We’ve had quite a bit of public scrutiny recently over how we’ve chosen to provide SSL access to Central for the last two years. At Sonatype, we have a history of investments in the Maven Central community, all of which are focused on improving the quality of the contents, increasing reliability and performance of delivery, and yes, even strengthening security which is often not popular (how many gripes can you find about why we require PGP signatures on artifacts?)
RebelLabs recently put out their Java Tools and Technologies Landscape report and we were very pleased to see Nexus chosen as the repository manager of choice by 64% of developers. We saw this same preference carry over in our own recent Open Source Development survey, where 49% of respondents indicated they used Nexus as their local component repository manager. Which brought us to analyze these market trends further .By digging into the log data from the Central Repository, we were able to capture more compelling proof that indeed, Nexus holds a significant portion of the repository manager marketplace and for good reason.
Since its inception in 2002, the Central Repository has grown to be the largest component repository of Java and other JVM, Android, related components and beyond. It is the default repository for Apache Maven, sbt and Leiningen, and it can easily be used from Gradle, Apache Ivy and others. The Central Repository has become the […]
What can the financial services industry learn from the U.S. Department of Homeland Security? In this third segment of my blog series on open source component security as it relates to the recently updated Financial Services Information Sharing and Analysis Center (FS-ISAC) guidelines, I explore the need for speed: humans vs. machines.
Opening a Dialogue About Supply Chain Risk Management in a World Powered by Open Source Software. As Marc Andreessen famously observed, “software is eating the world”. The proliferation of software is, indeed, transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. […]
The Central Repository continues to be the largest repository of binary components for Java developers and beyond. A majority of open source projects including organizations such as Apache Software Foundation, Google , Github and many more take advantage of the free hosting via the Sonatype Open Source Software Repository Hosting OSSRH. The release automation for […]
UPDATE: Free SSL Connectivity to Central for All — Sonatype’s project to make SSL the default connectivity option for all Central users is underway and will be complete by August 12th, 2014 (if not sooner). For details, please visit: http://www.sonatype.com/clm/secure-access-to-central. We know how components from the Central Repository have become critical to your development efforts. […]
Central is a critical resource for developers. If you develop Java applications and use Maven, Gradle, or Ivy, Central is what has made it easy for you to consume libraries using dependency declarations in your builds. For more than a decade, Central has been a solid, reliable presence supporting the community and making it easier […]
Two weeks ago we talked about how many of the projects hosted in Scala Tools are moving over to publish directly to Central. That process is ongoing. In this post, I want to start something new. At Sonatype we touch a lot of different technologies and communities, and I want to make sure that we’re […]
Two weeks ago, all Scala projects required a little bit of extra configuration to point to a custom repository for Scala artifacts hosted at scala-tools.org. Today, Scala artifacts are now available directly from Central. The contents of scala-tools.org are now integrated into the Sonatype OSS repository hosting service, and other projects have started to publish […]