What you need to know
- Microsoft today announced that it has acquired Semmle and plans to integrate its team with GitHub.
- Semmle is the company behind a code analysis engine used by NASA, Microsoft, Google, and more.
- Semmle's tools have been used to find vulnerabilities "some of the largest codebases in the world," Microsoft says.
Microsoft announced the acquisition of Semmle, a company that develops code analysis tools for companies and organizations ranging from NASA and Microsoft to Google and Microsoft. Semmle will join GitHub, which Microsoft acquired last year for 7.5 billion.
Semmle began life in 2006 and set out to develop tools that treat "code as data," according to the company's blog post announcing the acquisition. "Semmle's revolutionary semantic code analysis engine allows developers to write queries that identify code patterns in large codebases and search for vulnerabilities and their variants," GitHub explaines in its own blog post.
Security researchers can use Semmle to "quickly find vulnerabilities in code with simple declartive queries," Microsoft says. Those results are then shared through the Semmle community to help improve code quickly across different codebases.
Semmle says that current Semmle users won't see a disruption as part of the acqisition:
On GitHub's side of things, Semmle's platform will see deeper integration throughout the platform.
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.