GITHUB HAS SNAPPED-UP San Francisco startup Semmle with the goal of boosting its public and enterprise code repositories with the company's code analysis engine.
Semmle's code analysis tool is apparently unique in how it can make sense of complex data structures and spot a wide variety of mistakes in code. It peruses codebases for things like security vulnerabilities and known exploits, thereby helping developers to avoid baking in security holes and bugs into their apps and software, as well as to spot variations of vulnerabilities that they could be introducing in their code.
All this means that when open source code ends up on a GitHub repository, users can have a reasonable amount of confidence that it's secure.
Semmie's tech will be integrated into GitHub's Actions tool, with the code-combing tech to be spread across GitHub's repositories.
"GitHub is the one place where the community meets, where security experts and open source maintainers collaborate, and where the consumers of open source find their building blocks," said Semmle.
"GitHub's recent moves to secure the ecosystem (with maintainer security advisories, automated security fixes, token scanning, and many other advances in secure development) are all pieces of the same puzzle. The Semmle vision and technology belong at GitHub."
Being bought up by GitHub, which itself was recently acquired by Microsoft, won't mark the end of Semmle, as the company said it'll keep supporting its products across public But we can expect to see the tighter intergeneration with GitHub become front-and-centre.
And that's about it. We don't know how much GitHub paid for Semmle, as the details of the deal weren't disclosed. But we reckon it must have been a reasonable amount as the vibe from Semmle's blog on the announcement seems pretty positive.
The whole thing should also help GitHub's security get further bolstered, as well as augmenting the tools it has on offer for code reviewing. µ
Firm's first high-end speaker gets the thumbs up from us
Yes. Yes you can
A fantastic ultraportable that's almost devoid of innovation
Screen if you want to go faster