Semmle is the platform for the analysis of the code by means of which information security experts can reveal vulnerabilities in the software. The company is founded in 2006.
2019: Microsoft purchased Semmle
On September 18, 2019 Microsoft announced Semmle acquisition to improve work of the service for joint development of IT projects of GitHub. The cost of the transaction of the company did not begin to be disclosed. Before Semmle attracted in total $31 million investments.
Microsoft calls Semmle "the revolutionary mechanism of the analysis of the code" which performs "sequential analysis of options" of the whole code bases to reveal errors because of which there can be a vulnerability.
Such checks are, as a rule, performed manually, using grep, AWK or other tools in integrated development environment. Search of errors often are difficult process and demands from specialists of profound knowledge of the code and good understanding of different models of threats.
In some software companies there are no researchers of cyber security, and developers, as a rule, have no due skills for detection of vulnerabilities. Semmle is the platform which allows to automate the most part of such processes and to simplify search of errors, said in the press release devoted to sale of a startup of Microsoft corporation.
Semmle processes the code as data and relevant researches optimization of the program in compile process" and "knowledge of implementation of DBMS" therefore the code can be requested using a descriptive object-oriented language of requests just as it occurs in DBMS includes in areas ". In it there is a big advantage because numerous vulnerabilities are caused by the same type of errors in the code. Using Semmle it is possible to find everything option of errors in one request, and then to eliminate hundreds of vulnerabilities for time.