RebelLabs recently put out their Java Tools and Technologies Landscape report and we were very pleased to see Nexus chosen as the repository manager of choice by 64% of developers. We saw this same preference carry over in our own recent Open Source Development survey, where 49% of respondents indicated they used Nexus as their local component repository manager. Which brought us to analyze these market trends further .By digging into the log data from the Central Repository, we were able to capture more compelling proof that indeed, Nexus holds a significant portion of the repository manager marketplace and for good reason.
Since its inception in 2002, the Central Repository has grown to be the largest component repository of Java and other JVM, Android, related components and beyond. It is the default repository for Apache Maven, sbt and Leiningen, and it can easily be used from Gradle, Apache Ivy and others. The Central Repository has become the […]
What can the financial services industry learn from the U.S. Department of Homeland Security? In this third segment of my blog series on open source component security as it relates to the recently updated Financial Services Information Sharing and Analysis Center (FS-ISAC) guidelines, I explore the need for speed: humans vs. machines.
Opening a Dialogue About Supply Chain Risk Management in a World Powered by Open Source Software. As Marc Andreessen famously observed, “software is eating the world”. The proliferation of software is, indeed, transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. […]
The Central Repository continues to be the largest repository of binary components for Java developers and beyond. A majority of open source projects including organizations such as Apache Software Foundation, Google , Github and many more take advantage of the free hosting via the Sonatype Open Source Software Repository Hosting OSSRH. The release automation for […]
We know how components from the Central Repository have become critical to your development efforts. We also know that you need to trust those components. Part of that trust is knowing that hackers don’t have visibility into the components you download or that they compromise components using a man-in-the middle or Cross Build Injection (XBI) […]
Central is a critical resource for developers. If you develop Java applications and use Maven, Gradle, or Ivy, Central is what has made it easy for you to consume libraries using dependency declarations in your builds. For more than a decade, Central has been a solid, reliable presence supporting the community and making it easier […]
Two weeks ago we talked about how many of the projects hosted in Scala Tools are moving over to publish directly to Central. That process is ongoing. In this post, I want to start something new. At Sonatype we touch a lot of different technologies and communities, and I want to make sure that we’re […]
Two weeks ago, all Scala projects required a little bit of extra configuration to point to a custom repository for Scala artifacts hosted at scala-tools.org. Today, Scala artifacts are now available directly from Central. The contents of scala-tools.org are now integrated into the Sonatype OSS repository hosting service, and other projects have started to publish […]
Over the course of the past few years, I’ve interacted with hundreds of people when talking about build tools and repository management. It continues to surprise me how many people don’t realize where these artifacts come from. When you run a build and these JARs just show up alongside all of their dependencies, […]