A few months ago we announced some exciting ecosystem updates to Sonatype Lifecycle. Today, I’m happy to expand upon that with the news of even more ecosystem coverage added to Sonatype Lifecycle, as well as some new additions to Sonatype Repository Firewall.
These new ecosystems bring Sonatype Lifecycle and Sonatype Repository Firewall coverage to more than 35 programming languages and package formats:
| Ecosystem | Sonatype Lifecycle | Sonatype Repository Firewall |
|
Alpine |
New | New |
 Bower |
X | New |
|
|
New | New |
 CocoaPods |
New | New |
 |
New | New |
 CRAN |
New | New |
|
|
New | New |
 |
New | X |
 |
New | Already Included |
 |
Already Included | New |
|
|
Already Included | New |
Cargo
This is especially exciting to customers for a few reasons:
Shifting Security Even Farther Left
Repository Firewall already shifts open source governance to the earliest point in software development, effectively shutting the door on compromised components before they can enter the DevOps pipeline. Now, we’ve more than doubled the number of ecosystems that we can proactively protect against.
Comprehensive Component Intelligence + Policy Enforcement
We know that not all organizations use the same languages and package managers, which is why ecosystem breadth and depth is so important. By doubling the ecosystem coverage in Sonatype Lifecycle, you have even more visibility into open source risk across the entire software development lifecycle (SDLC), as well as a wider range of coverage when creating and contextually enforcing policy, reporting, and remediating.
From the beginning, Sonatype has been committed to developing the most universally applicable, polyglot software supply chain automation tools for both development and security teams. The addition of these new ecosystems moves us one step closer to achieving that goal as we continue to refine the data and research supporting these ecosystems.
See it in action here:
Learn more about Sonatype Lifecycle and Repository Firewall ecosystems on my.sonatype.com. For a full list of languages and package managers that Sonatype supports, click here.
