Tag Archives: nexus professional

Nexus 2.1: Fueled by Gun-Toting Unicorns with Jet Packs


September 6, 2012 By Emily Blades

At Sonatype, the stakes are high, and so our standards must be as well. We toil over every detail of the product, tweaking, refining, until we get things just right.

Nexus Splash Screen Email Thread

Nexus 2.1 Now Available, Go Get It


August 7, 2012 By Tim O'Brien

This is a big release. We’re announcing the immediate availability of Nexus 2.1, the first minor version update since the Nexus 2.0 release earlier this year. This simultaneous release of both Nexus Open Source and Nexus Professional caps off months of effort to implement two major features in Nexus Professional:

  • User Tokens – Developers who need to authenticate against a Nexus server can now make use of user tokens. This is a pair of authentication keys which can be used in your settings in lieu of storing a plaintext password. Storing a plaintext password in a build has always been a bad idea, and this new version of Nexus lets you access Nexus securely.
  • Advanced Staging Capabilities – Our Engineering team upgraded one of the most popular features of Nexus, the Staging capability. With this newly improved staging subsystem your staged releases now benefit from a range of advanced features, such as atomic deployments and closer integration with Nexus REST services. This feature is an implement in Nexus Professional as a Maven Staging plugin.

Evaluating Nexus Professional just got a whole lot easier

If you are evaluating Nexus Pro, you’ll benefit from an easy to use installer, which was designed to automate the installation, configuration and set of Nexus on Windows, OSX and Linux. With this new installer, users are able to customize where Nexus will be installed and what port Nexus will be configured to listen on. This installer will even automate the setup and configuration of a set of simple evaluation projects. It has never been easier to get started with your Nexus Professional evaluation. Download a Nexus Professional trial and get started.

Nexus OSS 2.1 – Security and Bug Fixes You Need

Nexus OSS 2.1 has approximately 102 bug fixes – everything from an upgrade to Jetty 8 to security fixes. Nexus OSS 2.1 is faster, more secure, and more stable thanks in large part to our Insight product. Engineering ran the Insight report against our own software and identified some critical security bugs. If you are using a previous version of Nexus 2.0 (or if you are using an earlier version of Nexus 1.x) there is no good reason not to upgrade immediately.

Go download Nexus OSS 2.1 and start your upgrade.

Wayne Jackson’s Presentation at RSA 2012: An Overview of Insight


April 2, 2012 By Tim O'Brien

At RSA 2012, Wayne Jackson gave a short presentation focused on the security aspects of Sonatype Insight and the newly released Repository Health Check in Nexus Professional. This five minute overview gives you a sense of the magnitude of the problem we are trying to solve.

Here are some of the highlights from Wayne’s presentation followed by the video of his talk and his slide deck:

  • “The benefits of ‘many eyeballs’ in open source does create better software but you can only leverage that if you know about it. That’s particularly troubling in the context of the fact that more than 80% of the modern software application is [comprised of] open source and the components that are used to build those applications are surprisingly complex.”
  • “That complexity is compounded by the fact that when issues arise their implications are viral and the big problem is that when those issues are resolved in the root components the solutions are not [similarly viral] . Spring Beans 2.5.6 compromised 1400 open source components and God knows how many downstream applications. When Spring Beans 2.5.6 was fixed, none of the others were fixed.”
  • “You can imagine the ripple effect of compromising open source. And the combination of things like the lack of notification infrastructure and the complexity of open source componentry is how you get situations like this. 6,982 organizations including the Dept of Homeland Security and several financial institutions are still using a 3 year old crypto library with an “as bad as it gets” Level 10 flaw that has known exploit code.”
  • “Sonatype is creating an extraordinary infrastructure for finding out everything knowable about a given component. So that when flaws are discovered, we can know and we have the ability to deliver that knowledge into the tools that developers are using every day. This family of technologies is called Insight.”
  • “Critical to that is the Central repository. Central houses hundreds of thousands of components from nearly every open source project in the world and it is used by tens of thousands of organizations.”

 

 

 

Webinar replay for "Enterprise Repository Management" now available


April 21, 2011 By hloney

If you missed our latest webinar “Enterprise Repository Management” you can view a recorded version of the webinar here.

Now that you’re primed with knowledge, jump in and see what a repository can do for your development workflow:

If you have any questions about Nexus or repositories in general, we have engineers (not just sales guys) who would be happy to speak with you.

Nexus 1.9 – Performance, Compatibility, and Dependency Browsing


April 14, 2011 By Brian Fox

Sonatype has released the latest version of our industry leading repository manager – Nexus 1.9.1

This post outlines some of the new features available in all 1.9 releases of both Nexus Professional and Nexus Open Source. This release has a lot of important, under-the-hood changes – including a number of changes to the core infrastructure of Nexus to increase Maven 3 compatibility and to incorporate open source libraries for repository interaction (Aether and Maven Indexer). In addition to a wide array of fixes and features in Nexus Open Source, you can now use Nexus Professional to analyze Maven Dependencies.

Changes in Nexus Professional 1.9.1

Nexus Professional has the following key benefits.  For a complete list of all features added and bugs fixed in Nexus Professional 1.9.1, see the official release notes (note: release notes require a log-in).

  • Moved the Custom Metadata Plugin to optional plugins – This Custom Metadata plugin is now shipped as an optional dependency. If you are using the Custom Metadata plugin you will need to copy this plugin from the optional dependencies directory to the plugins directory. Nexus will then start up this plugin the next time it is restarted.
  • The New Maven Module Dependency Report – Nexus Professional adds a helpful report for people browsing the repository. For the first time, you can click on an artifact and see a report of Maven dependencies. From this report you can click through to search for dependencies.

Continue reading