Sonatype recently released a free beta version of the Sonatype Insight Plugin for Eclipse that allows you to more efficiently manage and select Java components. It is part of the Sonatype Insight product line that helps organizations take advantage of open source-based development while improving quality and reducing security and licensing risks.
See what components are used, which versions, and when updates are available
We want to make component based development as easy as possible by providing you the tools to choose the right components from the beginning to speed development, improve quality, and reduce costly rework. This plugin, the first of a series of development tools, helps you tame the issues typically associated with utilizing open source Java components, including:
- Determining when new component versions are available and making informed update decisions
- Understanding what versions of each component are used in your project
- Identifying where specific components are used
- Updating components throughout your project
The plugin is build tool agnostic, and so works with all Java projects in general (Java, PDE, Maven, etc.).
This is just the beginning. We’ll be adding features to help you choose components that meet your security, quality, and licensing standards by providing useful information about each component right in the IDE. For example, we’ll alert you when a component, or one of its dependencies has known security vulnerabilities. You’ll also be able to tell how each component or dependency is licensed without having to hunt through the code yourself.
So tame your dependencies today and get the Sonatype Insight Plugin for Eclipse.
We’ve made several improvements to the Central Repository (Maven Central) to support the incredible growth in both the number of components and the number of developers using it. If you use specific IPs to allow access to Central, you’ll need to update your firewall as described below.
Since 2007, Central has been hosted at Contegix in a shared rack with 100mbps data connections to the Internet. We’ve worked with Contegix to acquire a new dedicated switch that will have a 1gb connection directly to their core routers. The routing to the switches is done at the Layer 3 (IP) level and this means we are moving to a new dedicated ip subnet:
- 126.96.36.199/27 (188.8.131.52 – 184.108.40.206)
In addition to the network upgrade, we’ve added an entirely new tool to our belts: Dyn (formerly DynDNS.com) is partnering with us to provide active monitoring, failover and global load balancing along with enterprise DNS services for maven.org via their DynECT Managed DNS solution. DNS resolution time should be noticeably faster as Dyn has DNS servers all around the world.
A few months ago we announced that the US Maven Central server had been moved over to a virtual system.
In the natural course of machine rotations, I had some out of warranty machines de-racked, packaged up and sent from the Contegix datacenter to our headquarters in Silver Spring, MD.
When I was unboxing them it dawned on me for the first time that I was laying eyes on a machine so many people have relied upon for years and yet had been so far unseen. Well here it is:
A few facts about Central during the time it was hosted on the machine you see here (3/2007 – 3/2011):
- Original configuration:
- Dell PowerEdge 2950
- 2 x E5310 Xeon 1.6ghz processors
- 4gb 533Mhz RAM
- 3 x 73gb SAS 15k Hard drives
- Artifacts requested over 12 billion times by 14.3 million unique IP addresses
- Repository size as of Jan, 2009: 60gb (this is the earliest confirmed size I can track down)
- Repository size as of today: 286gb
- Projected size next month with the addition of Java.net: 350gb
- This machine never had a hardware failure. In fact, even the original drives and RAM are still functioning perfectly.
- It was only rebooted / powercycled twice, once to add more RAM and once to add some bigger disks
It boggles my mind to think about how many applications both commercial and open source contain bits fetched from this singular machine. Now that we have 2 machines in the UK and 2 VMs floating across 6 hosts in the US, there can never be a single machine in the future we can gaze upon and say “that was Central.”
We’ve rolled out an update to Maven Central Search that makes the tool easier to use and fixes a handful of minor bugs.
Access the browser bar by selecting the edit icon
Browse quickly to artifact directories when you know the path. The new browser bar text box lets you browse the repository in Central Search in almost the same way you browse http://repo1.maven.org with your web browser. Just type a path into the browser bar text box and you’ll be taken right to the artifact directory.Accessing the browser bar is easy –select the edit icon (which looks like a pen) next to the repository path in the Browse view and the repository path will be replaced with the browser bartext box.
Type your search into the browser bar and select OK
- Classname search is more flexible. You can paste in a path to a source file (e.g., org/apache/coyote/ajp/AjpAprProcessor.java) or to a class file (e.g, org/apache/coyote/ajp/AjpAprProcessor.class), and Central Search will construct a fully-qualified classname search from it.
- Multi-page results are easier to browse. When search results run longer than your browser window, you can navigate from page to page without scrolling back to the top of the page as was previously required.
- Browse view performance is improved. Long pages in the Browse view of the repository are now cached. This improves responsiveness when viewing the root directory of the Browse view (as well as the org, com, and net directories)..
Sonatype is going through the archives and digging up articles that we think would be useful to developers using our tools. If you use Maven, keep reading the post below from Sonatype Vice President of Engineering Brian Fox on Maven best practices and how-tos.
We have a handful of Maven best practice and how-tos documented in the blogs. Over time they get buried by newer posts, but the content is still just as relevant. Learn more about Maven by checking out the following blogs:
(1) Why Putting Repositories in your pom is a bad idea
How to properly manage repository definitions and why you shouldn’t declare them in your poms.
(2) Best Practices for Releasing with 3rd Party Snapshot Dependencies
How to most effectively create your own internal release of a snapshot dependency.
(3) Maven Continuous Integration Best Practices
Multiple techniques for running Maven builds from a CI system.