Brian Fox, Co-Founder and CTO of Sonatype, said:
“Developers are increasingly responsible for ensuring their code is both secure and high-quality. Typical code quality tools are limited to per-file analysis and don’t catch bugs that traverse files. While SAST tools do, they are security-focused and run by security teams.
We built Lift to provide developers deep code analysis focused on catching performance and reliability bugs that can lead to critical vulnerabilities similar to those increasingly exploited in recent attacks. And, we have done it in a way that helps developers fix more bugs, without slowing them down or requiring them to switch contexts.”
Sonatype says that Lift will forever be free for public repositories as part of its long-standing commitment to supporting the world’s open-source community.
Lift’s unified code analysis pipeline brings 26+ tools across 11 languages to catch a wide range of bug types and uses the proven methods and technologies from Facebook (Infer) and Google (ErrorProne).