With these additions, we continue our commitment to providing the broadest software supply chain coverage in the market.
Go is a pillar in many companies with large teams of developers working together and has a loyal following. Stackshare.io reports that Go is used by 11,133 developers and 2,730 companies. It’s known for its reliable standard library and a thriving community, but also comes with a few notable risks. The Golang ecosystem features a broadly distributed module management solution. Although Google now runs a trusted central module mirror, package maintainers do not register with Google in any way and are ultimately responsible for hosting their packages and making sure they stay available. This decentralized approach offers some advantages, however, for end users it makes the governance of packages completely opaque. This opens the door for domain snipers and other bad actors who are intent on carrying out software supply chain attacks.
Now, Rust and Go users can leverage the Phylum platform to secure their software supply chains. Starting now, many of the sophisticated techniques we use to investigate packages will also be applied to Cargo and Golang dependencies. In the coming weeks and months, we will continue to increase support as well as to gather data that would not be available through package managers. This allows users to take meaningful control of dependencies and gain insights into changes in their software supply chain that would be invisible when using ecosystem tooling alone.
Sign up for the free Phylum Community Edition here.