Microsoft has acquired Semmle, a company behind a code analysis engine, whose tools will be used on GithHub, which the tech giant bought for a whopping $7.5 billion last year. Semmle’s developed code analysis tools are used by prolific organizations like Microsoft, Google, NASA, and Uber. The price of the acquisition is kept in wraps.
GitHub explained in its blog post, “Semmle’s revolutionary semantic code analysis engine allows developers to write queries that identify code patterns in large codebases and search for vulnerabilities and their variants.”
Semmle can be used by security researchers to “quickly find vulnerabilities in code with simple declarative queries,” according to Microsoft. The results are shared through Semmle community which will aid in the improvement of the code promptly across different codebases.
Semmle says, “GitHub and Semmle are deeply committed to securing the open-source ecosystem, and as part of that commitment, LGTM.com will continue to be available for free for public repositories and open source. We’ll also continue our open source security research, which to date has yielded 107 CVEs in high-profile projects like UBoot, Apache Struts, the Linux Kernel, Memcached, VLC, and Apple’s XNU.”
“GitHub is the one place where the community meets, where security experts and open-source maintainers collaborate, and where the consumers of open source find their building blocks,” says Semmle CEO and co-founder Oege De Moor. “GitHub’s recent moves to secure the ecosystem (with maintainer security advisories, automated security fixes, token scanning and many other advances in secure development) are all pieces of the same puzzle. The Semmle vision and technology belong at GitHub.”