JFrog Ltd., the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today released Conan 2.0. Available for download immediately, Conan 2.0 features the ability to model the most advanced C and C++ application dependency graphs and software binary packages, making it easier for developers to securely reproduce artifact builds and quickly deliver innovative products at scale.
“Conan 2.0 builds on years of open source experience and use by thousands of companies and hundreds of thousands of developers worldwide and aims to help solve a key challenge: managing software dependencies,” said Diego Rodriguez-Losada, co-founder of Conan.io and Lead Architect at JFrog . “For organizations designing applications for high-performance, embedded and IoT use cases, Conan 2.0 gives visibility of dependencies across their entire software supply chain so they can move forward with confidence and peace of mind that their software supply chain is secure. Conan 2.0 was built with and by the C/C++ community. At JFrog, we are honored to be fueled by open source and excited to give back this powerful version of package and binary management.”
According to JFrog’s recent Software Artifact State of the Union report, highlighting the
packages and binaries most in use by developers to create software consumed by end users today, Conan usage grew 5.2X in 2022, indicating broader adoption by a growing number of companies, such as those designing for embedded, IoT, or edge applications.
TomTom, a global leader in location technology for drivers, carmakers, enterprises and developers, is using Conan/C/C++ to develop applications across many different platforms. TomTom utilized Conan to modernize its approach to software development, enabling its developers to quickly rebuild components while fetching dependencies as compiled binaries through JFrog Artifactory. The shift to a binary-centric approach allowed TomTom to accelerate its software supply chain by producing binary artifacts that could be shared easily across developers. “With every single release we have seen great improvement to our development chain – we are looking forward to the major leap bringing us to the next level,” said Maikel van den Hurk, Staff Software Engineer at TomTom.
Conan 2.0 New Features and Capabilities
Conan 2.0 delivers a new era of powerful C and C++ package manager capabilities, giving developers increased flexibility in creating powerful CI/CD pipelines, ultimately allowing teams to scale and accelerate development. Key new features include:
● New “signing” plugin to help better secure the software supply chain: Conan 2.0’s
flexible framework allows organizations to add signatures to their software packages to
protect their applications from malicious third-party code.
● Enterprise-ready package management framework: New open APIs, custom
commands, and multiple new extensions deliver next-generation flexibility and security
for building new applications.
● New artifact modeling and dependency management: Advanced comprehension of
the relationship between various portions of the software components – so developers
spend less time needlessly recreating their work and teams can more efficiently re-use
binaries with confidence.
● Revamped scalability and security: Conan 2.0 utilizes lockfiles to ‘pin down’ all
versions of software dependencies, ensuring organizations have a framework for safely
reproducing builds and accelerating their CI/CD pipelines without compromising the
agility of their developers to choose new versions of software on-demand to further
innovation.
“I am really excited for Conan 2.0. By starting the Conan tribe in 2020, the Conan team has made sure to incorporate user feedback into this upcoming release,” said Kerstin Keller,
software developer for Continental. “I’m really looking forward to the improved lockfile handling which Conan 2.0 will bring. Together with the new Python API, this will greatly simplify our CI workflows.”
Conan is already used by several thousand companies worldwide in industries ranging from
automotive and aerospace to robotics and healthcare. With hundreds of thousands of downloads every month, Conan 2.0 will further improve the C++ ecosystem by giving millions of developers the necessary tools to accurately capture binary dependencies, delivering scalability and flexibility as they secure their software supply chain.
Maxime Bergantz, Senior Software Engineer, Bosch
“Already with Conan 1.x, we were amazed by how well it covers our (sometimes quite special) use cases with just the right mixture of a robust framework and lots of flexibility. As embedded system developers, Conan 2.0 brings us an even better control of our build processes by adding new generators and more fine grained package environments. We’re also looking forward to the new public Python APIs and extension system which will boost our capabilities in C++ build automation.”