Tag Archives: Sonatype

Tame Your Dependencies With Free Eclipse Plugin


July 28, 2011 By Terry Bernstein

Sonatype recently released a free beta version of the Sonatype Insight Plugin for Eclipse that allows you to more efficiently manage and select Java components.  It is part of the Sonatype Insight product line that helps organizations take advantage of open source-based development while improving quality and reducing security and licensing risks.

Screen shot of component versions display in Development Insight for Eclipse

See what components are used, which versions, and when updates are available

We want to make component based development as easy as possible by providing you the tools to choose the right components from the beginning to speed development, improve quality, and reduce costly rework. This plugin, the first of a series of development tools, helps you tame the issues typically associated with utilizing open source Java components, including:

  • Determining when new component versions are available and making informed update decisions
  • Understanding what versions of each component are used in your project
  • Identifying where specific components are used
  • Updating components throughout your project

The plugin is build tool agnostic, and so works with all Java projects in general (Java, PDE, Maven, etc.).

This is just the beginning. We’ll be adding features to help you choose components that meet your security, quality, and licensing standards by providing useful information about each component right in the IDE.  For example, we’ll alert you when a component, or one of its dependencies has known security vulnerabilities. You’ll also be able to tell how each component or dependency is licensed without having to hunt through the code yourself.

So tame your dependencies today and get the Sonatype Insight Plugin for Eclipse.

 

The Central Repository Is Getting Faster! Are you ready for the new IPs?


July 27, 2011 By Brian Fox

We’ve made several improvements to the Central Repository (Maven Central) to support the incredible growth in both the number of components and the number of developers using it. If you use specific IPs to allow access to Central, you’ll need to update your firewall as described below.

Since 2007, Central has been hosted at Contegix in a shared rack with 100mbps data connections to the Internet. We’ve worked with Contegix to acquire a new dedicated switch that will have a 1gb connection directly to their core routers. The routing to the switches is done at the Layer 3 (IP) level and this means we are moving to a new dedicated ip subnet:

  • 207.223.241.64/27 (207.223.241.65 – 207.223.241.95)

In addition to the network upgrade, we’ve added an entirely new tool to our belts: Dyn (formerly DynDNS.com) is partnering with us to provide active monitoring, failover and global load balancing along with enterprise DNS services for maven.org via their DynECT Managed DNS solution. DNS resolution time should be noticeably faster as Dyn has DNS servers all around the world.

Continue reading

You Don’t Need A Browser to Use Maven Central


June 9, 2011 By Joel Orlina

Since its release in January, the Maven Central website (http://search.maven.org) has provided Apache Maven users with:

  • Search functionality that allows one to quickly track down artifacts and their dependency details when trying to resolve build problems.
  • Browse functionality that aids in discovery of new artifacts to use in projects.

In the intervening months, Sonatype has focused its efforts on improving the usability of the Maven Central user interface in the hopes of making it the first place users look when trying to find an artifact.  Recently, users who have reaped the benefits of using the Maven Central website have asked about interacting programmatically with the search functionality.

If you pay attention to your web browser’s address bar when conducting searches on Maven Central, you can already see that a REST-style API exists.  For example, searching for “guice” from the main search box results in the following URL being generated (the following URL’s are NOT URL-encoded for the sake of readability):

Translating the search request into English, that URL requests a basic search for any artifact (irrespective of version) containing the word “guice” in either the groupId or artifactId, returning only the first page of results.  Each row of the results shows the latest version of the artifact and the date the artifact was last updated as well as any classifiers associated with the artifact.

You can build up the complete library of search requests simply by paying attention to your web browser’s address field as you use the Maven Central website.  For the sake of convenience, we’ve collected all the URLs that make up Maven Central’s search API in a document available here.

Sadly, these URL’s are still only useful when requesting them via web browser.  They are links that can be bookmarked or e-mailed, but they do NOT work when using a non-browser agent like wget or curl.  The Maven Central user interface is essentially a browser-based application that uses Javascript to make asynchronous requests to yet another set of URL’s.  Once you make a request that looks like the URL above, the browser fires off the actual request to another Maven Central URL responsible for conducting the search and returning results that are formatted by the browser.

The sample request above, when converted to an actual Maven Central search request, looks like this:

The actual text of your query goes in the appropriately named “q” parameter, the “rows” parameter restricts the results to a smaller number than the full result set, and the “wt” parameter can be either “xml” or “json,” depending on how your application prefers to handle results.

Some useful examples appear below.  Again, please refer to the API Guide for a complete listing:

In an upcoming post, I’ll describe the architecture behind Maven Central that makes all this functionality possible.

Nexus 1.9 – Performance, Compatibility, and Dependency Browsing


April 14, 2011 By Brian Fox

Sonatype has released the latest version of our industry leading repository manager – Nexus 1.9.1

This post outlines some of the new features available in all 1.9 releases of both Nexus Professional and Nexus Open Source. This release has a lot of important, under-the-hood changes – including a number of changes to the core infrastructure of Nexus to increase Maven 3 compatibility and to incorporate open source libraries for repository interaction (Aether and Maven Indexer). In addition to a wide array of fixes and features in Nexus Open Source, you can now use Nexus Professional to analyze Maven Dependencies.

Changes in Nexus Professional 1.9.1

Nexus Professional has the following key benefits.  For a complete list of all features added and bugs fixed in Nexus Professional 1.9.1, see the official release notes (note: release notes require a log-in).

  • Moved the Custom Metadata Plugin to optional plugins – This Custom Metadata plugin is now shipped as an optional dependency. If you are using the Custom Metadata plugin you will need to copy this plugin from the optional dependencies directory to the plugins directory. Nexus will then start up this plugin the next time it is restarted.
  • The New Maven Module Dependency Report – Nexus Professional adds a helpful report for people browsing the repository. For the first time, you can click on an artifact and see a report of Maven dependencies. From this report you can click through to search for dependencies.

Continue reading

Next Generation Infrastructure with Maven, m2eclipse at EclipseCon 2011


March 3, 2011 By hloney

EclipseCon 2011 is approaching quickly, but it’s not too late to make plans to head to Santa Clara, California this month!

EclipseCon is the conference for anyone involved in Eclipse. As a proud member of the Eclipse Foundation, Sonatype is looking forward to another year of great talks, tutorials and BOF’s. We will be hosting a number of extended workshops as well as talks in the Cypress Room all day on Tuesday, March 22, 2011.

Sonatype founder Jason van Zyl will be giving a presentation on Next Generation Development Infrastructure with Maven, m2eclipse, Nexus & Hudson.

Presentation details:

All development organizations eventually converge on a set of tools to reduce costs, lower onboarding time, and leverage knowledge in strong communities to create standard processes. To this end we see in many organizations the emergence of a standard development stack consisting of Maven, m2eclipse, Nexus & Hudson. In this talk, Jason van Zyl, Founder of the Apache Maven project, will discuss the future of Maven and specifically Maven 3.x, the rapidly approaching m2eclipse 1.0 release, the recent Nexus 1.9 release and roadmap, and emerging tools such as Maven Shell and Polyglot Maven. Sonatype itself leverages this stack on a daily basis and this discussion will focus not only on the tools individually, but how they can work together to create a best practices approach to building and delivering your software in your organization.

Event details:

Stay tuned to the Sonatype blog for updates on Sonatype’s talks and presentations at EclipseCon 2011. And for the latest news and updates from the Sonatype team, follow us on Twitter @SonatypeCM.