• info@webendeavours.in
  • +91 7981999633

Sonatype Lift uses deep code analysis to suggest bug fixes


Sonatype has launched a new deep code analysis platform called Lift which can detect a wide range of bug types.

Lift detects bugs ranging from style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Research from Veracode last year found that open-source libraries cause security flaws in around 70 percent of apps. However, open-source libraries are often critical to projects.

Using a deep code analysis platform like Lift – which can be installed easily in any source repository in minutes – helps reap the benefits of using open-source libraries while maintaining security.

Brian Fox, Co-Founder and CTO of Sonatype, said:
“Developers are increasingly responsible for ensuring their code is both secure and high-quality. Typical code quality tools are limited to per-file analysis and don’t catch bugs that traverse files. While SAST tools do, they are security-focused and run by security teams.
We built Lift to provide developers deep code analysis focused on catching performance and reliability bugs that can lead to critical vulnerabilities similar to those increasingly exploited in recent attacks. And, we have done it in a way that helps developers fix more bugs, without slowing them down or requiring them to switch contexts.”

Sonatype says that Lift will forever be free for public repositories as part of its long-standing commitment to supporting the world’s open-source community.

Lift’s unified code analysis pipeline brings 26+ tools across 11 languages to catch a wide range of bug types and uses the proven methods and technologies from Facebook (Infer) and Google (ErrorProne).