Microsoft’s GitHub took over Semmle, a San Francisco based coding analysis platform vendor. The amount is not disclosed by Microsoft yet. Semmle will be a part of the GitHub business, as reported by both the companies.
Semmle was launched in 2016 so that source code should also be questioned like any other type of data. Semmle products have been used by Uber, Google, NASA, Microsoft and “many open source projects” to improve the security of the platforms according to a blog post by Semmle.
QL one of the products of Semmle helps to analyze the code and remove all the critical vulnerabilities before it becomes a problem. It is an automated tool which helps the product security teams.
“By automating variant analysis, QL enables product security teams to find zero-days and variants of critical vulnerabilities,” as quoted on the company’s website. Another product LGTM is helpful for the developers for the security of the product. The company claims to identify the error in the code. Every time the user makes a change in the code LGTM runs a series of test to prevent the code from being stuck during the production stage.
“LGTM automatically analyses every commit to identify vulnerabilities early and enable developers to prevent zero-days from reaching production,” says the company’s website.
Semmle customers will not face any disruption due to the acquisition.
From Semmle’s blog post about the purchase, “GitHub and Semmle are deeply committed to securing the open-source ecosystem, and as part of that commitment, LGTM.com will continue to be available for free for public repositories and open source.”
Also added “We’ll also continue our open source security research, which to date has yielded 107 CVEs in high-profile projects like UBoot, Apache Struts, the Linux Kernel, Memcached, VLC, and Apple‘s XNU. Of course, there are incredible opportunities where deeper integration with GitHub’s existing product line will deliver additional value-watch this space!”