Sonatype Nexus 2.0 brings intelligence to repository management
The repository manager gets some extra tools at its disposal – including repository health checks.
Six years since the first version made its appearance, Sonatype has released Nexus Professional 2.0, bringing an array of new features and enhancements to the premier repository management tool.
VP of Product Management at Sonatype, Brian Fox noted how far the entire practice of repository management had come in the time Nexus had been around – saying that barely anyone considered using repository managers when they started but have become ‘essential’ to development teams.
Sonatype are making big claims about three new features to Nexus 2.0. Firstly, the advocation of a new availability architecture that makes it easier to support distributed teams and the inclusion of smart proxies that connects two or more instances of Nexus in real-time, meaning that repositories can be run in sync. This is of great benefit to development teams, who previously would have to create a workaround in distributed architectures. Not anymore, as the smart proxy keeps everything in check, without a drop in performance.
We can expect a plug-in later in the year (Sonatype Insight for Nexus) which combines real-time quality, security and licensing information with a rules engine to enable effective governance of component usage.
Next, we have the addition of the ability to request a repository health check from the Sonatype Insight service, which claims to be neither invasive nor disruptive. Fox says that “Nexus sends non-identifiable hash codes for artifacts to the Insight service which then returns actionable quality, security, and licensing information about the open source components in your repositories.”
It flags up potential security threats and license issues in the repository as either Critical, Severe or Moderate. Nexus has realised that open source code can often contain vulnerabilties and the ability to process a report that highlights the flaws can help teams form a solid security policy.
Finally, there’s also enhanced .NET support. Sonatype claim that they have 65% repository management marketshare, suggesting they are indeed the developer’s choice when it comes to keeping a tight check on what goes into your repository.
In addition to the enterprise-class features
available in the latest release of Sonatype Nexus Professional,
Sonatype has made significant enhancements to the open source
software version too. Developers can now customise their
repositories using a simplified plug-in API, while more flexible
licensing for plug-ins serves to enhance the overall plug-in
ecosystem by encouraging more community contributions. Sonatype say
that product testing across both the open source and Professional
versions, shows a dramatic 40 percent reduction in build times from
version 1.9.2 to version 2.0,
Sonatype Nexus Professional 2.0 supports Java, OSGi and .NET repositories. Pricing for Sonatype Nexus Professional 2.0 is $120 per user. Sonatype have provided a neat video detailing all these features new to Nexus 2.0 so why not check it out?