3 years ago

Category: Software, Security

Software supply chain management and security tooling company Sonatype has acquired code analysis platform MuseDev, integrating the company and team into its existing Nexus platform, to expand its scope beyond third-party dependencies. With all of these added features, the company says that its platform now provides a “full-spectrum control of the cloud native software development lifecycle.”

The addition of Muse specifically adds a focus on in-house code creation, with Muse not only offering pre-configured code analysis tools, but also taking the results of those tools and inserting them into the pull request and code review process, creating a feedback loop to determine which bugs are ignored and which are fixed by developers.

By integrating into the pull request, they’re able to basically introduce the relevant findings in the piece of code that is either newly created or the parts of the code that are being touched at that particular time, so that it’s easy and natural for the developers to make the changes.

While Sonatype is adding this focus on in-house code creation and analysis, Fox said that they are also looking forward to bringing this type of workflow, as introduced by Muse, to its existing tools.