Performance analyzers, linkers, compilers, GUI designers, assemblers, code editors, debuggers — there are more software development tools on the market than you could shake an ergonomic keyboard at. In 2019, the DevOps market alone was worth $3.5 billion, and as software becomes more layered and complex, it creates problems for developers trying to manage multiple tools and systems running simultaneously — and often with imperfect integrations.
As companies build tools and services that leverage the latest coding techniques, many have come to rely on open-source technology. However, building business applications on open-sourced code can have its drawbacks — namely, hidden bugs and security vulnerabilities. Many companies have emerged in recent years to help businesses wring the benefits from open-sourced projects while protecting from the inherent risks, a number of which have opened offices in Boston.
The city has emerged as an engineering hub for international businesses building developer tools — particularly in the field of open source management. And as the city continues to attract the attention of VCs, Boston’s contributions to developer tool kits worldwide remain strong.
Used for: Identifying vulnerabilities in open-source code.
What it does: Open-source code is a fantastic resource for developers who aren’t looking to reinvent the wheel every time they start a project. However, building critical tools and services on community code can open businesses up to undetected vulnerabilities in the source. WhiteSource says its technology identifies vulnerabilities, prioritizes fixes based on each vulnerability’s relevance to a business’ operations and generates pull requests with suggested fixes. The company also offers open-source management tools for containerized applications.
Company background: Headquartered in Tel Aviv, WhiteSource was founded in 2011. The company has mainly chosen to rely on revenue over investments for cash, though it did raise a $35 million Series C in 2018 from Microsoft’s M12 VC firm and others. WhiteSource was an early player in the field of software composition analysis tools, which companies use to audit projects built on open-source code.
Used for: Monitoring, troubleshooting and securing applications built using Grafana and Elasticsearch, Logstash and Kibana, known together as ELK.
What it does: A growing number of companies increasingly rely on Grafana, an open-source analytics and visualization tool, as well as the combined stack known as ELK. The latter combines Elasticsearch, a search and analytics engine, Logstash, a server-side processing pipeline, and Kibana, a data visualization tool. However, the complexity of relying on the raw open-source code — with any number of hidden bugs and imperfections — can have heavy implications for businesses. Logz.io packages them for use in a business context and automatically scans for bugs and security issues in a company’s code.
Company background: Logz.io ranked on Built In Boston’s 50 Startups to Watch in 2018, and followed it up with a $52 million funding round last year. The company has offices in Boston, Tel Aviv and London.
Used for: Managing open-source code security management.
What it does: Snyk’s platform is another player in the field of open source vulnerability detection and response. The company maintains a database of known vulnerabilities, along with a tool designed to find and fix potential security compromises within a business’ open-source code. Snyk says its platform also prevents vulnerabilities from passing through build processes by adding an automated test within continuous integration or continuous development workflows.
Company background: Snyk works with companies like Intuit, Mastercard, Google and the BBC and raised a whopping $150 million Series C in January, propelling it to unicorn status. Meanwhile, Snyk claimed a 400 percent year-over-year revenue increase in 2019. The company is headquartered in London, with a large office in Boston.
Used for: Building applications for web, mobile and desktop, especially user interfaces.
What it does: Developers use Qt’s integrated development environment for C++, JavaScript, Python and QML applications, connected devices, and user interfaces. The platform, dubbed Qt Creator, specializes in graphical UI development structures and also allows users to write code and debug projects within the same platform. Qt says the product integrates with popular version control systems like Git, Subversion and Mercurial, and allows devs to port apps created for one operating system into others without requiring massive rewrites.
Company background: Headquartered in Helsinki, Qt has been around since the mid-1990s. In addition to its integrated development environment, Qt’s Design Studio software puts developers and designers to work on a unified framework and language to reduce the time between iterations. Qt’s stateside offices are in Boston, Silicon Valley and Detroit.
