DEVOPSdigest

Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.

With the addition of Cargo support, Rust developers can leverage Sonatype’s tools to identify and mitigate potential vulnerabilities, block malicious open source from entering software development, and enforce security policies.

Predicted to become a top ten TIOBE coding language in 2025, Rust is designed for building efficient, reliable applications that prioritize security and memory safety, making it a programming language of choice for critical infrastructure and federal systems software.

Sonatype now provides Rust developers with:

- Enhanced Security: Developers can now automatically detect and remediate vulnerabilities within Rust packages and dependencies, reducing the risk of supply chain attacks and blocking malicious Rust packages.

- Compliance Assurance: Ensure Rust components comply with organizational policies and regulatory requirements, giving developers peace of mind in meeting security and legal obligations.

- Ongoing Monitoring: Continuous monitoring of Rust dependencies to quickly address newly discovered vulnerabilities without interrupting the software development lifecycle.

- Component Delivery: Cargo support in Sonatype Nexus Repository speeds up delivery and ensures continuous open source component delivery, even during outages.

- Comprehensive Insights: Gain visibility into open source Rust components being used across teams, and enforce security gates that align with best practices for secure software development.

"As Rust continues to gain momentum in the open source community, we are excited to extend our security and compliance capabilities to support its developers," said Brian Fox, Co-founder and CTO of Sonatype. "Our goal is to empower organizations to innovate confidently, knowing that their software supply chains are safeguarded. With Cargo support, Rust developers can now benefit from the same rigorous security and governance practices that thousands of organizations rely on for other popular programming languages."

With the addition of Cargo support, Sonatype reaffirms its commitment to offering comprehensive, next-generation open source management and security solutions that meet the evolving needs of the development community. Organizations that depend on Sonatype’s platform can now easily integrate Rust into their development pipelines, leveraging advanced security and governance features to ensure a resilient and compliant software infrastructure.

“Rust addresses critical challenges in software development, offering memory safety and concurrency without sacrificing performance,” said Joel Marcey, Director of Technology at The Rust Foundation. “Providing an opportunity for organizations small and large to build with Rust is an important step in furthering mainstream adoption for secure software development via memory-safe languages.”