Microsoft is obtaining Semmle, a San Francisco-based code-analysis platform seller, for an undisclosed quantity. Microsoft plans to make Semmle a part of its GitHub trade, the 2 corporations stated on September 18.
Semmle used to be based in 2006, with the concept querying supply code will have to paintings like some other form of knowledge. Since then, its merchandise were utilized by Google, Uber, NASA and Microsoft and “many open supply tasks” within the identify of bettering safety, in line with a weblog put up through Semmle.
Semmle lists as its merchandise QL, which supplies computerized variant evaluation to assist product safety groups to find zero-days and variants of crucial vulnerabilities; and LGTM, which supplies steady safety evaluation for builders.
Semmle officers stated there will probably be no disruption to present Semmle shoppers, even with the deliberate “tight integration with GitHub’s present product vary.”
From Semmle’s weblog put up concerning the acquire:
“GitHub and Semmle are deeply dedicated to securing the open supply ecosystem, and as a part of that dedication, LGTM.com will proceed to be to be had free of charge for public repositories and open supply. We’re going to additionally proceed our open supply safety analysis, which up to now has yielded 107 CVEs in high-profile tasks like UBoot, Apache Struts, the Linux Kernel, Memcached, VLC, and Apple’s XNU. After all there are unbelievable alternatives the place deeper integration with GitHub’s present product line will ship further value-watch this house!”
Microsoft purchased GitHub in 2018 for $7.five billion.