
GitHub, the Microsoft-owned open-source code repository, has acquired a startup called Semmle that specializes in helping developers analyze code for vulnerabilities.
Nat Friedman, CEO of GitHub, announced the acquisition in a Wednesday blog post, calling it a "big step in securing the open-source supply chain."
Financial terms of the acquisition were not disclosed.
[Related: ‘Major’ GitHub Outage Briefly Halts Developers]
Friedman said Semmle's "revolutionary" semantic code analysis engine has helped uncover thousands of vulnerabilities "in some of the largest codebases in the world" and is used by security teams at Uber, NASA, Microsoft and Google.
"Security researchers use Semmle to quickly find vulnerabilities in code with simple declarative queries," he wrote. "These teams then share their queries with the Semmle community to improve the safety of code in other codebases."
In a separate blog post, Shanku Niyogi, senior vice president of product at GitHub, said GitHub is now a CVE Numbering Authority, meaning the company can now issue CVEs, or Common Vulnerabilities and Exposures, for security advisories posted on GitHub.
"We’ll be able to issue CVEs for security advisories opened on GitHub, allowing for even broader awareness across the industry," Niyogi wrote.
Friedman said the Semmle team, which includes engineers and security researchers, are joining GitHub with the acquisition, and that Semmle's platform will be made available to all open-source communities and all of GitHub's customers.
"As a community of developers, maintainers and researchers, we can all work together toward more secure software for everyone," he said.
Semmle was founded in 2006 by Julian Tibble, Oege de Moor and Pavel Avgustinov, according to Crunchbase. The San Francisco-based startup had raised a total of $31 million from investors, most recently with a $21 million Series B round from last year.
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

Dell Technologies
Dell Technologies Cloud Learning Center

NPD
Industry Trends 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

Dell Technologies
Dell Technologies Storage Learning Center

BlackBerry
BlackBerry Learning Center

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

APC by Schneider Electric
IoT Platforms 360

Tenable
Cyber Risk 360

StorageCraft
Disaster Recovery Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center

HubStor
Cloud Backup 360

Carbonite
Cloud Storage 360

Comcast
Comcast Business Learning Center

Trend Micro
Managed Security 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center
