GitHub announced (in a blog post written by Nat Friedman) that is is “welcoming Semmle to GitHub”. The acquisition is seen by GitHub as a big step in securing the open source supply chain. Semmle sees it as “a fabulous milestone in a 13-year journey.”
Semmle’s revolutionary semantic code analysis engine allows developers to write queries that identify code patterns in large codebases and search for vulnerabilities and their variants. Semmle is trusted by security teams at Uber, NASA, Microsoft, Google, and has helped thousands of vulnerabilities in some of the largest codebases in the world, as well as over 100 CVEs in open source projects to date.
According to TechCrunch, GitHub did not disclose the price of the acquisition of Semmle. What is known is that Semmle launched yeast year with a $21 million Series B round led by Accel. In total, the company raised $31 million before this acquisition.
Oege de Moor from Semmle wrote: “By joining GitHub we are taking the next step in changing how software is developed, allowing every developer to benefit from the expertise of the top security researchers in the world. I can’t imagine a more fitting recognition of our team’s hard work, or a better opportunity to realize the full potential of the vision and technology.”
According to Semmle, there will be no disruption to existing users of Semmle products. GitHub and Semmle are deeply committed to securing the open source ecosystem, and as part of that commitment, LGTM.com will continue to be available for free for public repositories and open source. Semmle is also going to continue their open source security research. Existing Semmle products will integrate with GitHub’s existing product range.
It seems to me that this is one acquisition situation were nothing will be lost. Semmle’s products, and GitHubs products, are going to be integrated together.