The code analysis platform provider Semmle wants to expand its reach with the announcement that it is joining GitHub. Together, the companies will work on addressing a big issue in open-source software: security.
RELATED CONTENT: Going to school on open-source security
“Software security is a community effort; no single company can find every vulnerability or secure the open source supply chain behind everyone’s code. Semmle’s community-driven approach to identifying and preventing security vulnerabilities is the very best way forward,” Nat Friedman, CEO of GitHub, wrote in a blog post.
Semmle’s code analysis engine works to help developers write queries, identify code patterns, and search for vulnerabilities. It also allows security researchers to share queries with the Semmle community in order to help improve the security of other codebases.
Semmle’s co-founder and CEO Oege de Moor explained GitHub was a natural fit for the company because of its open-source community and platform for maintainers to collaborate. “GitHub’s recent moves to secure the ecosystem (with maintainer security advisories, automated security fixes, token scanning, and many other advances in secure development) are all pieces of the same puzzle. The Semmle vision and technology belong at GitHub,” he wrote in a post.
Existing Semmle users should not experience any disruption. The company’s continuous security analysis LGTM will continue to be available for free and open source, and it will continue to conduct its own open-source security research. In addition, Semmle plans on providing deeper integration with GitHub’s existing product portfolio.