Sonatype Goes Long with Go: Delivers Fully Automated Security Solution for Fast Growing Programming Language
07/24/2019 | 11:53am EST
SAN DIEGO – GopherCon, July 24, 2019 (GLOBE NEWSWIRE) -- Today, Sonatype, the inventors of software supply chain automation, announced full support for Go (Golang) across the Nexus Platform, giving Go development teams an easy way to manage Go packages and automatically eliminate security risk across the entire software development lifecycle, including production applications. With the addition of Go, the Nexus Platform now supports 42 programming languages and package formats, further meeting the diverse needs of enterprise development teams.
One of the world’s fastest growing programming languages, Golang has seen incredible growth among developers and has been readily embraced at leading tech companies. However, as the language grows in popularity, the potential for third-party packages to introduce vulnerabilities within development and production applications only increases.
“As we look toward the future of software development, Go is likely to become the primary language for server side development. It’s simple, straightforward and easy to learn; it’s clear why so many developers love it,” said Brian Fox, CTO of Sonatype. “Furthermore, because Go is supported by a vibrant community, the number of Go packages available to front-line developers will continue to grow rapidly. And, as we’ve seen time and time before, when developers use third-party packages to build applications, it’s critical for their organizations to understand the quality, security, and licensing of those packages.”
“Go is steadily rising towards being the de facto language for servers and CLI tools, among other categories. The addition of formal package management support to the toolchain will only accelerate this process. Sonatype has implemented a range of supporting services that allow an organization to manage a private Go package ecosystem, but also adds in automated software supply chain management and intelligence on known security vulnerabilities,” said Sam Boyer, lead engineer of the predecessor to Go modules. “Good data about OSS vulnerabilities is hard to come by in any language, and Sonatype has earned its well-deserved reputation by making it easier for developers to access this information.“
With the addition of new Nexus Platform capabilities that enable Go support, Nexus continues to expand its coverage across popular programming languages and package formats. Now, Go development teams can leverage the Nexus Platform to secure their entire SDLC in an automated fashion using:
Nexus Repository to proxy Go remote repositories using Go Mod along with the GOPROXY environment variable
Nexus Firewall to stop risk at the front door, by developing policies that automatically prevent vulnerable or compromised Go packages from entering the software development lifecycle
Nexus Lifecycle to automatically and contextually enforce policies across the entire SDLC and ensure that Go applications contain secure packages
Nexus integrations to continuously enforce policies within popular pipeline tools used by Go developers, including Jenkins, GitHub, Jira, and Maven, Eclipse, and VS Code.
For individual developers or organizations just getting started with open source governance, Sonatype also offers a suite of free tools including:
More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline. Sonatype is privately held with investments from Accel Partners, Goldman Sachs, Hummer Winblad Venture Partners and TPG. Learn more at www.sonatype.com.