SonarSource Acquires Application Security Testing Company Static
SonarSource, a company that provides code quality and security solutions, has purchased German static application security testing (SAST) startup RIPS Technologies for an undisclosed sum. The buyer has incorporated RIPS employees into its teams, and RIPS has become SonarSource’s fourth office, according to a prepared statement.
This is M&A deal number 208 that MSSP Alert and sister site ChannelE2E have covered so far in 2020. See the complete M&A deal list here.
RIPS’s technology will enable SonarSource to deliver SAST products that help developers automate feedback on the security of their code as they create new software, the companies said. Furthermore, SonarSource will integrate RIPS’s technology into the following products:
- SonarCloud: Continuously inspects source code for bugs and security vulnerabilities.
- SolarLint: Highlights bugs and security vulnerabilities in code as it is being written.
- SonarQube: Performs automatic reviews with static analysis of code to detect bugs and security vulnerabilities.
SonarSource also will use RIPS’s technology to build a code security analyzer that covers programming languages used to develop and deploy software globally, the company said. In addition, SonarSource plans to create a security research team led by RIPS CEO Johannes Dahse.
What Is SAST?
SAST is used to identify security vulnerabilities in source code, according to electronic design automation company Synopsys. It enables software developers to analyze source code and find vulnerabilities before code is compiled.
With SAST, software developers can identify security vulnerabilities in the initial stages of application development, Synopsis noted. They also can collect real-time feedback as they code and fix issues, regardless of their security expertise.