Already Powering the World of AI, Automotive, Aerospace, Robotics and Healthcare, the New C/C++ Package Manager Will Help Organizations Build and Secure Software Pipelines at Scale
JFrog creators of the JFrog Software Supply Chain Platform released Conan 2.0. The platform is available for download immediately and features the ability to model the most advanced C and C++ application dependency graphs and software binary packages, making it easier for developers to securely reproduce artifact builds and quickly deliver innovative products at scale.
“Conan 2.0 builds on years of open source experience and use by thousands of companies and hundreds of thousands of developers worldwide and aims to help solve a key challenge: managing software dependencies,” said Diego Rodriguez-Losada, co-founder of Conan.io and Lead Architect at JFrog . “For organizations designing applications for high-performance, embedded and IoT use cases, Conan 2.0 gives visibility of dependencies across their entire software supply chain so they can move forward with confidence and peace of mind that their software supply chain is secure. Conan 2.0 was built with and by the C/C++ community. At JFrog, we are honored to be fueled by open source and excited to give back this powerful version of package and binary management.”
According to JFrog’s recent Software Artifact State of the Union report, highlighting the packages and binaries most in use by developers to create software consumed by end users today, Conan usage grew 5.2X in 2022, indicating broader adoption by a growing number of companies, such as those designing for embedded, IoT, or edge applications.
TomTom, a global leader in location technology for drivers, carmakers, enterprises and developers, is using Conan/C/C++ to develop applications across many different platforms. TomTom utilized Conan to modernize its approach to software development, enabling its developers to quickly rebuild components while fetching dependencies as compiled binaries through JFrog Artifactory. The shift to a binary-centric approach allowed TomTom to accelerate its software supply chain by producing binary artifacts that could be shared easily across developers. “With every single release we have seen great improvement to our development chain – we are looking forward to the major leap bringing us to the next level,” said Maikel van den Hurk, Staff Software Engineer at TomTom.
Conan 2.0 New Features and Capabilities
Conan 2.0 delivers a new era of powerful C and C++ package manager capabilities, giving developers increased flexibility in creating powerful CI/CD pipelines, ultimately allowing teams to scale and accelerate development. Key new features include:
- New “signing” plugin to help better secure the software supply chain: Conan 2.0’s flexible framework allows organizations to add signatures to their software packages to protect their applications from malicious third-party code.
- Enterprise-ready package management framework: New open APIs, custom commands, and multiple new extensions deliver next-generation flexibility and security for building new applications.
- New artifact modeling and dependency management: Advanced comprehension of the relationship between various portions of the software components – so developers spend less time needlessly recreating their work and teams can more efficiently re-use binaries with confidence.
- Revamped scalability and security: Conan 2.0 utilizes lockfiles to ‘pin down’ all versions of software dependencies, ensuring organizations have a framework for safely reproducing builds and accelerating their CI/CD pipelines without compromising the agility of their developers to choose new versions of software on-demand to further innovation.
“I am really excited for Conan 2.0. By starting the Conan tribe in 2020, the Conan team has made sure to incorporate user feedback into this upcoming release,” said Kerstin Keller, software developer for Continental. “I’m really looking forward to the improved lockfile handling which Conan 2.0 will bring. Together with the new Python API, this will greatly simplify our CI workflows.”
Conan is already used by several thousand companies worldwide in industries ranging from automotive and aerospace to robotics and healthcare. With hundreds of thousands of downloads every month, Conan 2.0 will further improve the C++ ecosystem by giving millions of developers the necessary tools to accurately capture binary dependencies, delivering scalability and flexibility as they secure their software supply chain.
