Sonatype uses deep code

Sonatype has launched a new deep code analysis platform called Lift which can detect a wide range of bug types.Lift detects bugs ranging from style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.Research from Veracode last year found that open-source libraries cause security flaws in around 70 percent of apps. However, open-source libraries are often critical to projects.

Using a deep code analysis platform like Lift – which can be installed easily in any source repository in minutes – helps reap the benefits of using open-source libraries while maintaining security.

Lift’s unified code analysis pipeline brings 26+ tools across 11 languages to catch a wide range of bug types and uses the proven methods and technologies from Facebook (Infer) and Google (ErrorProne).Sonatype says that Lift will forever be free for public repositories as part of its long-standing commitment to supporting the world’s open-source community.

Leave a Reply

Your email address will not be published. Required fields are marked *