Software Development
March 19, 2022 by Phu Nguyen

Sonatype Lift, a Deep Code Analysis Platform – InApps Technology 2025

Sonatype Lift, a Deep Code Analysis Platform – InApps Technology is an article under the topic Software Development Many of you are most interested in today !! Today, let’s InApps.net learn Sonatype Lift, a Deep Code Analysis Platform – InApps Technology in today’s post !

Key Summary

This article from InApps Technology, authored by Phu Nguyen, introduces Sonatype Lift, a deep code analysis platform launched by Sonatype, a leader in software supply chain management and security. Following the acquisition of MuseDev, Sonatype Lift combines advanced code analysis with software composition analysis (SCA) to enhance code quality, security, and developer workflows. The platform integrates seamlessly into existing development processes, supporting multiple languages and repositories.

  • Context:
    • Sonatype’s Acquisition: Acquired MuseDev in 2022, merging its code analysis technology with Sonatype’s SCA capabilities to create Lift.
    • Purpose: Provides developers with tools to scan for bugs, vulnerabilities, and code quality issues, improving software reliability and security.
  • Sonatype Lift Features:
    • Deep Code Analysis: Scans code and dependencies for bugs, style issues, and performance bottlenecks, including advanced issues like null pointer exceptions in library functions.
    • Supported Languages: Covers 11 languages (Java, C, C++, JavaScript, Python, Golang, Ruby, Kotlin, Shell, Haskell, Markdown).
    • Analyzers: Integrates tools like Facebook’s Infer and Google’s ErrorProne for comprehensive analysis.
    • Repository Integration: Supports GitHub, GitLab, and Bitbucket, embedding results in code reviews for seamless developer workflows.
    • SCA Integration: Uses Sonatype’s OSS Index to identify vulnerable open-source libraries.
    • Code Quality: Flags best-practice violations (e.g., missing Java override annotations) to enforce coding standards.
    • Automation: Push-button deployment and configuration simplify setup, with automation tailored for enterprise-scale use (e.g., across 2,000 repositories).
    • Deployment Options: Available as SaaS or on-premises.
  • Key Benefits:
    • Improved Bug Fix Rates: Inspired by Facebook’s Infer, Lift’s code review integration boosts bug fix rates by 70%.
    • Developer Experience: Simplifies adoption with automated tool configuration, reducing setup complexity.
    • Comprehensive Analysis: Goes beyond localized checks, analyzing cross-codebase issues and library dependencies.
    • Scalability: Designed for enterprise needs, with automation to handle large-scale deployments.
  • Expertise and Vision:
    • Stephen Magill: Former MuseDev CEO, now Sonatype’s VP of Product Innovation, brings expertise in static analysis from his Ph.D. background.
    • Goal: Enhance enterprise adoption by ensuring Lift scales efficiently and integrates with existing workflows.
  • InApps Insight:
    • InApps Technology, ranked 1st in Vietnam and 5th in Southeast Asia for app and software development, aligns with Sonatype’s focus on secure, high-quality software development.
    • Leverages technologies like React Native, ReactJS, Node.js, Vue.js, Microsoft’s Power Platform, Azure, Power Fx (low-code), Azure Durable Functions, and GraphQL APIs (e.g., Apollo) to deliver robust solutions.
    • Supports startups and enterprises with Millennial-driven expectations, offering outsourcing services for secure software development, including code analysis integration.
    • Capitalizes on Vietnam’s 430,000 software developers and 1.03 million ICT professionals for cost-effective, high-quality solutions.
  • Call to Action:
    • Contact InApps Technology at www.inapps.net to explore secure software development solutions or integrate tools like Sonatype Lift into your workflows.
Read More:   Surviving the 3 Fallacies of Learning to Code – InApps 2022

Read more about Sonatype Lift, a Deep Code Analysis Platform – InApps Technology at Wikipedia

You can find content about Sonatype Lift, a Deep Code Analysis Platform – InApps Technology from the Wikipedia website

Software supply chain management and security tooling company Sonatype has released Sonatype Lift, a deep code analysis platform that gives developers the ability to scan for a wide range of bug types and code issues.

The launch follows the company’s acquisition of code analysis platform MuseDev earlier this year, and Stephen Magill, formerly MuseDev CEO and now vice president of product innovation at Sonatype, says that Lift is a combination of the technology originally developed at MuseDev with software composition analysis capabilities that were already in development at Sonatype.

“Those really came together in this Lift product,” Magill said. “There was great alignment from a technology perspective, also from an engineering and culture perspective, once we got in there and started working together. It’s really enabled us to pretty quickly combine these technology bases and provide this product.”

Part of that alignment comes from Magill’s area of expertise. Magill, whose background is in the static analysis, explained that just getting some of the tools up and running can be the first problem for developers looking to analyze their code. Lift brings a variety of analyzers, including Infer from Facebook and ErrorProne from Google, that work across 11 different languages — Java, C, C++, JavaScript, Python, Golang, Ruby, Kotlin, Shell, Haskell, and Markdown — directly into their existing workflow in minutes.

“I did my Ph.D. in that area, and, for some of these capabilities, that’s sort of expertise you need to really get the most out of the tool and get it up and running in the optimal way. And so we have provided that expertise, packaged it up, built a lot of automation around the deployment of these tools, so that it is really easy to get up and running with them in a push-button manner,” said Magill.

Read More:   Glitch Brings ‘View Source’ Philosophy to React, Node.js – InApps Technology 2022

Lift supports GitHub, GitLab, and Bitbucket, where the tool analyzes the code and integrates the results as part of the code review process, taking a page from Facebook, which noticed during its testing of its Infer analyzer that code review integration improved bug fix rates by 70%.

