:
Skip Navigation
Resources Blog Enhanced support for Python in Sonatype Lifecycle

Enhanced support for Python in Sonatype Lifecycle

At Sonatype, we pride ourselves on arming development and security teams with precise and actionable intelligence to build software faster, with less risk. Which is why I am happy to announce that we recently improved the precision with which we identify and secure PyPI packages in Sonatype Lifecycle.

This new release comes at a time when Python is quickly becoming the standard for developers and data scientists, according to a recent survey and as witnessed by our own customer usage. Downloads from the PyPI repository grew significantly in the past year according to Sonatype's 2018 State of the Software Supply Chain, averaging between 4.3 and 4.7 billion per month. And with every language, as usage increases, so does potential security vulnerabilities and license risk. In fact, approximately 11% of components housed in PyPI have a known vulnerability.

While we have been able to block undesirable Python packages from entering the software supply chain with Sonatype Repository Firewall for some time, this new release of Sonatype Lifecycle fully automates PyPI governance across the entire software development life cycle (SDLC).

Now, development and application security teams can:

  • Define open source component policies by organization, team, and application type across the SDLC.

  • Continuously visualize component intelligence within their favorite tools including the Jenkins, Bamboo, and Maven plugins.

  • Automatically and contextually enforce policies across the entire DevOps pipeline.

Check out this video from Andres Perez, Solutions Consultant to see how it works:

New to Sonatype Lifecycle or just want to learn more? Visit us on my.sonatype.com to download new releases, view documentation, and chat with other Sonatype Lifecycle customers.

Picture of Michelle Dufty

Written by Michelle Dufty

Michelle Dufty is the Senior Director of Product Marketing at Sonatype where she brings solutions to market that unite development, security, and operations teams to accelerate software innovation while minimizing open source risk.