Phylum Adds Rust and Go to Its Supported Languages
With these additions, we continue our commitment to providing the broadest software supply chain coverage in the market.
According to a Developer Nation report, the use of Rust tripled in size from just 0.6M developers in Q1 2020 to 2.2M in Q1 2022, and Statista reports that Rust was the most desired language in 2022. It’s undeniable that Rust has grown tremendously as a language, both in popularity and in maturity, but early design decisions in the language's evolution continue to haunt us into the present. It features a rather austere standard library, and a very robust package management system, which means that developers need to draw from community managed packages much more frequently. The side effect of this is that Rust has more widely sprawling dependency trees, much like the Javascript/NPM ecosystem, which has many of the same symptoms.
Go is a pillar in many companies with large teams of developers working together and has a loyal following. Stackshare.io reports that Go is used by 11,133 developers and 2,730 companies. It’s known for its reliable standard library and a thriving community, but also comes with a few notable risks. The Golang ecosystem features a broadly distributed module management solution. Although Google now runs a trusted central module mirror, package maintainers do not register with Google in any way and are ultimately responsible for hosting their packages and making sure they stay available. This decentralized approach offers some advantages, however, for end users it makes the governance of packages completely opaque. This opens the door for domain snipers and other bad actors who are intent on carrying out software supply chain attacks.
Now, Rust and Go users can leverage the Phylum platform to secure their software supply chains. Starting now, many of the sophisticated techniques we use to investigate packages will also be applied to Cargo and Golang dependencies. In the coming weeks and months, we will continue to increase support as well as to gather data that would not be available through package managers. This allows users to take meaningful control of dependencies and gain insights into changes in their software supply chain that would be invisible when using ecosystem tooling alone.
In addition to Rust and Go, Phylum supports TypeScript, Python, Ruby, C#, Java, JavaScript.
Sign up for the free Phylum Community Edition here.
