RebelLabs recently put out their Java Tools and Technologies Landscape report and we were very pleased to see Nexus chosen as the component manager of choice by 64% of developers. We saw this same preference carry over in our own recent Open Source Development survey, where 49% of respondents indicated they used Nexus OSS and 17% indicated they used Nexus Pro as their local component manager. Whether you looked at OSS or Pro component managers, Sonatype’s platforms were used by a 4-to-1 margin over the other market alternatives. While any reasonable person could argue that the results from our survey were skewed, the results encouraged us to analyze these market trends further using data that holds a stronger voice of the truth.
By digging into the log data from the Central Repository, we were able to capture more compelling proof of component manager use across the development community.
Based on this analysis, we found approx. 40,000 distinct Nexus servers running that are connected to the Central Repository, giving us 75% of the market share for these connections. The really compelling part is that the Nexus connections experienced a 100% growth since January 2013. Other leading component managers connected to the Central Repository grew by as much as 22% over the same period. This growth validates the explosive ramp in open source development we've seen over the years, where now 90% of the average application consists of open source components.The takeaway here is, you're not alone in using Nexus. In fact, each time you use Nexus you're accompanied by a small town of Nexus users.
The analysis also showed us that many of these Nexus instances have the Repository Health Check feature enabled. In fact 32,000 health checks are run each day amounting to 5 billion(!) components analyzed by our data services every year. Not bad! More proof, analyzing open source components for known security vulnerabilities and unacceptable licenses continues to be a growing priority for organizations who need to identify risks early in the development lifecycle. If you do not have this feature enabled, consider turning it on today.
In the realm of component managers, there's still room for growth. We anticipate that many organizations will continue to deploy multiple instances of component managers across the stages of their secure software development lifecycles. We also found 14% of respondents are still using Apache httpd, another web server or no component manager at all. In my opinion, each of these scenarios amount to a hack solution. And considering the basic maturity of software development practices today, these hack approaches should be considered unacceptable. There are proven component managers on the market and we hope these users will eventually migrate to using a repository manager as the start of good component practice.
If you want to learn more about Nexus component managers, we have a great community and a number of resources for you to use. For example, we now offer a free online training course that showcases the Nexus Staging Suite. You could also check out the short Nexus 2 Minute Challenge videos. Showing how easy and valuable the tool really is while being mindful of your time. Using Nexus already? Share your story on an upcoming Nexus Live event. These community events are a great way for Nexus users to share how they are augmenting and extending their component managers in unique ways.