Skip to main content

Sonatype Acquires MuseDev

FULTON, Md., March 16, 2021 (GLOBE NEWSWIRE) — Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced the acquisition of MuseDev, an innovative code analysis platform. MuseDev’s core offering automatically analyzes and provides uniquely accurate feedback on each developer pull request, making it easy to find and fix critical security, performance, and reliability bugs during code review. With the addition of Muse, the Sonatype Nexus platform now offers customers full-spectrum control of the cloud-native software development lifecycle including: first-party source code, third-party open source code, infrastructure as code, and containerized code. “Beginning today, with the acquisition of MuseDev, we are further expanding our platform to help customers automatically control the quality of code their developers write,” said Wayne Jackson, CEO of Sonatype. “Coupled with our recently launched Nexus Container and Infrastructure as Code solutions, we are now delivering a developer-friendly and full-spectrum software supply chain management platform and serving clear notice that Sonatype remains the incumbent market leader compared to emergent players. We welcome Dr. Stephen Magill and the entire MuseDev team to Sonatype.”The news comes amid continued record growth for Sonatype. The company now counts 70% of the Fortune 100 as customers and supports more than 2,000 commercial engineering teams. Further, in 2020 Sonatype experienced 35% annual growth in Nexus Repository installs, which now total more than 250,000 instances. Today, the combination of Sonatype’s commercial and open source tools are trusted by nearly 15 million developers around the world. “We built Muse to provide developers feedback in the same way their teammates do — as comments in code review. Teams adopting this approach are 70 times more likely to fix code quality and security issues,” says Dr. Stephen Magill, CEO of MuseDev. “We’ve always been impressed with Sonatype’s Nexus platform and the company’s long-standing commitment to developer success. We’re truly excited to join them as they strive to bring operational excellence to the management of software supply chains.”MuseDev was founded as a spin-out of Galois by a team of software developers with a passion for creating tools that help developers write their best code. The team includes deep expertise in static application security testing, machine learning, and semantic code analysis honed on mission critical projects executed at the U.S. Department of Defense, Amazon, and Microsoft.“As enterprises look to push their development teams to work faster, it becomes imperative to find ways to help developers to move more quickly by automating crucial but time consuming tasks like code analysis,” said Stephen O’Grady, Principal Analyst with RedMonk. “This is exactly what MuseDev is built for, with its ability to automatically analyze each incoming pull request.”Strengthening Software Supply Chain Management with Developer-Friendly Source Code AnalysisThe acquisition of MuseDev immediately expands the breadth and depth of Sonatype’s Nexus platform. To achieve coverage across the full spectrum of code performance, reliability, security, and style issues, Muse integrates its 24 pre-configured code analyzers into GitHub, GitLab and Bitbucket. Muse then automatically analyzes each pull request, and provides rapid and accurate visibility into critical bugs within the developer workflow, as comments in code review. Muse analyzers are pre-tuned to minimize false-positive noise to ensure developers focus on the bugs that matter most. Lastly, Muse gives developers clear guidance on how to fix reported bugs that are identified.Muse analyzers go beyond traditional linting to perform deep code analysis such as interprocedural information flow and thread safety analysis — techniques that were previously only available in tools owned by security. Because Muse feedback is delivered during the peer code review portion of the workflow, it’s easy and natural for developers to fix bugs without hindering innovation velocity. This makes Muse highly complementary to conventional SAST tools that perform deep analysis on compiled applications later in the release cycle.Finally, to ensure more developers can get started right away, Muse automates the mundane, yet complex, aspects of tool installation and configuration. By providing a simple one-click setup of its advanced code analysis..Additional ResourcesRead the latest blog from Sonatype’s co-founder and CTO, Brian FoxLearn more about Sonatype’s Full-Spectrum Software Supply Chain Management PlatformMeet Muse during our March 31st webinar with Brian Fox and Stephen MagillTry Muse on GitHub todayAbout Sonatype:Sonatype is the leader in developer-friendly, full-spectrum software supply chain management providing organizations total control of their cloud-native development lifecycles, including third-party open source code, first-party source code, infrastructure as code, and containerized code. The company supports 70% of the Fortune 100 and its commercial and open source tools are trusted by 15 million developers around the world. With a vision to transform the way the world innovates, Sonatype helps organizations of all sizes build higher quality software that’s more aligned with business needs, more maintainable, and more secure. Sonatype has been recognized by Fast Company as one of the Best Workplaces for Innovators in the world, two years in a row, and has been named to the Deloitte Technology Fast 500 and Inc. 5000 lists for the past five years. For more information, please visit Sonatype.com, or connect with us on Facebook, Twitter, or LinkedInAttachmentSocial_Welcome_MuseDev_v2@2xElissa Walters
Sonatype
480-818-0734
ewalters@sonatype.com

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.