Welcoming Semmle to GitHub
Today we’re announcing a big step in securing the open source supply chain: we’re welcoming Semmle to the GitHub.
Human progress depends on the open source community. One of the biggest issues facing developers today is how to create and consume open source in a secure and trusted way. And at GitHub, we have a unique opportunity and responsibility to provide the tools, best practices, and infrastructure to make software development secure.
Today we’re announcing a big step in securing the open source supply chain: we’re welcoming Semmle to GitHub.
Semmle’s revolutionary semantic code analysis engine allows developers to write queries that identify code patterns in large codebases and search for vulnerabilities and their variants. Semmle is trusted by security teams at Uber, NASA, Microsoft, Google, and has helped find thousands of vulnerabilities in some of the largest codebases in the world, as well as over 100 CVEs in open source projects to date.
Security researchers use Semmle to quickly find vulnerabilities in code with simple declarative queries. These teams then share their queries with the Semmle community to improve the safety of code in other codebases. Software security is a community effort; no single company can find every vulnerability or secure the open source supply chain behind everyone’s code. Semmle’s community-driven approach to identifying and preventing security vulnerabilities is the very best way forward.
To learn more about our approach to developer security, check out a detailed overview of secure development on GitHub from Shanku Niyogi, SVP of Product. The Semmle blog has many videos and examples of Semmle in action, and you can check out your favorite open source projects on Semmle’s lgtm.com.
We’re so excited to be joined by the Semmle team and to welcome their world class engineers and security researchers to GitHub. Together, we’ll bring their work to all open source communities and to our customers. As a community of developers, maintainers, and researchers, we can all work together toward more secure software for everyone.
Written by
Related posts
GitHub Availability Report: November 2024
In November, we experienced one incident that resulted in degraded performance across GitHub services.
The top 10 gifts for the developer in your life
Whether you’re hunting for the perfect gift for your significant other, the colleague you drew in the office gift exchange, or maybe (just maybe) even for yourself, we’ve got you covered with our top 10 gifts that any developer would love.
Congratulations to the winners of the 2024 Gaady Awards
The Gaady Awards are like the Emmy Awards for the field of digital accessibility. And, just like the Emmys, the Gaadys are a reason to celebrate! On November 21, GitHub was honored to roll out the red carpet for the accessibility community at our San Francisco headquarters.