Acquisition Pairs Developer-Friendly Source Code Analysis with Full-Spectrum Software Supply Chain Management
Sonatype, the leader in developer-friendly tools for software supply chain management and security, announced the acquisition of MuseDev, an innovative code analysis platform. MuseDev’s core offering automatically analyzes and provides uniquely accurate feedback on each developer pull request, making it easy to find and fix critical security, performance, and reliability bugs during code review.
With the addition of Muse, the Sonatype Nexus platform now offers customers full-spectrum control of the cloud-native software development lifecycle including: first-party source code, third-party open source code, infrastructure as code, and containerized code.
“Beginning today, with the acquisition of MuseDev, we are further expanding our platform to help customers automatically control the quality of code their developers write,” said Wayne Jackson,
Recommended AI News: Kenna Security Expands in Canada, Driven by Triple-Digit Growth
The news comes amid continued record growth for Sonatype. The company now counts 70% of the Fortune 100 as customers and supports more than 2,000 commercial engineering teams. Further, in 2020 Sonatype experienced 35% annual growth in Nexus Repository installs, which now total more than 250,000 instances. Today, the combination of Sonatype’s commercial and open source tools are trusted by nearly 15 million developers around the world.
“We built Muse to provide developers feedback in the same way their teammates do — as comments in code review. Teams adopting this approach are 70 times more likely to fix code quality and security issues,” says Dr. Stephen Magill, CEO of MuseDev. “We’ve always been impressed with Sonatype’s Nexus platform and the company’s long-standing commitment to developer success. We’re truly excited to join them as they strive to bring operational excellence to the management of software supply chains.”
MuseDev was founded as a spin-out of Galois by a team of software developers with a passion for creating tools that help developers write their best code. The team includes deep expertise in static application security testing, machine learning, and semantic code analysis honed on mission critical projects executed at the U.S. Department of Defense, Amazon, and Microsoft.
“As enterprises look to push their development teams to work faster, it becomes imperative to find ways to help developers to move more quickly by automating crucial but time consuming tasks like code analysis,” said Stephen O’Grady, Principal Analyst with RedMonk. “This is exactly what MuseDev is built for, with its ability to automatically analyze each incoming pull request.”
Recommended AI News: Data Projections Launches Learning Academy
Strengthening Software Supply Chain Management with Developer-Friendly Source Code Analysis
The acquisition of MuseDev immediately expands the breadth and depth of Sonatype’s Nexus platform. To achieve coverage across the full spectrum of code performance, reliability, security, and style issues, Muse integrates its 24 pre-configured code analyzers into GitHub, GitLab and Bitbucket. Muse then automatically analyzes each pull request, and provides rapid and accurate visibility into critical bugs within the developer workflow, as comments in code review. Muse analyzers are pre-tuned to minimize false-positive noise to ensure developers focus on the bugs that matter most. Lastly, Muse gives developers clear guidance on how to fix reported bugs that are identified.
Muse analyzers go beyond traditional linting to perform deep code analysis such as interprocedural information flow and thread safety analysis — techniques that were previously only available in tools owned by security. Because Muse feedback is delivered during the peer code review portion of the workflow, it’s easy and natural for developers to fix bugs without hindering innovation velocity. This makes Muse highly complementary to conventional SAST tools that perform deep analysis on compiled applications later in the release cycle.
Finally, to ensure more developers can get started right away, Muse automates the mundane, yet complex, aspects of tool installation and configuration. By providing a simple one-click setup of its advanced code analysis..
Recommended AI News: Central England Co-Op Uses Yext to Level up Its Digital Experience