<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Nexus 3.3 Delivers Free Next-Gen Repository Health Check and Git LFS Support

Sonatype is excited to announce the immediate availability of Nexus Repository 3.3 in OSS and Pro editions.  What’s in this latest release?  We’re glad you asked:


Next-Generation Repository Health Check

We first introduced Repository Health Check (RHC) in 2012.  Now, every day we analyze over 80,000 repositories and 50 million components for our Nexus users.

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Many organizations are quickly maturing their CI/CD practices in the hopes of winning the innovation battle. But where do security and governance practices fit in? As organizations embrace DevOps, quality and security cannot become an afterthought. The good news is that many DevOps practitioners agree as evidenced by our recent DevSecOps survey. The data shows that mature DevOps organizations are automating security practices earlier in the development process compared to less mature DevOps organizations.

GitHub Integration with Nexus Lifecycle

Sonatype's development team regularly schedules "innovation days" that allow team members time to focus on building projects that we believe will benefit our Nexus community.  In one of the recent innovation days, I built a new integration between GitHub, Jenkins, and Nexus Lifecycle that we are making available to you through our new Nexus Exchange community -- the new home for integrations built by our own development team and the community at large.  

Sonatype applauds GitHub's approach to encourage OSS license selection

GitHub's move to encourage developers to select an open source license for source code published to GitHub highlights the need for organizations to properly manage license concerns. The Central Repository, sponsored by Sonatype, has long since required license information for binaries that are added, but encouraging license selection as part of the source code process is helpful. This is key since organizations have turned to open source components and frameworks to speed their development efforts. Even if GitHub is successful in increasing the number of projects that declare a license, organizations still have to ensure the components that they use have a license that will not expose them to IP risk. This is more difficult than it sounds

Hudson moves to Github! We're not forking around!

First, I'd like to address some misinformation. The use of Github itself was never an issue. It was how the original movement of the sources to Github was executed, and why, that created tension. Github is just a tool and it is a better choice for source control, at least in the short term, for several reasons:

m2e 0.12 release and the future of m2e

Sonatype recently announced the availability of m2eclipse 0.12. This release includes support for Maven 3.0 and many improvements in the HTTP transport code. This should be the last release made available from the Sonatype servers. But not to worry, we are not stopping the development. In fact, quite conversely, we are ramping up our efforts on the m2eclipse core and moving m2e to the Eclipse foundation.

Maven Tips and Tricks: Using GitHub

Sonatype uses GitHub to host a number of projects including all of our books. It has been a very valuable tool for us, and we've already seen great benefits. The social, interactive nature of the tool allows people interested in the book to keep up with the development of the content, and we've already had a few contributors show up and help us write more content. Contributors can fork our books, add whole sections or correct typod and then make a simple pull request that notifies us of the changes. Because we find it so useful, I thought I'd take some time to detail the process of connecting a new Maven project to GitHub. The following post details the process of creating a new GitHub repository, importing a Maven project, and then configuring the SCM element in your project's POM. Once you've done that, you can start using the Maven Release plugin to automate the SCM operations that accompany a release.