09-19-2019 , 07:19 PM
Quote:Semmle's analysis engine, QL, simplifies the process of finding variations of the same coding mistake over large codebases, allowing faster discovery of security vulnerabilities.
GitHub to improve bug scanning process
GitHub plans to add the Semmle technology into its services and improve code development and vulnerability disclosure process for its users.
Semmle treats source code as data and makes it possible to identify entire vulnerability classes at a much quicker rate than traditional code analysis methods. The product is now used by big organizations like Google, Uber, Microsoft, and NASA.