Last month Sonatype announced the acquisition of MuseDev, an innovative code analysis platform that does three things remarkably well:
- automatically examines code associated with a developer’s pull request
- provides accurate feedback pertaining to code quality and simple security mistakes
- makes it super easy for developers to find and fix critical bugs during code review.
Since the news was announced, we’ve been busy responding to interest from customers, partners, and analysts — all of them excited to see how software developers and engineering teams can now gain better control of the entire software supply chain; from first-party source code, to third-party open source code, to infrastructure as code, and containerized code.
Further, in light of our partnership with MicroFocus Fortify, we’ve also fielded a few questions about the relationship of MuseDev to enterprise SAST tools. This post provides guidance to easily answer that question.
According to Gartner, Static Application Security Testing (SAST) is a set of technologies designed to analyze application source code, byte code, and binaries for coding and design conditions that are indicative of security vulnerabilities. SAST solutions analyze an application from the “inside out” in a non-running state. SAST tools are commonly purchased by application security professionals and typically deployed as part of the security and risk management portion of the software development lifecycle.
Muse on the other hand, is an innovative code analysis program for developers that identifies a broad range of performance, reliability, style, and simple security issues. Muse automatically analyzes each pull request, focusing just on issues related to the changed code, and directly to developers as comments in code review, Muse helps developers fix more bugs “upstream” so they become better partners security professionals “downstream”, during their SAST analysis phase.
To achieve coverage across the full spectrum of code (Read more...)
