Sonatype Expands its Fully Automated Open Source Security and Governance Solution to Support C/C++, PHP, and Ruby

Nexus Lifecycle now allows users to scan applications for open source software vulnerabilities, automatically enforce open source governance policies, and easily remediate open source risk for 27 different languages and package formats.

Fulton, MD – March 12, 2020 — Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced it’s further expanded its language coverage within Nexus Lifecycle to include Conan (C/C++), Composer (PHP), and RubyGems (Ruby), including the ability to create and contextually enforce policies. By continuing to increase support for the most popular component formats, Nexus Lifecycle is helping millions of developers and security professionals to automatically govern open source hygiene across every phase of the software development lifecycle (SDLC).

With the addition of C/C++, PHP, and Ruby, Nexus Lifecycle now supports 27 programming languages and package formats, further meeting the diverse needs of enterprise development teams.

According to Sonatype’s 2019 State of the Software Supply Chain Report, 1 in 10 open source components downloaded by development teams had known security vulnerabilities. This doesn’t represent the number of components that will be discovered as vulnerable over time, nor potential open source licensing risk, about which organizations should also be concerned. The ability to automate open source governance, enforce policies, and remediate vulnerabilities is vital to application security in today’s world. In fact, the same report showed that managed software supply chains reduced the percentage of vulnerable components used in finished applications by 55%.

“Organizations keep software applications safe, not by chance, but by preparation, and in many cases supported by automation. But, automation without accuracy can be detrimental, giving a false sense of security,” said Brian Fox, CTO of Sonatype. “Developers need broad and accurate component intelligence they can trust for proper security hygiene. By extending our coverage to even more languages, we’re providing our customers with more reliability and confidence, while increasing productivity.”

Organizations using Nexus Lifecycle and C/C++, PHP, and Ruby will now be able to:

  • Create custom security, license, and architectural policies and contextually enforce those policies across every stage of the SDLC
  • Select safer components throughout the software supply chain, and reduce risk
  • Automatically enforce policies and view expert remediation guidance in the tools developers use every day

Sonatype remains committed to creating the most universally applicable, polyglot software supply chain automation tools. This is just one of many releases dedicated to expanding the languages with native support across the Nexus Platform.

Leave a Reply

Your email address will not be published. Required fields are marked *