SonarSource now provides high-precision SAST tooling for developers, enabling them to own Code Security!

GENEVA, Dec. 17, 2020 /PRNewswire/ -- In 2020 SonarSource [] became a leader in Code Quality and Code Security solutions, upgrading its tools to bring unmatched SAST (Static Application Security Testing) precision and performance to developers. Now there's a tool that enables developers to own Code Security! []

What that means for developers is code security analysis in the SonarSource tools they are already familiar with: SonarQube and SonarCloud. And SonarSource has taken pains to apply the same "no false positives" rule to security analysis that it uses for its code quality analysis.

SonarSource's has been adding SAST analysis to its tools for several years, but its efforts were boosted by the May 2020 acquisition of RIPS-TECH [], which specialized in highly precise SAST analysis of PHP. Since the acquisition, the combined team has re-engineered SonarSource's detection of injection vulnerabilities from the ground up to incorporate the best from both companies. The result: today developers have access to unparalleled precision in security analysis of Java, C#, PHP, Python, and JavaScript code in SonarQube and SonarCloud, with more languages to come.

The availability of highly precise SAST analysis in developer tooling represents a stark departure from the previous state of the art. Other SAST tools are built for a security auditor audience rather than developers. They raise a broad swath of issues with the expectation that security auditors will sort through the results to find any true positives.

By targeting developers, SonarSource has taken a different approach: tune the SAST rules to raise only true positives and accept that a few borderline issues may fall through the cracks. "Our approach to Code Security is a true change of paradigm, taking the opposite approach from traditional players who address CISOs, risk and compliance needs, and feel the pain to bridge to development in order to fix issues. With the precision that we offer, developers can be the direct recipient of vulnerabilities issues. And when you know the level of integration of our products with development pipelines and its level of adoption, it is not difficult to imagine the kind of impact it will have on the security market.", SonarSource CEO Olivier Gaudin said.

Learn more about SonarSource SAST tools: []

About SonarSource

SonarSource builds world-class products for Code Quality and Security. Its open-source and commercial code analyzers - SonarLint, SonarCloud, SonarQube - support 27 programming languages, empowering dev teams of all sizes to solve coding issues within their existing workflows. Trusted by more than 250,000 organizations globally, SonarSource products are a de-facto standard for teams and organizations to deliver better, safer software.

About RIPS Technologies

RIPS Technologies was founded in 2016 and is a company dedicated to innovative security testing technologies, known for building from the ground up its best-in-class PHP code analyzer. Its teams have deep know-how in implementing innovative security analyzers that can automatically detect even complex and deeply nested vulnerabilities, in PHP code and more recently in other languages like Java and JavaScript. []

Photo - [] Logo - []

CONTACT: Contact details: Olivier Gaudin (CEO), Phone number: +41 79 366 62 08

PR Newswire

Dit persbericht is via ANP Pers Support naar internationale (vak en online) media gestuurd. Heb je nieuws voor buitenlandse journalisten? Bekijk dan onze mogelijkheden of neem contact met ons op.

Verstuur nu éénmalig een persbericht

Verstuur persberichten en beeldmateriaal naar redacties in binnen- en buitenland. Via het ANP-net, het internationale medianetwerk van PR Newswire of met een perslijst op maat.

Direct persbericht versturen
070 - 41 41 234