Ask any software developer, and they will tell you the truth about two things:
- Conventional code analysis and application security tools are overly noisy and generally not well integrated into the developer workflow.
- Tools that don’t actually make life easier for developers are perceived as friction and commonly ignored.
Rather than slowing developers down with process-heavy security gates or circuitous code quality alerts, we believe developers are better served by providing them with gentle, timely, and effective nudges that actually help them improve the quality and security of the applications they are building.
Who is MuseDev?
MuseDev is a startup that was incubated by Galois, Inc. and spun out in fall of 2019 by founders Dr. Stephen Magill, Andrew Yorra, and Tom DuBuisson. The Muse product is a cloud-native and innovative source code analysis platform that is uniquely friendly to developers. With a few simple clicks, Muse installs into any source control repo, and automatically begins to analyze pull requests, and provides developers with accurate and actionable feedback so they can easily fix more bugs during peer code review.
Integrating with the pull request workflow is critical when it comes to developer adoption. Through its experience in working with large scale enterprise development teams, MuseDev found that when bugs are accurately identified and surfaced inside the pull request workflow, developers are 70 (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Brian Fox. Read the original post at: https://blog.sonatype.com/sonatype-acquires-musedev-and-unveils-full-spectrum-software-supply-chain-management-system