Microsoft bolstered its GitHub operations by acquiring software engineering analytics firm Semmle for an undisclosed amount. The move ties in a security component to the open source supply chain. Semmle’s semantic code analysis engine allows developers and security teams to discover and track potential vulnerabilities in their code. They can then tag those concerns to that code that is distributed into the open source community. (SDX Central)