Semgrep’s core static‑analysis engine runs in OCaml, a language with a lean ecosystem that leaves observability tooling scarce. Facing that gap, the team built a continuous profiler—Pyro Caml 1.0.0—to monitor the tool while it scans hundreds of thousands of repositories. This release promises real‑time performance data without compromising production safety.

Continuous profiling differs from traditional tools by running inside production sandboxes, sending samples back to a central store. Semgrep’s scans execute under gVisor, which blocks the perf_event_open syscall that most profilers rely on, and existing OCaml profilers add heavy overhead. A lightweight, safe profiler is essential to keep the analysis engine responsive while collecting actionable metrics.

Pyro Caml samples call stacks via Memprof, leveraging OCaml’s Printexc.get_callstack instead of fragile DWARF parsing. A PPX macro injects sampling points, but statistical sampling keeps overhead flat, around 5%. The data streams to the Pyroscope SDK, which already runs in the company’s Grafana stack, enabling quick visualisation and alerting without altering Semgrep’s core logic. Users receive dashboards that correlate stack samples with execution time.