If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you know, organizations still struggle with the challenge of ensuring developers and build systems only acquire components from the repository manager. Which is why, having the ability to run a Repository Health Check is an added benefit every repository manager should be aware of.
In this week’s Nexus Office Hours, we’re going to spend some time showing you how quick and easy it is to identify specific components with security vulnerabilities and unacceptable licenses. You will be able about to see a summary view of the artifacts that have been analyzed in the selected repository and the number of security and license alerts that have been detected. This includes:
- A breakdown of the vulnerabilities based on severity and threat level
- The number of licenses detected in each category and what licenses could be causing conflicts
Spend this hour with our Nexus experts and let them show you how to start using the Repository Health Check to see a complete breakdown of vulnerabilities and threats that span your entire development lifecycle. See you there!
How to join: No registration required. Just RSVP on Google+ and the event will appear in your google calendar. You can join through your calendar invite or by returning to the event page.
Do you have Nexus expertise to share? Join this month’s Nexus Ninja panel. Leave us a comment on the event page and we’ll invite you to join the video conference. Space is limited, so be sure to sign up early!
Wondering what’s new in Nexus? Just ask the experts.
We’re hosting another Nexus Office Hours this Friday, on Google+ Hangout On Air. Our Nexus experts Brian Fox, Manfred Moser and Rich Seddon will demo the latest in Nexus and dedicate most of the hour to Q&A time with you!
How to join: No registration required, just RSVP on Google+, and the event will appear in your calendar. You can join through your calendar invite or by returning to the event page at the start of the hangout. Be sure to bring your Nexus questions with you. If you can’t make it — be sure to leave your questions on the event page in the comments section and we’ll be sure to answer them during the session. That way you can tune into the recording later, and get your answers!
*Interested in joining our panel that day in the video conference? Sign up for one of the spots on our panel, by leaving us a comment on the event page and we’ll invite you in before we go live. Space is limited, so be sure to sign up early!
Please feel free to pass along this invite to your friends and colleagues.
Wondering what’s new in Nexus? Wishing you had a chance to ask some of our Nexus experts about Nexus best practices? Here’s your chance.
We’re pleased to announce that Sonatype will be hosting Nexus Office Hours each month starting in March! Our Nexus experts Brian Fox, Manfred Moser and Rich Seddon will demo the latest Nexus tips & tricks and will take real-time questions from you!
When: Friday, March 22, 2013 – 1:00-2:00PM EDT (GMT-0400)
Where: In a Google+ Hangout On Air! Once we begin, our hangout will broadcast live to the Nexus Office Hours event page on Google+, as well as our Sonatype YouTube channel.
How: Be sure to RSVP ‘Yes’ on the Nexus Office Hours event page, and this event will be automatically saved to your Gmail calendar and you will receive a reminder just before we start the hangout. Not on Google+? No worries, you can still view the broadcast on the event page or the Sonatype YouTube channel when the hangout begins.
We will be taking real-time questions submitted on the Nexus Office Hours event page, Twitter (please use hashtag #nexusofficehours) and on our YouTube page in the comments section of the broadcast.
**If you’d like to join our panel that day in the hangout, please leave us a comment on this page and the first 6 people will be invited in as the session starts. This event will be recorded and saved to Google+ as well as our YouTube channel.
We want to hear about your experiences and challenges using open source software in development. Please take 10 minutes and share your thoughts.
In return, you could win Jason’s brand new Apple workstation including a 15″ MacBook Pro with Retina display, a 27″ Thunderbolt display, an Apple Magic Mouse and an Apple Wireless Keyboard. We’ve also snagged both of his iPad minis. That’s enough loot for 3 winners!
Last year, more than 2,500 of you shared some really interesting information. If you respond to this year’s survey, we’ll give you early access to our findings.
What are you waiting for? Take the survey now. It will take less than 10 minutes. We promise.
*Official Rules for the Sonatype Open Source Survey Promotion can be found here.
When Maven Repository Managers (MRM) first appeared on developers’ radar, everyone using them immediately saw the benefits. Right off the bat, MRMs replaced cobbled together solutions like shared drives or local Maven repositories copied and exposed via http.
Since its release four years ago, Sonatype Nexus has grown to support many repository formats. And most users of build tools including Gradle, Leiningen, SBT and Ant/Ivy have started to realize the numerous benefits of using a repository manager.
Using an MRM has become accepted best practice for Maven users.