon last year, I spoke about the impact that male allies can have in encouraging more women to pursue paths in technical fields. I’m happy to report that we are again joined by several such allies, who will be side by side with us at GHC, supporting their female colleagues and actively listening for ways in which they can help diminish the unconscious bias that exists for women who pursue technical careers.

This bias was recently summed up by a male student of mechanical engineering, who expressed a sentiment that continues to resonate with women who choose to enter STEM fields: even in 2015, women still face sometimes subconscious efforts to dissuade us from these paths. Overcoming those efforts requires public consciousness, including events such as GHC.

I am especially honored to represent Groupon this year at the Student Opportunity Lab. I will be speaking about my own career path, one that has taken many twists and turns. I, too, was a victim of the mentality that girls aren’t as technically gifted as boys, and only once I found myself working for a tech company did I realize the error of my ways. I’ve now spent nearly a decade working in tech, learning from women who are just as successful as men, and discovering my own ability to understand, appreciate, and contribute to technology.

Grace Hopper is a forum that enables us all to think about ways in which we can make tech more inclusive. Groupon’s participation is a testament to our dedication to improve our own diversity and to encourage our employees to constantly strive to be their best. My colleagues from Groupon will certainly be leaving Houston with renewed enthusiasm for innovation, and the knowledge that they are not alone in choosing a career in a technical field. That alone is cause for celebration!


Give a Girl Scout access to technology, and she can change the world

at October 12th, 2015

Today, we opened our doors to welcome eighty-five of Chicagoland’s best and brightest fifth and sixth graders from the Girl Scouts of Greater Chicago and Northwest Indiana for our third annual Scout Out Engineering event.


Thirty-five of Groupon’s technical employees joined in on the fun as volunteers and worked with the girls in a hands-on bridge-building activity to practice iteration and mechanical engineering, walked through beginning and intermediate level coding and software engineering activities on, and took the girls on a scavenger hunt through our headquarters where they spotted such hits as a cat in a space ship, a former Girl Scout working in tech, and even Groupon’s CEO Eric Lefkofsky.

Each year, we are constantly amazed by the girls’ enthusiasm for solving problems, building solutions, and learning all about the careers that women pursue at Groupon; but this year, in particular, was a unique one. This year, we welcomed girls who arrived with a prior knowledge and understanding of the basics of engineering and had already been involved in science, technology, engineering, and math (STEM) programs before coming to Groupon. Year over year, we are seeing more programs emerge for young girls, and we could not be more impressed with what these scouts are learning so early on in their pursuit for passion projects and careers in STEM.


In addition to hosting Scout Out Engineering, this week we will be sending sixty women from Groupon to the Grace Hopper Conference, the world’s largest gathering of women technologists. We hope that one day these scouts will join Groupon attendees in celebrating women in computing!

Groupon is excited to be a part of the community of technology companies working towards inspiring lifelong builders, makers, tinkerers, and innovators – all while earning merit badges and hearing about the latest and greatest cookie selling strategies.

Prepping to ‘Scout Out’ with Groupon!

at October 5th, 2015

For the third year in a row, Groupon is proud to partner with the Girl Scouts of Greater Chicago and Northwest Indiana to Scout Out Engineering. This fall, we’ll be opening the doors of our Chicago headquarters to 75 of the Scout’s best and brightest 5th and 6th graders to join us for a morning of learning about engineering through presentations from our female tech staff, hands on activities and an intro to coding.

Groupon is taking planning as seriously as rationing the last box of thin mints, so this one is going to be good. This year we’re also expanding the program! The Groupon Scout Out Engineering Planning Team is happy to announce that we’ll be welcoming some of the Pacific Northwest’s coolest troops to participate in the Scout Out program at our Seattle office.

Groupon is committed to supporting women in technology at every age, and we’ve designed this program specifically to help spark girls’ interest in engineering through 5th and 6th grade. We know these are the years when there is the highest potential for girls to lose interest in STEM as compared to their male counterparts. We want to show the future innovators and policy makers that technology is not only cool and fun, but also a world where they can thrive … and is so much bigger than typing at a computer in a row of desks.

This effort is largely supported on a volunteer basis, and we’ve got some of the best staff in the biz. Our tech teams donate their time, energy and resources every year to make sure this event goes off without a hitch. It’s a team effort to make sure that the girls leave our office with their Scout Out merit badge in hand, a comprehensive list of resources to continuing their learning and an excitement about pursuing a career in technology. Don’t let the calm, cool and collected demeanor fool you — the Groupon volunteers are equally as excited to be working alongside the scouts and will be earning their merit badge as well.

We’ll let you know how it goes and can’t wait for another action packed day of merit badge earning and super fun tech learning.