Application Security , Next-Generation Technologies & Secure Development

Sonar Adds Code Architecture Insights With Structure101 Buy

New Features From Structure101 Simplify Code Structure, Future-Proof Development
Sonar Adds Code Architecture Insights With Structure101 Buy
Image: Shutterstock

Sonar purchased a boutique Irish code structure analysis pioneer led by the same person since 1999 to make code more maintainable and easier to evolve.

See Also: Security and Compliance of the Open Source Software Dependencies You Rely On

The Geneva-based code security vendor said its acquisition of Structure101 will help Sonar address structural design problems that affect the software's long-term maintainability, said Vice President of Product Fabrice Bellingard. The deal adds capabilities to define and enforce architectural constraints within software development workflows, and it will help developers manage technical debt and improve software design.

"Structural issues are the most difficult part of software development," Bellingard told Information Security Media Group. "As more and more code is written, especially with the rise of generative AI teams, they want to ensure that their code is going to be easy to evolve over time and that the cost of evolving software remains under control."

Structure101 was established in 1999, employs 10 people and has been led since inception by Chris Chedgey, who previously oversaw a team that developed control software for the robotic arm on the International Space Station. After the acquisition closed this summer, Chedgey joined Sonar as a product manager. Terms of the transaction, which is Sonar's first acquisition since 2020, aren't being disclosed (see: SonarSource Raises $412M on $4.7B Valuation to Grow in Asia).

What Sets Structure101's Approach Apart

While Sonar has historically focused on detecting bugs and security vulnerabilities in code, the more difficult part of software engineering is ensuring good architecture since poor code design increases the cost of software evolution and maintenance over time, Bellingard said. Structure101's focus on software architecture complements Sonar's existing strength in helping developers write better code, he said.

"We know that the difficult part of software engineering is having a good design and having a good architecture in the code," he said. "This is what will dictate how well your software will be able to evolve. When the code is not designed in a way that is going to be easy to change, easy to understand, it's going to cost more for developers to read it, understand it and collect some new functionalities."

Poor software architecture and design can create challenges since, without careful planning, future modifications can become expensive and complicated, according to Bellingard. He specifically called out the problem of cyclic dependencies in code and said it's essential for developers to focus on modular, well-structured code that reduces interdependencies. Structure101 will address structural code issues (see: Securing Applications, Accelerating DevOps With Clean Code).

"The difficult part of software development is to map the existing world to a model that is going to work now and in the future," he said. "If you don't translate the existing world and specifications into a model which is not a spaghetti of different entities, every time you have to plug something in one part of the model, you will have to touch many other different parts because they have a lot of dependencies."

How Sonar, Structure101 Will Be Brought Together

The first part of the integration process is adding Structure101's design rules into Sonar's developer workflows, and Bellingard said the team started with Java and plans to extend support to more than 30 programming languages, enabling developers to detect several design issues, including cyclic dependencies. By early 2025, Sonar will enable technical leads to define and enforce architectural constraints on codebases.

"We've already released some design rules of some of our languages, Java, which looks specifically at how when you write the code, you have cyclic dependencies between the code, which is really bad," he said. "The second part is to allow the tech leads to define the architectural constraints within Sonar and use the Structure101 engine to verify that these architectural constraints are not violated."

Structure101's visual representation of code dependencies will be crucial in helping developers understand and address these issues, which Bellingard said will improve code maintainability and reduce long-term costs for businesses. Structure101's desktop-based visualization tools must be translated into web technologies, which Bellingard said will give developers clearer insights into their code architecture.

"The problem with structural dependencies is that usually it involves plenty of different parts of the code," Bellingard said. "And if you don't have a visual representation of it for the developer, it's going to be extremely difficult to first understand the magnitude of the plan and then to really see where the dependencies have to be cut."

The integration of Structure101 will drive growth by helping development teams better manage their codebases, which will consequently reduce technical debt and improve code quality, Bellingard said. Poor code quality and technical debt cost companies more than a trillion dollars annually, and he said Sonar can help reduce this burden by making sure codebases remain maintainable and evolve in a sustainable way (see: SQL Injection: A High-Value Target for Attackers).

"We're going to track how many customers are effectively using our functionalities and how they are leveraging it," Bellingard said. "The more these teams use the functionalities, the more code they would put under control in Sonar, and given that our business model is based on lines of code, more lines of code means more business."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.