Microsoft subsidiary GitHub has bought code analysis engine Semmle. The latter is a semantic code analysis engine that helps developers to write queries that identify code patterns in large codebases & search for vulnerabilities & their variants. It has clients like Uber, NASA, Microsoft, Google, & has helped find thousands of vulnerabilities in some of the largest codebases.
Github had this to say on its blog:
Security researchers use Semmle to quickly find vulnerabilities in code with simple declarative queries. These teams then share their queries with the Semmle community to improve the safety of code in other codebases. Software security is a community effort; no single company can find every vulnerability or secure the open source supply chain behind everyone’s code. Semmle’s community-driven approach to identifying and preventing security vulnerabilities is the very best way forward.
