CIO Influence
CIO Influence News Cloud Security

Sonatype Acquires MuseDev

Sonatype Acquires MuseDev
Acquisition Pairs Developer-Friendly Source Code Analysis with Full-Spectrum Software Supply Chain Management

Sonatype, the leader in developer-friendly tools for software supply chain management and security,  announced the acquisition of MuseDev, an innovative code analysis platform. MuseDev’s core offering automatically analyzes and provides uniquely accurate feedback on each developer pull request, making it easy to find and fix critical security, performance, and reliability bugs during code review.

With the addition of Muse, the Sonatype Nexus platform now offers customers full-spectrum control of the cloud-native software development lifecycle including: first-party source code, third-party open source code, infrastructure as code, and containerized code.

Recommended ITech News: Knoa Software Announces Support for Oracle Cloud

“Beginning today, with the acquisition of MuseDev, we are further expanding our platform to help customers automatically control the quality of code their developers write,” said Wayne Jackson, CEO of Sonatype. “Coupled with our recently launched Nexus Container and Infrastructure as Code solutions, we are now delivering a developer-friendly and full-spectrum software supply chain management platform and serving clear notice that Sonatype remains the incumbent market leader compared to emergent players. We welcome Dr. Stephen Magill and the entire MuseDev team to Sonatype.”

The news comes amid continued record growth for Sonatype. The company now counts 70% of the Fortune 100 as customers and supports more than 2,000 commercial engineering teams. Further, in 2020 Sonatype experienced 35% annual growth in Nexus Repository installs, which now total more than 250,000 instances. Today, the combination of Sonatype’s commercial and open source tools are trusted by nearly 15 million developers around the world.

“We built Muse to provide developers feedback in the same way their teammates do — as comments in code review. Teams adopting this approach are 70 times more likely to fix code quality and security issues,” says Dr. Stephen Magill, CEO of MuseDev. “We’ve always been impressed with Sonatype’s Nexus platform and the company’s long-standing commitment to developer success. We’re truly excited to join them as they strive to bring operational excellence to the management of software supply chains.”

MuseDev was founded as a spin-out of Galois by a team of software developers with a passion for creating tools that help developers write their best code. The team includes deep expertise in static application security testing, machine learning, and semantic code analysis honed on mission critical projects executed at the U.S. Department of Defense, Amazon, and Microsoft.

“As enterprises look to push their development teams to work faster, it becomes imperative to find ways to help developers to move more quickly by automating crucial but time consuming tasks like code analysis,” said Stephen O’Grady, Principal Analyst with RedMonk. “This is exactly what MuseDev is built for, with its ability to automatically analyze each incoming pull request.”

Recommended ITech News: Dialpad Announces New Partner Success Portal

Strengthening Software Supply Chain Management with Developer-Friendly Source Code Analysis

The acquisition of MuseDev immediately expands the breadth and depth of Sonatype’s Nexus platform. To achieve coverage across the full spectrum of code performance, reliability, security, and style issues, Muse integrates its 24 pre-configured code analyzers into GitHub, GitLab and Bitbucket. Muse then automatically analyzes each pull request, and provides rapid and accurate visibility into critical bugs within the developer workflow, as comments in code review. Muse analyzers are pre-tuned to minimize false-positive noise to ensure developers focus on the bugs that matter most. Lastly, Muse gives developers clear guidance on how to fix reported bugs that are identified.

Muse analyzers go beyond traditional linting to perform deep code analysis such as interprocedural information flow and thread safety analysis — techniques that were previously only available in tools owned by security. Because Muse feedback is delivered during the peer code review portion of the workflow, it’s easy and natural for developers to fix bugs without hindering innovation velocity. This makes Muse highly complementary to conventional SAST tools that perform deep analysis on compiled applications later in the release cycle.

Finally, to ensure more developers can get started right away, Muse automates the mundane, yet complex, aspects of tool installation and configuration. By providing a simple one-click setup of its advanced code analysis.

Recommended ITech News: Unisys Named a Leader in Cyber Resiliency Services by NelsonHall

Related posts

Quest Data Modeling and Data Intelligence Enhancements to Strengthen Data Operations

CIO Influence News Desk

SnapAV to Acquire Access Networks

CIO Influence News Desk

Stratosphere Networks Helps With Back To School Supply Drive For Lawrence Hall