GitHub Obtains Vulnerability Detection Company Semmle

Software development platform GitHub recently welcomed Semmle into its family, reports The Next Web. Semmle offers automated services that allow clients to find vulnerabilities in their programs through code analysis. No agreement terms were revealed by both parties.

With Google, Microsoft, NASA, Nasdaq and Uber as clients, GitHub aims to make Semmle’s services available via GitHub Actions. This would allow clients to detect mistakes and bugs in their code, as well as prevent its reoccurrence.

Semmle’s automated code analysis utilizes the programming language QL. The company also uses QL in its Looks Good to Me (LGTM) service. LGTM is an analytics product that allows users to get feedback and suggestions for their software while spotting possible vulnerabilities.

GitHub aims to use its new acquisition to enable the investigation and addressing of security issues in open-source developments. The company also seeks to spread awareness about these matters. Ultimately, the goal of this enhancement is to “incentivize developers in securing software.”

ADVERTISEMENT

GitHub Obtains Vulnerability Detection Company Semmle

Aside from its acquisition of Semmle, the company also revealed its status as a Common Vulnerabilities Exposures (CVE) Numbering Authority. This gives GitHub capacity to “assign identifiers to new security flaws as and when they are discovered on the platform.”

The use of Semmle’s automated analytics makes the San Francisco-based firm’s position stronger. With its code analysis and LGTM functions, “every CVE-ID can be associated with a Semmle QL query.” This enables the larger developer community to share, access and track the queries.

With the integration of Semmle’s services into GitHub’s platform, users are able to detect “hundreds of CVEs in open-source projects.” This covers various browsers including Google’s Chromium, Microsoft’s Edge and Linux’ Ubuntu.

GitHub has been acquired by Microsoft, allowing the tech giant to improve its tools for evaluating and assessing codes. Aside from the open-source development platform, Microsoft also obtained Pull Panda to further enhance such tools. Today, the firm has been offering developers “an infrastructure to crease secure software that follows the best software practices.”

ADVERTISEMENT

Since its integration into Microsoft, GitHub has become a “full-fledged version control system.” It has also become the largest database for open-source software hosting. As of this writing, the company has 2.1 million business and organizations that use its services.

Semmle’s entry into this array only strengthens GitHub’s and in turn, Microsoft’s campaign toward creating useful development tools. This includes functions that streamline the software development process and vulnerabilities detection.

ADVERTISEMENT