aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • DevOps
  • Programming

Sonatype Launches Novel Deep Code Analysis Platform Designed For Developers

  • aster.cloud
  • June 15, 2021
  • 3 minute read

Sonatype, the leader in developer-friendly tools for software supply chain automation and security, unveils Sonatype Lift (Lift), a first-of-its-kind, cloud-native, deep code analysis platform. Lift installs easily on any source repository in minutes and provides developer-friendly feedback on a wide range of bug types, ranging from lightweight style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

In the past year cyber attacks have increased exponentially, as bad actors increasingly go after software supply chains to exploit vulnerabilities in commercial and open source code — evidenced in the SolarWinds and Codecov incidents.  Even the world’s largest companies aren’t immune to software quality defects inadvertently reaching production. Apple recently reported critical vulnerabilities in its Webkit browser SDK and its iOS Kernel.  As code quality issues increasingly become security issues, developers and security teams need to work together to ensure code is both reliable and secure.  Further, as the recent Fastly outage demonstrated, innocent coding errors can cause as much damage as cyber attacks intentionally perpetrated by malicious actors.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

 

Deep Code Analysis.  Easy for Developers.  Trusted by Security.

Created to make developers’ and security teams’ lives easier, Lift fosters collaboration between the two, providing a unified code analysis pipeline that brings 26+ tools across 11 languages to catch a wide range of bug types. Because Lift’s results are reported in code review, developers and security engineers can collaborate on how best (or whether) to fix reported issues. With reporting during the peer review window proven to dramatically improve fix rates, Lift’s ability to provide insights at this critical point will be instrumental in improving code quality.

Read More  Add Severity Levels To Your Alert Policies In Cloud Monitoring

This is the first code quality solution to bring the proven methods and technologies from Facebook (Infer) and Google (ErrorProne), and deliver them as a commercial platform. The unique way in which Lift works overcomes the challenges of conventional code analysis tools by making installation and configuration quick and easy, and leverages developer feedback to continuously improve results over time. By focusing on high-confidence bugs, Lift builds developer trust and ensures that when it does report, developers pay attention and fix the issues.

Lift catches not just issues in the code developers write, but also in the open source libraries they rely upon by pulling software composition analysis data from Sonatype’s OSS Index to report vulnerable open source libraries as comments in code review.

“Developers are increasingly responsible for ensuring their code is both secure and high-quality. Typical code quality tools are limited to per-file analysis and don’t catch bugs that traverse files. While SAST tools do, they are security-focused and run by security teams. We built Lift to provide developers deep code analysis focused on catching performance and reliability bugs that can lead to critical vulnerabilities similar to those increasingly exploited in recent attacks,” said Brian Fox, Sonatype co-Founder and CTO. “And, we have done it in a way that helps developers fix more bugs, without slowing them down or requiring them to switch contexts.”

 

Strengthening the Developer and Open Source Communities

Lift will be free forever for public repositories and serves open source maintainers by helping secure the software supply chain at its source. Sonatype’s long standing commitment to supporting the world’s open source community began as a core contributor to Apache Maven and continues with its stewardship of the Maven Central Repository, free developers tools including its OSS vulnerability database, and being an active member of the OpenSSF Foundation.

Read More  How To Make An Old Computer Useful Again

Additional Resources

  • Read more about Sonatype Lift on the Sonatype Blog
  • Register to attend ELEVATE 2021, Sonatype’s user conference, on June 17 and learn more about Lift and the future of Sonatype
  • Try Lift for Free on GitHub today

About Sonatype

Sonatype is the leader in developer-friendly, full-spectrum software supply chain automation providing organizations total control of their cloud-native development lifecycles, including third-party open source code, first-party source code, infrastructure as code, and containerized code. The company supports 70% of the Fortune 100 and its commercial and open source tools are trusted by 15 million developers around the world. With a vision to transform the way the world innovates, Sonatype helps organizations of all sizes build higher quality software that’s more aligned with business needs, more maintainable and more secure.

Sonatype has been recognized by Fast Company as one of the Best Workplaces for Innovators in the world, two years in a row and has been named to the Deloitte Technology Fast 500 and Inc.


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • Open Source
  • SolarWinds
  • Sonatype
  • Sonatype Lift
You May Also Like
View Post
  • DevOps
  • Engineering
  • Platforms

How To Fail At Platform Engineering

  • March 11, 2024
View Post
  • Computing
  • DevOps
  • Platforms

The IBM Approach To Reliable Quantum Computing

  • November 28, 2023
DevOps artifact management
View Post
  • Design
  • DevOps
  • Engineering

10 Awesome Benefits Of Artifact Management And Why You Need It

  • August 2, 2023
Automation | Gears
View Post
  • Automation
  • DevOps
  • Engineering

Automating CI/CD With GitHub Actions

  • June 13, 2023
View Post
  • Architecture
  • Data
  • Engineering
  • People
  • Programming
  • Software Engineering
  • Technology
  • Work & Jobs

Predictions: Top 25 Careers Likely In High Demand In The Future

  • June 6, 2023
View Post
  • DevOps
  • People

What’s The Future Of DevOps? You Tell Us. Take The 2023 Accelerate State Of DevOps Survey

  • June 2, 2023
View Post
  • Programming
  • Software Engineering
  • Technology

Build a Python App to Alert You When Asteroids Are Close to Earth

  • May 22, 2023
View Post
  • Programming

Illuminating Interactions: Visual State In Jetpack Compose

  • May 20, 2023

Stay Connected!
LATEST
  • What is cloud bursting?
    • June 18, 2025
  • What is confidential computing?
    • June 17, 2025
  • Oracle adds xAI Grok models to OCI
    • June 17, 2025
  • Fine-tune your storage-as-a-service approach
    • June 16, 2025
  • 5
    Advanced audio dialog and generation with Gemini 2.5
    • June 15, 2025
  • 6
    A Father’s Day Gift for Every Pop and Papa
    • June 13, 2025
  • 7
    Global cloud spending might be booming, but AWS is trailing Microsoft and Google
    • June 13, 2025
  • Google Cloud, Cloudflare struck by widespread outages
    • June 12, 2025
  • What is PC as a service (PCaaS)?
    • June 12, 2025
  • 10
    Apple services deliver powerful features and intelligent updates to users this autumn
    • June 11, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    Crayon targets mid-market gains with expanded Google Cloud partnership
    • June 10, 2025
  • By the numbers: Use AI to fill the IT skills gap
    • June 11, 2025
  • 3
    Apple supercharges its tools and technologies for developers to foster creativity, innovation, and design
    • June 9, 2025
  • Apple-WWDC25-Apple-Intelligence-hero-250609 4
    Apple Intelligence gets even more powerful with new capabilities across Apple devices
    • June 9, 2025
  • Apple-WWDC25-Liquid-Glass-hero-250609_big.jpg.large_2x 5
    Apple introduces a delightful and elegant new software design
    • June 9, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.