UPDATED 15:02 EDT / DECEMBER 17 2024

APPS

Sonar acquires open-source security specialist Tidelift

SonarSource SA, which does business as Sonar, said today that it has signed a definitive agreement to acquire Tidelift Inc., a provider of services to manage open-source components. Terms weren’t disclosed.

Sonar, which sells tools that check software code for bugs, inconsistencies and security flaws, said the deal will help round out its offerings in the areas of software supply chain security, extending its coverage to include open-source libraries in addition to code built by business developers.

“Today, Sonar addresses risks in third-party code through static code analysis,” said Harry Wang, Sonar’s vice president of growth and new ventures. “The acquisition of Tidelift greatly expands Sonar’s ability to bring curated, human-verified open-source software vulnerability intelligence to our developer users.”

Open-source software is ubiquitous in commercial products. Black Duck Inc.’s 2024 Open Source Security and Risk Analysis Report said 96% of commercial code bases contain open-source code and the average application number has 526 open-source components.

Because open-source software is free for anyone to modify, it is also easily compromised. Sonartype Inc. recently said it counted nearly 513,000 malicious packages in open-source software in the past year, a 156% increase over the previous year.

Tidelift, which has raised $73.5 million according to the business database Crunchbase, helps improve the health and security of open source by paying the maintainers of thousands of the world’s most popular open source projects to follow industry-leading secure software development practices. It says paid open-source maintainers are 55% more likely to implement critical security and maintenance practices than unpaid maintainers.

Sonar focuses on organizations that build software for their own use. Its technology provides insights into security issues, alerts and remediation assistance, services that are likely to be extended to open-source projects following the acquisition.

Founded in 2017, Tidelift has a long open-source pedigree. Co-founder Donald Fischer (pictured) was previously chief executive officer of Typesafe Inc., now Lightbend Inc., which built infrastructure software based on open-source components. He was also an executive at Red Hat Inc.

Co-founder Havoc Pennington was also at Typesafe and was one of the original developers of Gnome, an open-source desktop environment for Linux and other Unix-like operating systems. Tidelift customers include Cisco Systems Inc., the Federal National Mortgage Association and the U.S. Air Force.

Sonar said it will continue to make the Tidelift offering available for the immediate future and customers and maintainer partners won’t experience any disruptions. The company said further details will be provided in the first quarter of 2025.

“We expect to announce new capabilities for SonarQube in the first half of 2025,” Wang said, referring to Sonar’s core platform. “These new capabilities will cover all code, including open source and third-party libraries, depending on customer access.”

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.