SonarSource Now Provides High-Precision SAST Tooling for Developers, Enabling Them to Own Code Security!

SonarSource became a leader in Code Quality and Code Security solutions, upgrading its tools to bring unmatched SAST (Static Application Security Testing) precision and performance to developers. Now there’s a tool that enables developers to own Code Security!

What that means for developers is code security analysis in the SonarSource tools they are already familiar with: SonarQube and SonarCloud. And SonarSource has taken pains to apply the same “no false positives” rule to security analysis that it uses for its code quality analysis.

Recommended AI News: Activ Technologies Expands PaaS Offering And Enhances Key Operational Visibility And Reporting

SonarSource’s has been adding SAST analysis to its tools for several years, but its efforts were boosted by the May 2020 acquisition of RIPS-TECH, which specialized in highly precise SAST analysis of PHP. Since the acquisition, the combined team has re-engineered SonarSource’s detection of injection vulnerabilities from the ground up to incorporate the best from both companies. The result: today developers have access to unparalleled precision in security analysis of Java, C#, PHP, Python, and JavaScript code in SonarQube and SonarCloud, with more languages to come.

The availability of highly precise SAST analysis in developer tooling represents a stark departure from the previous state of the art. Other SAST tools are built for a security auditor audience rather than developers. They raise a broad swath of issues with the expectation that security auditors will sort through the results to find any true positives.

Recommended AI News: Cyclotron Helps A Large Healthcare Company To Migrate From Google Workspace To Microsoft 365

By targeting developers, SonarSource has taken a different approach: tune the SAST rules to raise only true positives and accept that a few borderline issues may fall through the cracks. “Our approach to Code Security is a true change of paradigm, taking the opposite approach from traditional players who address CISOs, risk and compliance needs, and feel the pain to bridge to development in order to fix issues. With the precision that we offer, developers can be the direct recipient of vulnerabilities issues. And when you know the level of integration of our products with development pipelines and its level of adoption, it is not difficult to imagine the kind of impact it will have on the security market.”, SonarSource CEO Olivier Gaudin said.

Recommended AI News: Surgent Partners With AME Learning To Offer Suite Of Introductory Accounting Courses