There are more than 700+ programming languages to choose from and different languages gain popularity and momentum at any time. In fact, since 2012 there has been a new "favorite" programming language each year. This highlights the dynamic nature of the development landscape and the necessity for the community to continuously adapt with it.
With that, I'm excited to announce that Sonatype has expanded our ecosystem coverage to include C/C++ Conan, PHP Composer, and RubyGems directly in Sonatype Lifecycle. These additions open the door for new actions to be taken against these languages, including setting and enforcing policy, scanning for vulnerabilities, remediation, and reporting.
As you may remember, in 2017, we released Sonatype Lifecycle XC, which expanded our coverage to a larger ecosystem of languages including Ruby, PHP, Swift, Cocoapods, and others. Since then, we've been working to bring these languages directly into Sonatype Lifecycle, continuing our pursuit of powering Sonatype Lifecycle with precisely accurate, comprehensive open source vulnerability and component intelligence.
While Sonatype Lifecycle XC isn't going away any time soon, the addition of these languages in Sonatype Lifecycle means a few new enhancements are coming your way.
Faster time to action with policy enforcement + reporting
What's more important than having data? Being able to do something with it. Users can now perform policy evaluations for C/C++, PHP, and Ruby in Sonatype Lifecycle, something that is not available in XC. Another bonus is the ability to remediate and report on these languages.
Unrivaled, in-depth component intelligence
Developers require broad, accurate, and trustworthy component intelligence for proper application security hygiene. Bringing C/C++, Ruby, and PHP into Sonatype Lifecycle means we've introduced a new data source in Sonatype Lifecycle, ultimately increasing our breadth of coverage and providing more thorough and comprehensive intelligence. Know you are selecting the best and safest components based on real-time intelligence.
At Sonatype, we're committed to providing a market-leading intelligence engine for open source governance. This is just one more step we’ve taken in actualizing this goal. What do we have in store for the future? Stay tuned on our plans to roll-out more ecosystems.
