Why Sonatype is Acquiring MuseDev

Ask any software developer, and they will tell you the truth about two things:

  1. Conventional code analysis and application security tools are overly noisy and generally not well integrated into the developer workflow.
  2. Tools that don’t actually make life easier for developers are perceived as friction and commonly ignored.

Rather than slowing developers down with process-heavy security gates or circuitous code quality alerts, we believe developers are better served by providing them with gentle, timely, and effective nudges that actually help them improve the quality and security of the applications they are building. 

This is why, today, we’re announcing the acquisition of MuseDev.

Who is MuseDev?

MuseDev is a startup that was incubated by Galois, Inc. and spun out in fall of 2019 by founders Dr. Stephen Magill, Andrew Yorra, and Tom DuBuisson. The Muse product is a cloud-native and innovative source code analysis platform that is uniquely friendly to developers.  With a few simple clicks, Muse installs into any source control repo, and automatically begins to analyze pull requests, and provides developers with accurate and actionable feedback so they can easily fix more bugs during peer code review.  

Any developer can get started with Muse in seconds.  Muse aggregates and orchestrates 24 pre-configured code analyzers that range from “light weight linters” to “deep static analysis tools”. It also covers a wide variety of coding languages and bug types, including security, reliability, performance, and style. Today, Muse integrates with GitHub, GitLab, and Bitbucket, and supports Java, JavaScript, Python, .NET, Go, and Ruby code. 

Integrating with the pull request workflow is critical when it comes to developer adoption. Through its experience in working with large scale enterprise development teams, MuseDev found that when bugs are accurately identified and surfaced inside the pull request workflow, developers are 70 (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Brian Fox. Read the original post at: