GitLab, which helps businesses manage their software development and operations lifecycle from planning to deployment and monitoring, has acquired Gemnasium, a service that alerts developers of known security vulnerabilities in open source libraries and helps them resolve those issues.
Gemnasium will wind down its operations over the next few weeks. The company expects to completely shut down its service on May 15. All of the Gemnasium team will move to Gitlab. Until then, signups will remain open, though now is probably not the best time to jump on this service.
GitLab, which is currently in use by almost 100,000 companies, will integrate Gemnasium’s service technology into its own platform, which already includes tools for static and dynamic application security testing.
“GitLab’s vision is to provide best-in-class tools for the complete DevOps lifecycle in a single application,” said Sid Sijbrandij, CEO of GitLab, in today’s announcement. “Gemnasium is the best dependency monitoring solution on the market, and we are excited to be making its team part of the GitLab experience.”
GitLab’s acquisition follows a similar move by GitHub, which recently acquired vulnerability scanner Appcanary and which also offers its users a similar set of security tools to alert them of vulnerabilities in third-party libraries.
In a frank assessment of why this sale happened, the Gemnasium team today notes that it was the launch of GitHub’s own security alerts feature (which the founders argue is inferior to Gemnasium’s) that put an end to the startup’s plans. With the vast majority of its revenue coming from GitHub users, the launch of GitHub’s own service — even after bringing Gemnasium into the GitHub marketplace — meant that the service’s churn rate doubled and its monthly recurring revenue stopped growing.
“I know GitHub’s traction, number of users, and free pricing will eventually put Gemnasium out of business in 2018. It is time to find a new home for the team,” writes Gemnasium founder Philippe Lafoucrière.
For those who want the features of Gemnasium without having to use GitLab, GitHub and their competitors to also manage their code and projects, there are still a number of similar services on the market. These include the likes of Spacewalk, Landscape, CoreOS Clair, Nessus Agents and ThreatStack — a group of companies that both GitLab and GitHub suggest to previous Appcanary and Gemnasium users (until those, too, get acquired…).