SonarSource now offers developers highly accurate SAST tools for controlling code security


In 2020,  SonarSource has  become the leading provider of code quality and code security solutions, enhancing its tools to provide developers with unmatched accuracy and performance for static application security testing (SAST). Now there’s a tool that allows developers to take control of code security!

For developers, this means analyzing the coded access security in the SonarSource tools they are already familiar with: SonarQube and SonarCloud. SonarSource has made an effort to apply the same no false positives rule to the security analysis that it uses to analyze code quality.

SonarSource has been adding SAST analytics to its tools for several years. However, efforts were  stepped up in May 2020 with the acquisition of RIPS-TECH , a company that specializes in high-precision SAST analysis of PHP. Since the acquisition, the joint team has completely reworked SonarSource’s “injection” vulnerability detection to incorporate the best of both companies. As a result, developers now have access to unparalleled precision in security analysis of Java, C #, PHP, Python and JavaScript code in SonarQube and SonarCloud, with other programming languages ​​to follow.

Read More: Malware – Available to Cybercriminals in the Dark Web for Purchase With Bitcoins

The availability of high-precision SAST analyzes in developer tools differs greatly from the current state of the art. Other SAST tools are designed for security auditors rather than developers. They display a wide range of problems which the security auditors then sort out to filter out the real problems.

SonarSource has chosen a different approach and addresses the developers directly: By optimizing the SAST rules, only real positive results should be achieved, whereby it is accepted that some borderline cases may fall through the grid. “Our approach to code security is a true paradigm shift, taking the opposite approach of traditional actors who deal with CISOs, risk and compliance requirements and always have to go through the developers first to fix problems. With the precision we offer, developers can react directly to weak points. When you consider how far our products are integrated into the development pipelines and the level of acceptance they are experiencing, it is not difficult to imagine what impact this will have on the security market “,Olivier Gaudin .