Category Archives: Nexus Repo Reel

RebelLabs Java Survey Results: Developers Love Nexus


June 2, 2014 By
Derek Weeks
Nexus Leaderboard

Another informative and well-presented RebelLabs survey has hit the streets. Their 2014 Java Tools and Technologies Landscape report was just released and hats off to them for ‘their better than ever response rate’ and their good will for charity donations from each completed survey response. This year’s survey covers more than a dozen different tool/technology segments within the Java industry.

Continue reading...

Replace plain text username and password with a user token – The Nexus 2 Minute Challenge


By
Mark Miller
The Nexus 2 Minute Challenge

In this segment of the Nexus 2 Minute Challenge,  we’re going to look at the Nexus User Token feature. The user token relates to the username and password that is used to connect to Nexus. In this  example, there is a Maven .xml file  where the username and password is in clear text.  This is […]

Continue reading...

4 Open Source Components You Need to Update Right Now


May 7, 2014 By
Brian Fox
Component Vulnerability Stats

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on downloads from the (Maven) Central Repository, I’m sitting here with my jaw hanging open. Over 46 million Java-based open source components containing known vulnerabilities were downloaded from the Central Repository in 2013*.

Continue reading...

The Nexus 2 Minute Challenge Video Series


April 29, 2014 By
Mark Miller
The Nexus 2 Minute Challenge

In March, Manfred Moser and I introduced the concept of a “Nexus 2 Minute Challenge“, where I would ask Manfred to accomplish a specific task in Nexus in less than 2 minutes. The series was an immediate hit with over 1300 views within the first month. Here’s the inaugural video, Enable Component Version Discovery, from […]

Continue reading...

Sonatype Nexus Security Advisory


January 16, 2014 By
Brian Fox
Security Advisory

Sonatype Nexus Security Advisory Date: January 14, 2014 Affected Versions: Nexus OSS/Pro versions prior to and including 2.7.0-06 Summary: A critical security vulnerability has been discovered by Sonatype in Nexus requiring immediate action. The vulnerability makes use of an execution path in an open source library that we have now (with the available patch) added […]

Continue reading...