By Nicolas Beguier & Fabien MartinezOffensive & Defensive Security Engineers

UFO — Our new HQ in Paris, FR.

Not everyone is an AWS expert. The CLI is good to find something specific, but finding misconfiguration or vulnerabilities is really hard.

The web interface is probably more intuitive, but it’s unrealistic to build some automation on the top of it.

AWS still gives us some help to manage our account, the AWS Trusted Advisor for example.

AWS Trusted Advisor

AWS Trusted Advisor’s purpose is to help customers follow general AWS best practices.

It will do a lot of checks like:

  • Performance
  • Security

And there are a lot…

By Jérémy Smadja (DevOps/SRE)

An “expected” journey…

33 000 000 is the approximate number of ads available on Because a classic user search cannot always be matched with perfectly relevant ads during a session, it is very helpful to build a recommendation system to automatically expose ads based on the user ad view history. Early 2019 is the beginning of this new machine learning project, and leboncoin was on its way to move its entire infrastructure to AWS.

The first recommendation infrastructure was built around three tools:

By Christian Kula (Android developer)

For this second part of our series of Our Day-to-Day Guide to Productivity for Android developers, let’s talk about Code Editor and Git tips and tricks.

You may know some, you may not know others. In any case, feel free to share them!

Android Studio

Since we use Android Studio everyday, it’s very important to know how to use our tools in order to perform better. Also, since Android Studio is powered by the IntelliJ platform, most of these tricks can be used in other IntelliJ-based IDEs!


The IntelliJ editor is very powerful. Besides basic “Find &…

By Nicolas Béguier (Offensive & Defensive Security Engineer)

Static Application Security Testing (SAST) is a set of technologies designed to analyze application and design conditions that indicate security vulnerabilities. SAST solutions analyze an application in a state of non-execution.

Working in a white box environment provides a better understanding of the application and the interaction between all of its components. In contrast, black box testing of a running application is also called Dynamic Application Security Testing (DAST) and will not be detailed in this article.

Why we need a SAST

Checking each commit and blocking them in case of vulnerability sounds perfect, avoiding false positive…

By Thibaut Sabot (Lead Frontend Engineer)

Over the years, web users’ needs and expectations changed. Nowadays we expect a highly responsive, good-looking and attractive website. “It just works” is far from being enough anymore.

Technically, is nothing like the old version that we started 15 years ago. We kept the good old spirit, our cultures goals and our amazing user base, but internally leboncoin changed a lot during those years.

The fast-pace of new frontend frameworks is making us rethink how we approach these new technological challenges.

Today we are more than 40 web developers divided into 20 feature…

By Christian Kula (Android developer)

The ever growing leboncoin’s user base requires us to be more effective in order to be able to deliver new features quickly. Tools, frameworks and languages are constantly evolving so it’s important for us to choose wisely in order to improve our development workflow.

In this series of articles, I’ll show you some tips & tricks we use every day at leboncoin as Android developers.

This series is definitely not the an Ultimate Guide but rather a collection of handy little things that make our everyday life easier.

You may know some, you may not…

By Julien Jouhault (CTO of Groupe leboncoin)

After all the buzz around Jeremiah Lee’s article “Failed #SquadGoals”, setting Spotify’s organisational miracle recipe as the worst example for tech companies to follow, it felt right that we should share our own experience at leboncoin. In under 2 years, we implemented the model all the while growing from 100 to over 250 engineers, 35 squads and 4 tribes. There was no miracle there either, just a bit of inspiration. …

By Guillaume Chenuet (Infrastructure Lead Engineer)

As you may have noticed by reading our posts, leboncoin is growing fast, more than 250 developers spread across Feature Teams (e.g. search, ads list, identity). But having a lot of developers also means having a reliable workflow to let them develop and deploy as fast as possible. Hopefully, a team is dedicated to these subjects, the Engineering Productivity team, working on workflows and CI/CD pipelines.

To explain this, let’s take an example of a backend commit in our Golang mono-repository. …

by Fabrice Vaillant (Backend Developer) & Christopher Moreau (Backend Developer)

Google trends is really helpful when it comes to analyze global data of the top search queries. In this article, we will explain how we build our own model, and more precisely how we were able to draw a graph of the posted ads popularity in overtime:

By Flavio Gurgel (DBA) & Fabrice Vaillant (Backend Developer)

Most companies start using a single instance of a relational database. It is convenient and can scale quite far. It can store pretty much all required data on it: Admins account, user accounts, product data, but also analytic data and payment.

Since it is a single database, it’s easy to query it and update it anywhere in an application, leading to many cross related tables. If an organization outgrows its single relational database, it has to untangle those links to give independence to all teams.

Leboncoin started with a single PostgreSQL…


French leader of Classified Ads —

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store