Sonatype Ups Open-Source Support

March 13, 2020

Sonatype expanded its language coverage within Nexus Lifecycle to include Conan (C/C++), Composer (PHP), and RubyGems (Ruby), including the ability to create and contextually enforce policies. By continuing to increase support for the most popular component formats, Nexus Lifecycle is helping millions of developers and security professionals to automatically govern open source hygiene across every phase of the software development lifecycle (SDLC).

With the addition of C/C++, PHP, and Ruby, Nexus Lifecycle now supports 27 programming languages and package formats, further meeting the diverse needs of enterprise development teams.

According to Sonatype’s 2019 State of the Software Supply Chain Report, 1 in 10 open source components downloaded by development teams had known security vulnerabilities. This doesn’t represent the number of components that will be discovered as vulnerable over time, nor potential open source licensing risk, about which organizations should also be concerned. The ability to automate open source governance, enforce policies, and remediate vulnerabilities is vital to application security in today’s world. In fact, the same report showed that managed software supply chains reduced the percentage of vulnerable components used in finished applications by 55%.

“Organizations keep software applications safe, not by chance, but by preparation, and in many cases supported by automation. But, automation without accuracy can be detrimental, giving a false sense of security,” said Brian Fox, CTO of Sonatype. “Developers need broad and accurate component intelligence they can trust for proper security hygiene. By extending our coverage to even more languages, we’re providing our customers with more reliability and confidence, while increasing productivity.”

Organizations using Nexus Lifecycle and C/C++, PHP, and Ruby will now be able to:

Create custom security, license, and architectural policies and contextually enforce those policies across every stage of the SDLC

Select safer components throughout the software supply chain, and reduce risk

Automatically enforce policies and view expert remediation guidance in the tools developers use every day

Sonatype remains committed to creating the most universally applicable, polyglot software supply chain automation tools. This is just one of many releases dedicated to expanding the languages with native support across the Nexus Platform.

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement