Liquid software company JFrog and the team at Conan, which was acquired by JFrog back in 2016, today announced the release of Conan 2.0, providing developers with the ability to model advanced C and C++ application dependency graphs and software binary packages.
This release is intended to make it simpler for developers to securely reproduce artifact builds as well as accelerate the delivery of products at scale.
Conan 2.0 offers several new features and capabilities, including a new “signing” plugin in order to help better secure the software supply chain. This allows organizations to add signatures to their software packages so their applications can be protected from malicious third-party code.
“Conan 2.0 builds on years of open source experience and use by thousands of companies and hundreds of thousands of developers worldwide and aims to help solve a key challenge: managing software dependencies,” said Diego Rodriguez-Losada, co-founder of Conan.io and lead architect at JFrog. “For organizations designing applications for high-performance, embedded and IoT use cases, Conan 2.0 gives visibility of dependencies across their entire software supply chain so they can move forward with confidence and peace of mind that their software supply chain is secure. Conan 2.0 was built with and by the C/C++ community. At JFrog, we are honored to be fueled by open source and excited to give back this powerful version of package and binary management.”
This release brings a new enterprise-ready package management framework that provides users with new open APIs, custom commands, and new extensions to deliver improved flexibility and security for building new applications.
Conan 2.0 also provides improved comprehension of the relationship between various portions of the software components. According to JFrog, this gives developers power over their time so teams can more efficiently re-use binaries.
Lastly, users gain access to better scalability and security with lockfiles to “pin down” all of the versions of software dependencies, providing organizations with a framework for reproducing builds and speeding up their CI/CD pipelines without sacrificing agility.