“I think that’s a great example of the importance of getting integration right, getting the developer experience right, and if you can do that, you can get it to the point where it’s actually easier to just fix the bug in the moment than have a discussion about whether it should be fixed or when,” said Magill.

Lift scans not only the code repository in question but analyzes dependencies as well, bringing in software composition analysis (SCA) data from Sonatype’s OSS INDEX to report vulnerable open source libraries. Beyond security issues, Lift also looks for style issues and code quality issues that might affect performance. Magill offered the example of using the override annotation in Java when you’re explicitly overriding a method from a superclass as something Lift will surface during code review.

“That’s sort of best practice. You can get away with not doing it, the compiler will complain but the code will compile fine. But it really is something that most Java teams that you talk to, they would prefer to have that in there and have that enforced,” explained Magill.

In addition, Magill said that Lift goes beyond other tools by bringing “deep code quality scanners” to its users, which find issues that would otherwise go unnoticed.

“There are tools that look for very localized patterns around, say, null pointer exceptions — are you assigning null at the beginning of a method and dereferencing it in that same method. We go beyond that and look across the codebase,” Magill said. “We’ll even flag things like, ‘Oh, you’re using this library function in a way that can cause a null pointer exception,’ and you’ve probably never even looked at the source code for that library function, so if you don’t know that, in certain cases, it returns null. We’ll surface that.”

Read More:   How to Deploy the Joget No-Code Developer Platform – InApps

Lift is available both as SaaS and as on-prem for Sonatype users, and Magill said that the next steps for Lift are to make sure it works well for Sonatype’s enterprise users. Already, Sonatype has developed “a lot of automation around how we configure these tools,” said Magill, but moving forward that needs to be brought to the scale necessary for enterprise users.

“It’s also really important when it comes to deploying a capability like this at scale across a large enterprise, because if you think, ‘Okay, I’m going to take this tool and roll it out across 2,000 repositories,’ you don’t want to configure it by hand for those 2000 repositories. That’s going to be awful. So, that sort of automation is super important for applying it at scale and addressing that enterprise use case,” Magill said.

Source: InApps.net

Rate this post
Phu Nguyen
Phu Nguyen
As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.

Let’s create the next big thing together!

Coming together is a beginning. Keeping together is progress. Working together is success.

Let’s talk

Recommended

Software Development
May 21, 2024 by Thuận Cao

Top 11 Application Software Examples You Should Know

web application engineer salary
Offshore News, Offshore Software Development Center, Software Development, Web Design & Development
May 20, 2024 by Thuận Cao

How much do web developers make in Vietnam?

most popular AI programming languages
Offshore News, Offshore Software Development Center, Software Development, Tech News
April 24, 2024 by Thuận Cao

2024’s Most Popular AI Programming Languages for Your Projects

top game engines for C++
Software Development
February 19, 2024 by Thuận Cao

Top 24 Game Engines for C++ Developers and Startups Love

Software Development
January 16, 2024 by Thuận Cao

Top 20 Software Tools for Efficient Software Development

software development trends
Software Development, Tech News
January 10, 2024 by Thuận Cao

25 Important Software Development Trends 2024

outsource software development in vietnam
Offshore Software Development Center, Software Development, Tech News
November 14, 2023 by Thuận Cao

Quick Guide To Outsource Offshore Software Development Services

best offshore development center
Offshore Software Development Center, Software Development, Tech News
October 13, 2023 by Thuận Cao

15 Best Offshore Software Development Companies In The World

the-rust-programming-language-all-you-need-to-know
Software Development
January 11, 2023 by Phu Nguyen

The Rust Programming Language – All You Need To Know

how-to-install-rust
Software Development
January 10, 2023 by Phu Nguyen

How to Install Rust – Tutorial with detail instructions

Get a custom Proposal

Please fill in your information and your need to get a suitable solution.

    You need to enter your email to download

      Success. Downloading...

      Blog post

      9 Practical Tips to Choose a Mobile App Development Company for 2025

      Picture this: You finally decide to build a mobile application, as a solution to drive your business growth. However, you then have to choose the right mobile…

      View detail >
      Offshore AI Chatbot Development: Driving Business Innovation

      In today’s fast‑paced market, companies demand intelligent conversational solutions that engage customers 24/7 without ballooning costs. Offshore AI chatbot development offers a perfect blend of expertise, cost‑efficiency,…

      View detail >
      Offshore AI Development Center Services: Unlocking Global AI Expertise

      Navigating the complex world of artificial intelligence (AI) development can be daunting. From recruiting specialized talent to managing project timelines and budgets, companies often struggle to build…

      View detail >
      AI‑Driven Automation: 7 Real‑Life Business Success Stories (2025 Update)

      Turning AI from Buzzword to Business Boost AI automation isn’t just a flashy tech trend—it’s the engine behind faster deliveries, more engaging customer experiences, and leaner operations….

      View detail >

      Locations

      Ho Chi Minh (Headquarter)

      110, Cach Mang Thang Tam Street, Vo Thi Sau Ward, District 3, Ho Chi Minh City, Vietnam 
      +84 838 030 816
      sales@inapps.net

      United Kingdom Branch

      107 Putney High Street, London SW15 1SS, United Kingdom
      sales@inapps.net

      Australia Branch

      888 Brunswick St, New Farm, Brisbane, QLD 4005, Australia
      sales@inapps.net
      location hover 90245, El Segundo, CA, USA
      location hover 238, 3/2 Street, Ward 12, District 10, Ho Chi Minh City, Vietnam

      © 2021 InApps Technology, All rights reserved