Nexus now more health conscious

Sonatype Nexus 2.0 brings intelligence to repository management

Chris Mayer
Nexus-logo.1

The repository manager gets some extra tools at its disposal – including repository health checks.

Six years since the first version made its appearance, Sonatype
has released Nexus Professional 2.0, bringing an array of new
features and enhancements to the premier repository management
tool.

VP of Product Management at Sonatype,
Brian Fox noted
how far the entire practice of repository
management had come in the time Nexus had been around – saying that
barely anyone considered using repository managers when they
started but have become ‘essential’ to development teams.

Sonatype are making big claims about three new features to
Nexus 2.0. Firstly, the advocation of a new availability
architecture
that makes it easier to support
distributed teams and the inclusion of smart proxies
that connects two or more instances of Nexus in
real-time, meaning that repositories can be run in sync. This is of
great benefit to development teams, who previously would have to
create a workaround in distributed architectures. Not anymore, as
the smart proxy keeps everything in check, without a drop in
performance.

We can expect a plug-in later in the year
(Sonatype Insight for Nexus) which combines real-time
quality, security and licensing information with a rules engine to
enable effective governance of component
usage.

Next, we have the addition of the ability to request
a repository health check from the Sonatype
Insight service, which claims to be neither invasive nor
disruptive. Fox says that “Nexus sends non-identifiable
hash codes for artifacts to the Insight service which then returns
actionable quality, security, and licensing information about the
open source components in your repositories.”

It flags up potential security threats and license
issues in the repository as either Critical, Severe or
Moderate. 
Nexus has realised that open source code can
often contain vulnerabilties and the ability to process a report
that highlights the flaws can help teams form a solid security
policy.

Finally, there’s also enhanced .NET support.
Sonatype claim that they have 65% repository management
marketshare, suggesting they are indeed the developer’s choice when
it comes to keeping a tight check on what goes into your
repository.


In addition to the enterprise-class features
available in the latest release of Sonatype Nexus Professional,
Sonatype has made significant enhancements to the open source
software version too. Developers can now customise their
repositories using a simplified plug-in API, while more flexible
licensing for plug-ins serves to enhance the overall plug-in
ecosystem by encouraging more community contributions. Sonatype say
that product testing across both the open source and Professional
versions, shows a dramatic 40 percent reduction in build times from
version 1.9.2 to version 2.0,

Sonatype
Nexus Professional 2.0
supports Java, OSGi and .NET
repositories. Pricing for Sonatype Nexus Professional
2.0 is $120 per user
. Sonatype have provided a neat
video detailing all these features new to Nexus 2.0 so why not
check it out? 

Author
Comments
comments powered by Disqus