SonarSource now provides high-precision SAST tooling for developers, enabling them to own Code Security

Geneva, December 17th, 2020, In 2020 SonarSource became a leader in Code Quality and Code Security solutions, upgrading its tools to bring unmatched SAST (Static Application Security Testing) precision and performance to developers. Now there’s a tool that enables developers to own Code Security!

What that means for developers is code security analysis in the SonarSource tools they are already familiar with: SonarQube and SonarCloud. And SonarSource has taken pains to apply the same “no false positives” rule to security analysis that it uses for its code quality analysis.

SonarSource’s has been adding SAST analysis to its tools for several years, but its efforts were boosted by the May 2020 acquisition of RIPS-TECH, which specialized in highly precise SAST analysis of PHP. Since the acquisition, the combined team has re-engineered SonarSource’s detection of injection vulnerabilities from the ground up to incorporate the best from both companies. The result: today developers have access to unparalleled precision in security analysis of Java, C#, PHP, Python, and JavaScript code in SonarQube and SonarCloud, with more languages to come.

The availability of highly precise SAST analysis in developer tooling represents a stark departure from the previous state of the art. Other SAST tools are built for a security auditor audience rather than developers. They raise a broad swath of issues with the expectation that security auditors will sort through the results to find any true positives.

By targeting developers, SonarSource has taken a different approach: tune the SAST rules to raise only true positives and accept that a few borderline issues may fall through the cracks. “Our approach to Code Security is a true change of paradigm, taking the opposite approach from traditional players who address CISOs, risk and compliance needs, and feel the pain to bridge to development in order to fix issues. With the precision that we offer, developers can be the direct recipient of vulnerabilities issues. And when you know the level of integration of our products with development pipelines and its level of adoption, it is not difficult to imagine the kind of impact it will have on the security market.”, SonarSource CEO Olivier Gaudin said.

Sponsorships Available

Sponsorships Available

Sponsorships Available

Learn more about SonarSource SAST tools:

https://blog.sonarsource.com/code-security-now-theres-a-tool-for-developers

About SonarSource

SonarSource builds world-class products for Code Quality and Security. Its open-source and commercial code analyzers – SonarLint, SonarCloud, SonarQube – support 27 programming languages, empowering dev teams of all sizes to solve coding issues within their existing workflows. Trusted by more than 250,000 organizations globally, SonarSource products are a de-facto standard for teams and organizations to deliver better, safer software.

About RIPS Technologies

RIPS Technologies was founded in 2016 and is a company dedicated to innovative security testing technologies, known for building from the ground up its best-in-class PHP code analyzer. Its teams have deep know-how in implementing innovative security analyzers that can automatically detect even complex and deeply nested vulnerabilities, in PHP code and more recently in other languages like Java and JavaScript.

Recent Articles By Author

• New Delphix Data Vault Isolates Good Data, Enhances Ransomware Protection
• Query.AI Closes $4.6M in Funding to Accelerate Adoption of Market’s Only Security Investigations Control Plane
• 81% of Developers at Large Organizations Admit to Knowingly Releasing Vulnerable Applications

More from Deb Schalm