SonarSource, a key player in the code quality and security industry, has acquired German startup RIPS Technologies, a developer of code security analysers, for an undisclosed amount.

The acquisition will enable SonarSource, which is headquartered in Geneva, Switzerland, to build static application security testing (SAST) products for development teams. The company claims this will include “the most accurate and powerful code security analyser” available, supporting “the programming languages and technologies that are used globally to build software.

At present SonarSource is a leading name in the code quality and security space, with its suite of products including SonarQube, an open-source platform that enables code to be continually inspected to detect bugs and security vulnerabilities while products are being developed.

RIPS Technologies, meanwhile, has become known for its PHP code analyser, which SonarSource describes as “best-in-class”, with the capability to “automatically detect even complex and deeply nested vulnerabilities”. The company has also recently added support for a number of other languages, including Java and Javascript.

SonarSource acquisition of RIPS Technologies to enable code security market disruption

The acquisition of RIPS Technologies by SonarSource will enable the company to take on the current code security market, providing a “completely new angle” to application security.

Vulnerabilities in code are a major source of cybersecurity incidents, with developers regularly issuing patches to fix exploits in already live products. Microsoft, for example, issues patches very regularly, with its monthly Patch Tuesday being a key talking point among infosecurity professionals.

However, SonarSource believes that the availability of SAST products for developers remains limited, while the code security market is still very under-developed. As a result it believes there is considerable potential to enhance built-in code security analysis at the development stage, and so reduce the number of vulnerabilities that make it to live products.

“The code security market very much looks like the code quality market 10 years ago: niche and very fragmented,” said Olivier Gaudin, CEO and co-founder of SonarSource.

“At SonarSource we are committed to disrupting this market, building the best products and having those adopted by all developers and development teams. I am excited about this acquisition, which will enable us to accelerate on code security by having more precise analysers as part of our massively adopted products, SonarQube, SonarLint and SonarCloud.”

The acquisition will see RIPS Technologies become SonarSource’s fourth office, with Dr Johannes Dahse, RIPS CEO and co-founder, becoming SonarSource’s head of R&D.

“Our team has a long history in building highly efficient code analysis solutions with a focus on detecting security vulnerabilities,” said Dahse.

“Merging with SonarSource is a perfect fit and enables us to unfold our unique technology to the worldwide developer community. We are thrilled to join forces with a fast-growing technology company that has an amazing culture and world-class products.”


Read more: Featurespace nets £30m to expand fraud-detecting AI