News and Notes from the Makers of Nexus | Sonatype Blog

We Speak Your Language - New Ecosystems Available in Nexus Lifecycle

Written by Alyssa Shames | March 12, 2020

There are more than 700+ programming languages to choose from and different languages gain popularity and momentum at any time. In fact, since 2012 there has been a new “favorite” programming language each year. This highlights the dynamic nature of the development landscape and the necessity for the community to continuously adapt with it.

With that, I’m excited to announce that Sonatype has expanded our ecosystem coverage to include C/C++ Conan, PHP Composer, and RubyGems directly in Nexus Lifecycle. These additions open the door for new actions to be taken against these languages, including setting and enforcing policy, scanning for vulnerabilities, remediation, and reporting.

As you may remember, in 2017, we released Nexus Lifecycle XC, which expanded our coverage to a larger ecosystem of languages including Ruby, PHP, Swift, Cocoapods, and others. Since then, we’ve been working to bring these languages directly into Nexus Lifecycle, continuing our pursuit of powering Nexus Lifecycle with precisely accurate, comprehensive open source vulnerability and component intelligence.

While Nexus Lifecycle XC isn’t going away any time soon, the addition of these languages in Nexus Lifecycle means a few new enhancements are coming your way. Let’s review what the addition of these languages means:

Faster Time to Action with Policy Enforcement + Reporting

What’s more important than having data? Being able to do something with it. Users can now perform policy evaluations for C/C++, PHP, and Ruby in Nexus Lifecycle, something that is not available in XC. Another bonus is the ability to remediate and report on these languages.

Unrivaled, In-Depth Component Intelligence

Developers require broad, accurate, and trustworthy component intelligence for proper application security hygiene. Bringing C/C++, Ruby, and PHP into Nexus Lifecycle means we’ve introduced a new data source in Nexus Lifecycle, ultimately increasing our breadth of coverage and providing more thorough and comprehensive intelligence. Know you are selecting the best and safest components based on real-time intelligence.

At Sonatype, we’re committed to providing a market-leading intelligence engine for open source governance. This is just one more step we’ve taken in actualizing this goal. What do we have in store for the future? Stay tuned on our plans to roll-out more ecosystems by visiting my.sonatype.com