shanecoughlan
commented
4 years ago Adding @goneall, @zvr and @MarkGisi for comments.
Closed jeremiah closed 4 years ago
shanecoughlan
commented
4 years ago Adding @goneall, @zvr and @MarkGisi for comments.
goneall
commented
4 years ago I tend to agree that "Programming Language agnostic" is a big ask for tools. In the compliance space, it is common for tools to support multiple languages - so perhaps we should change from "Language agnostic" to "support programming languages used in the [organization/enterprise]".
theopenchainproject
commented
4 years ago Thread appears to be dead. Closing.
In my experience, having a tool be programming language agnostic is not common. It is a lot of work to support the myriad programming languages available. Many of the tools now are dual use and they look for security issues as well as license and copyright and there is a large installed base of such tools that have to work together. All of these factors seem to point to a more heterogeneous tooling landscape, especially in larger enterprises.
Some newer tools, like Quartermaster, are focused on compile time instrumentation which holds some promise but of course only for compiled languages.
If the output of the tool, regardless of the programming language, adheres to a specification (e.g. SPDX), then I think the programming language agnostic requirement might be able to be de-emphasized.