Semmle is a code analysis platform for finding zero-days and automating variant analysis. Semmle’s semantic code analysis engine allows developers to write queries that identify code patterns in large codebases and search for vulnerabilities and their variants. Semmle is used by Google, Uber, Microsoft, and many open source projects to improve security of products and services.
Microsoft’s Github today announced the acquisition Semmle. This acquisition will help Semmle reach more developers. Semmle mentioned that there will be no disruption to existing users of Semmle products. You can expect deeper integration of Semmle with GitHub’s existing product line in the coming months. Semmle also revealed that LGTM.com will continue to be available for free for public repositories and open source.
Security researchers use Semmle to quickly find vulnerabilities in code with simple declarative queries. These teams then share their queries with the Semmle community to improve the safety of code in other codebases. Software security is a community effort; no single company can find every vulnerability or secure the open source supply chain behind everyone’s code. Semmle’s community-driven approach to identifying and preventing security vulnerabilities is the very best way forward. – Nat Friedman from Microsoft.
You can read more about this acquisition from the source link below.