GitHub, a subsidiary of Microsoft, has recently acquired code analysis platform provider Semmle for an undisclosed sum. The GitHub team apparently intends to integrate Semmle closely into the GitHub workflow.  

Shanku Niyogi, GitHub’s Senior VP of Product, said that just as relational databases help answer very sophisticated questions pertaining to data, Semmle makes it easier for developers and researchers to discover potential security vulnerabilities in large codebases much faster.

Majority of vulnerabilities often involve the same type of coding errors as their root cause. Semmle helps identify all variations of an error, eliminating a whole class of errors. This approach enables developers to track down a large number of issues with minimum false positives, Niyogi added.

Semmle CEO and co-founder Oege De Moor commented that GitHub is the one platform where developers of open-source find their building blocks and where open-source developers and security experts collaborate.

The Semmle technology and vision belong at GitHub, De Moor remarked.

About Semmle

For the uninitiated, Semmle’s tools help software developers and security researchers track down potential vulnerabilities in their code. The platform provides a query language that allows developers to test their code using Semmle’s analysis engine, which greatly reduces the time and effort required for manual security testing.

Sources with relevant information reported that Semmle was officially launched in 2018 through a $21 million Series B funding round led by Accel. The company had managed to raise close to $31 million prior to this acquisition.

Evidently, multinational tech majors including NASA, Microsoft, Google and Uber currently use Semmle’s code analysis tools that offer project tracking, automated code reviews and security alerts. The platform is available for free for open-source projects.

Microsoft’s acquisition of Pull Panda

Microsoft had reportedly acquired GitHub tool vendor Pull Panda in June with the apparent aim to boost code-review workflows and performance.

The Washington-based software giant had evidently integrated each of the three Pull Panda tools, which are Pull Analytics, Pull Assigner and Pull Reminders, into one exclusive GitHub Marketplace application called Pull Panda.

Records confirm that Microsoft had taken over the San Francisco-headquartered development platform GitHub in June 2018. GitHub offers the entire source code management (SCM) and distributed version control functionality of Git along with its own features.

Source Credit: https://techcrunch.com/2019/09/18/github-acquires-code-analysis-tool-semmle/