The Geneva-based company SonarSource is broadening its scope with the acquisition of Tidelift, a key player in securing open source libraries.
The Geneva-based company SonarSource, operating under the name Sonar, recently announced a definitive agreement for the acquisition of Tidelift, an American provider of security solutions for the software supply chain.
The financial details of this acquisition have not been revealed by the Geneva publisher, which is one of the rare Swiss unicorns (company valued at a billion dollars or more). The Tidelift buyout aims to expand Sonar’s coverage to open source libraries, in addition to code written by developers and AI.
“Tidelift and Sonar are naturally aligned through a shared vision: to improve code everywhere and optimize the developer experience. We were impressed by Tidelift’s approach to improving open source software and look forward to welcoming the team to Sonar,” said Tariq Shaukat, CEO of Sonar.
As a reminder, software supply chain security has become a major issue. Faced with threats to complex application environments, organizations are striving to better control, understand and monitor their dependencies on code from open source libraries (learn more in our article on the subject).
According to Sonar’s press release, Tidelift plays a key role in paying the maintainers of thousands of the world’s most widely used open source projects. This incentive-based approach significantly increases the adoption of rigorous security practices. Tidelift’s business offering also includes security analysis and maintenance services for open source components, as well as the provision of software nomenclature tools (SBOM). Please note that its acquisition by Sonar will have no impact on the Tidelift offer, which will continue to be available. Founded in 2017, Tidelift counts prestigious names like Cisco and the US Air Force among its clients.
Swiss
