Resources Blog New Language? No Problem. New Ecosystems in Sonatype ...

New Language? No Problem. New Ecosystems in Sonatype Lifecycle and Repository Firewall

A few months ago we announced some exciting ecosystem updates to Sonatype Lifecycle. Today, I’m happy to expand upon that with the news of even more ecosystem coverage added to Sonatype Lifecycle, as well as some new additions to Sonatype Repository Firewall.

These new ecosystems bring Sonatype Lifecycle and Sonatype Repository Firewall coverage to more than 35 programming languages and package formats:

Ecosystem Sonatype Lifecycle Sonatype Repository Firewall



New New
BowerBower X New


New New


New New
Conda New New


New New


New New

New X
rpm New  Already Included
Composer Already Included New


Already Included New

This is especially exciting to customers for a few reasons:

Shifting Security Even Farther Left

Repository Firewall already shifts open source governance to the earliest point in software development, effectively shutting the door on compromised components before they can enter the DevOps pipeline. Now, we’ve more than doubled the number of ecosystems that we can proactively protect against.

Comprehensive Component Intelligence + Policy Enforcement

We know that not all organizations use the same languages and package managers, which is why ecosystem breadth and depth is so important. By doubling the ecosystem coverage in Sonatype Lifecycle, you have even more visibility into open source risk across the entire software development lifecycle (SDLC), as well as a wider range of coverage when creating and contextually enforcing policy, reporting, and remediating.

From the beginning, Sonatype has been committed to developing the most universally applicable, polyglot software supply chain automation tools for both development and security teams. The addition of these new ecosystems moves us one step closer to achieving that goal as we continue to refine the data and research supporting these ecosystems.

See it in action here:

Learn more about Sonatype Lifecycle and Repository Firewall ecosystems on For a full list of languages and package managers that Sonatype supports, click here.

Picture of Alyssa Shames

Written by Alyssa Shames

Alyssa is Sonatype's product marketing manager for Nexus Lifecycle, Nexus Firewall, and Nexus Auditor. She is passionate about bringing the right tools to the open source community to shift security left and reduce open source risk.