New deep code analysis platform helps developers eliminate bugs
As recent high-profile attacks have shown, bad actors are increasingly going after software supply chains to exploit vulnerabilities in commercial and open source code.
Developer tool specialist Sonatype is launching a new deep code analysis platform called Lift that installs easily on any source repository and provides developer-friendly feedback on a wide range of bug types.
Lift helps build collaboration between security and development teams, providing a unified code analysis pipeline that brings over 26 tools across 11 languages to catch a wide range of bug types. Because Lift’s results are reported in code review, developers and security engineers can collaborate on how best (or whether) to fix reported issues.
Lift catches not just issues in the code developers write, but also in the open source libraries they rely on, by pulling software composition analysis data from Sonatype’s OSS Index to report vulnerable open source libraries as comments in code review.
"Developers are increasingly responsible for ensuring their code is both secure and high-quality. Typical code quality tools are limited to per-file analysis and don't catch bugs that traverse files. While SAST tools do, they are security-focused and run by security teams. We built Lift to provide developers deep code analysis focused on catching performance and reliability bugs that can lead to critical vulnerabilities similar to those increasingly exploited in recent attacks,” says Brian Fox, Sonatype co-founder and CTO. "And, we have done it in a way that helps developers fix more bugs, without slowing them down or requiring them to switch contexts."
You can find out more and request a demo on the Sonatype site.