When Microsoft acquired GitHub last year for $7.5 billion, the code repository was allowed to remain an independent company. Does that mean Microsoft’s latest move is a gift for GitHub? Redmond has announced the acquisition of Semmle, a code analysis provider.
“Semmle’s revolutionary semantic code analysis engine allows developers to write queries that identify code patterns in large codebases and search for vulnerabilities and their variants,” GitHub explains
Semmle develops code analysis tools that can be leveraged by organizations. Among the companies working with Semmle are Google, NASA, and Microsoft itself.
Microsoft says Semmle will now be folded into GitHub, allowing security researchers to “quickly find vulnerabilities in code with simple declartive queries,” Microsoft says. Current Semmle users will not see a disruption in their service, the company says.
Semmle was founded in 2006 and aimed to treat code as a dataset that can be analyzed.
“GitHub and Semmle are deeply committed to securing the open source ecosystem, and as part of that commitment, LGTM.com will continue to be available for free for public repositories and open source. We’ll also continue our open source security research, which to date has yielded 107 CVEs in high-profile projects like UBoot, Apache Struts, the Linux Kernel, Memcached, VLC, and Apple’s XNU.”
This year, Microsoft has acquired services to boost the capabilities of GitHub. In July, Pull Panda was purchased to boost analytics and remainders. The purchase came shortly after the purchase of Dependabot in June, and changes to enable unlimited free public repositories.
Dependabot is an open source service that allows users to automate dependency updates in their solutions.
The tool has been integrated into GitHub for dev’s to use. The company says the new app searches dependencies in a project for security vulnerabilities and updates them automatically to newer versions.