In a blog post, GitHub CEO Nat Friedman explained , “Semmle’s revolutionary semantic code analysis engine allows developers to write queries that identify code patterns in large codebases and search for vulnerabilities and their variants.”
He added, “Security researchers use Semmle to quickly find vulnerabilities in code with simple declarative queries.
These teams then share their queries with the Semmle community to improve the safety of code in other codebases.”
The move is the latest in a security race between GitHub and rival repo manager cum DevOps platform GitLab.
GitHub bought DependaBot earlier this year, as well as adding further security features of its own bat.
GitHub’s announcement came a day after GitLab said it had raised $268m, part of which would go to further boosting its security operations.
- GitHub acquires Semmle to help developers spot security vulnerabilitiesTNW
- GitHub buys Semmle to add flaw-spotting code analysis into its repositoriesThe INQUIRER
- Microsoft acquires Semmle to bring its code-analysis tools to GitHubWindows Central
- GitHub Acquires Code Analysis Platform SemmleThurrott.com (blog)
- Microsoft acquires Semmle for an undisclosed amountMorning Tick
- GitHub acquires code analysis tool SemmleTechCrunch
- GitHub acquires Semmle to speed up bug hunting in open source projectsCSO Australia
- Microsoft Acquires Semmle, GitHub Now a CVE Numbering AuthorityBleepingComputer
- Microsoft acquires code-analysis platform vendor SemmleZDNet