DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • DevOps Onramp
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Latest News Releases » Sonatype Expands its Fully Automated Open Source Security and Governance Solution to Support C/C++, PHP, and Ruby

Sonatype Expands its Fully Automated Open Source Security and Governance Solution to Support C/C++, PHP, and Ruby

By: Deborah Schalm on March 12, 2020 2 Comments

Nexus Lifecycle now allows users to scan applications for open source software vulnerabilities, automatically enforce open source governance policies, and easily remediate open source risk for 27 different languages and package formats.

Recent Posts By Deborah Schalm
  • Exabeam Reinvents Security Analytics with Fusion XDR and Fusion SIEM Cloud Products to Address Security Needs at Scale
  • New Study Reveals Importance of Optimized Strategy for the Selection, Support, and Maintenance of Open Source Software
  • Applitools Integrates With Rally for Fast and Automated Bug Management
More from Deborah Schalm
Related Posts
  • Sonatype Expands its Fully Automated Open Source Security and Governance Solution to Support C/C++, PHP, and Ruby
  • Sonatype Strengthens Continuous Delivery with New Atlassian Integrations
  • Sonatype Acquires Vor Security; Introduces Nexus Lifecycle XC
    Related Categories
  • Latest News Releases
    Related Topics
  • sonatype
Show more
Show less

Fulton, MD – March 12, 2020 — Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced it’s further expanded its language coverage within Nexus Lifecycle to include Conan (C/C++), Composer (PHP), and RubyGems (Ruby), including the ability to create and contextually enforce policies. By continuing to increase support for the most popular component formats, Nexus Lifecycle is helping millions of developers and security professionals to automatically govern open source hygiene across every phase of the software development lifecycle (SDLC).

CloudNativeDay 2022

With the addition of C/C++, PHP, and Ruby, Nexus Lifecycle now supports 27 programming languages and package formats, further meeting the diverse needs of enterprise development teams.

According to Sonatype’s 2019 State of the Software Supply Chain Report, 1 in 10 open source components downloaded by development teams had known security vulnerabilities. This doesn’t represent the number of components that will be discovered as vulnerable over time, nor potential open source licensing risk, about which organizations should also be concerned. The ability to automate open source governance, enforce policies, and remediate vulnerabilities is vital to application security in today’s world. In fact, the same report showed that managed software supply chains reduced the percentage of vulnerable components used in finished applications by 55%.

“Organizations keep software applications safe, not by chance, but by preparation, and in many cases supported by automation. But, automation without accuracy can be detrimental, giving a false sense of security,” said Brian Fox, CTO of Sonatype. “Developers need broad and accurate component intelligence they can trust for proper security hygiene. By extending our coverage to even more languages, we’re providing our customers with more reliability and confidence, while increasing productivity.”

Organizations using Nexus Lifecycle and C/C++, PHP, and Ruby will now be able to:

  • Create custom security, license, and architectural policies and contextually enforce those policies across every stage of the SDLC
  • Select safer components throughout the software supply chain, and reduce risk
  • Automatically enforce policies and view expert remediation guidance in the tools developers use every day

Sonatype remains committed to creating the most universally applicable, polyglot software supply chain automation tools. This is just one of many releases dedicated to expanding the languages with native support across the Nexus Platform.

Additional Resources: 

  • Read more about Sonatype’s Nexus Lifecycle’s support for C/C++, PHP, and Ruby on our blog
  • Check-out why Nexus Lifecycle is continuously #1 on IT Central Station for enterprises

About Sonatype

Sonatype is the leader in software supply chain automation technology with more than 350 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit Sonatype.com, or connect with us on Facebook, Twitter, or LinkedIn.

Filed Under: Latest News Releases Tagged With: sonatype

Sponsored Content
Featured eBook
The State of the CI/CD/ARA Market: Convergence

The State of the CI/CD/ARA Market: Convergence

The entire CI/CD/ARA market has been in flux almost since its inception. No sooner did we find a solution to a given problem than a better idea came along. The level of change has been intensified by increasing use, which has driven changes to underlying tools. Changes in infrastructure, such ... Read More
« Atlassian Adds No-Code Automation Tool to Jira Cloud
Catchpoint Provides Free Remote Monitoring Tools to Help Combat COVID-19 Pandemic »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

VSM, an Ideal Framework for Continuous Security Dashboards
Wednesday, August 10, 2022 - 11:00 am EDT
LIVE WORKSHOP - Accelerate Software Delivery With Value Stream Mapping
Wednesday, August 10, 2022 - 1:00 pm EDT
10 steps to continuous performance testing in DevOps
Thursday, August 11, 2022 - 3:00 pm EDT

Latest from DevOps.com

MLOps Vs. DevOps: What’s the Difference?
August 10, 2022 | Gilad David Maayan
GitHub Brings 2FA to JavaScript Package Manager
August 9, 2022 | Mike Vizard
CREST Defines Quality Verification Standard for AppSec Testing
August 9, 2022 | Mike Vizard
IBM Unveils Simulation Tool for Attacking SCM Platforms
August 9, 2022 | Mike Vizard
Tech Workers Struggle With Hybrid IT Complexity
August 9, 2022 | Brandon Shopp

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

The Automated Enterprise
The Automated Enterprise

Most Read on DevOps.com

Recession! DevOps Hiring Freeze | Data Centers Suck (Power) ...
August 4, 2022 | Richi Jennings
Palo Alto Networks Extends Checkov Tool for Securing Infrast...
August 3, 2022 | Mike Vizard
Developer-led Landscape & 2022 Outlook
August 3, 2022 | Alan Shimel
Orgs Struggle to Get App Modernization Right
August 4, 2022 | Mike Vizard
GitHub Adds Tools to Simplify Management of Software Develop...
August 4, 2022 | Mike Vizard

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.