42,000 Nexus Repository Managers, and Growing!

November 19, 2014 By Derek Weeks

7 minute read time

[Editor's Note: An update to this article is now available. As of February 2015, active Nexus instances have reached 50,000. For more information, please see the new blog post at: http://blog.sonatype.com/2015/02/nexus-reaches-50000/#.VPTXZEuf96k]

Over the past 15 months, active Nexus instances have grown from 21,000 to 42,000. Wowza. That is news worth sharing, because you made it happen!

This means our global Nexus customer base added 47 new instances every single day over that same period. 47 a day! And the volume of active instances continues to grow.

First of all, we want to offer all of you using Nexus a huge THANK YOU for supporting this growth. As your teams grow and the use of open source components in your development organizations grows even more, we are proud to deliver a great product that so many of you love and find useful on a daily basis.

unnamed-2.jpg

While we will share more of the details behind this growth, we also wanted to share some Nexus love with all of you. Yup, we have printed off 100 kool Nexus t-shirts, featuring unicorns, bacon, happiness and Nexus -- and we are giving them away! Want to find out how you can get one? It’s easy. All the juicy details can be found below. For now, enjoy reading Nexus by the numbers:

Worldwide Open Source Repository Manager Instances

Today, there are 52,600 repository managers actively connecting to the Central Repository (aka Maven Central), consuming open source components, frameworks, and libraries.

In fact, use of open source repository managers -- especially Nexus -- has exploded over the past few years. By comparison, in February 2012, Central Repository records indicate that approximately 21,000 repository managers (all brands) were actively consuming components. Now almost 3 years later, that number had skyrocketed to 52,600.

How Do We Know?

As the stewards of the Central Repository, Sonatype is able to gather information specifying which repository manager (via the user-agent header) is requesting components from Central.

This chart above, 2012 - 2014 Repository Manager Instances, is rather telling. The trends are material and the instance counts are at least roughly accurate (details follow). The X-axis represents the number of weeks since February 1, 2012 (not January 1 due to using a 4-week moving average). The Y-axis is the average of the four prior individual weeks unique IP counts -- the best approximation for the number of unique repository manager instances in use. The variability from week to week stems from the fact that open source repository managers cache information and do not always make requests to Central every week (under reporting), and similarly, IP addresses can change (over reporting).

Repository Managers Connecting to Central

We can break down the traffic even more, identifying which type of repository manager is consuming components from Central. The most common is Sonatype’s Nexus with 42,000 instances as of September 2014. It is also the fastest growing by number of instances connecting to Central, seeing an increase of 313% since February 2012. It is important to note that these are unique, active instances of Nexus.

Two other brands of repository managers frequently consume open source binaries from Central: Artifactory and Archiva. These two others account for 10,600 instances today. Here is how they three main repository managers consuming binaries from Central stack up by instance over time:

42000

While we are confident of the Sonatype Nexus instances, others may be skeptical of other repository manager instances reported. For example, we know that Bintray launched in December 2012, but Artifactory 3.0 -- the first release that had a default (out of the box) configuration pointing to Bintray -- released on April 21, 2013. However, the growth in Artifactory instances using Central remains constant throughout the two year period. There is no statistical difference, which supports the assumption of continuing trends. It is also important to note that from year-end 2012 to year-end 2013, annual component download requests from Central grew from 8 billion to 13 billion, with the current rate of monthly download requests now over 2 billion.

For Repository Managers, There is Much More Room To Grow

Another interesting statistic: 20% of the requests to Central are coming from repository managers, meaning 80% are coming from other tooling directly. That means, don’t expect the popularity of repository managers to ease in the near future. As stated earlier, the RebelLabs survey of Java tools and technologies showed that 40% of developers aren’t using a repository manager. So, there is still a lot of room for growth, and this doesn’t even consider the other ecosystems such as RubyGems, npm and NuGet where repository managers are beginning to see real traction. If you aren’t using one yet, you may find this paper on Benefits of a Repository Manager valuable.

More to Come for Nexus

Clearly, there is a desire for repository managers to support development organizations across the globe. For all of those who selected Nexus as your repository manager, we appreciate your support. Rest assured, we will continue to support your use of our tools with continued investments in new features. For example, we hope you have had a chance to review our recent additions of license and security risk analysis through the Repository Health Check (RHC) feature, and the inclusion of support for NuGet and npm. Soon we will be adding RubyGems support, and you’ve likely already seen notice of the milestone releases for the big Nexus 3 release planned for 2015.

Screen Shot 2014-11-19 at 3.29.25 PM

 

Growing Interest in Open Source Risk: Security and Licenses

That brings us to another interesting statistic. Today, Sonatype processed 35,242 Repository Health Check’s yesterday, across 10,913 Nexus instances.

That means, the average Nexus instance has RHC enabled on 3.2 repositories. If you have not yet turned on this free feature, it is easy to do and only takes a few seconds. This allows your organization to better understand what legal risks or security vulnerabilities might exist in your Nexus instances, and the report can be configured to run for you at regular intervals. And for those of you wanting to monitor, govern, and report on the health of your repository over time, be sure to check out the Nexus Pro CLM Edition.

Screen Shot 2014-11-19 at 3.28.34 PM

A similar analysis is available for your applications, using Sonatype’s new and improved open source risk assessment -- we call it the Application Health Check (AHC) -- and your custom report is delivered to you in under five minutes.

Learn and Share

While over 50,000 repository managers used today, 40% of development organizations are still not taking advantage of them to proxy public repositories or to host their own binaries. 

If you are using Nexus and want to learn more about how others are using it, be sure to check out our new community site, TheNEXUS. There are some great articles on Nexus configurations and integrations with other tools you love (Jenkins, Puppet, Maven, and more). You can also find loads of free video based training and ebooks there.

Want the Nexus T-shirt?

As we mentioned above, we have 100 “Nexus + bacon + unicorn” shirts to give away. How do you get one? Simply tweet why you love Nexus, using hashtag #Sonatype, and we’ll contact you [via Twitter DM] for size and address details. Yup, it’s that easy.

Thanks again to everyone for your support. Oh, and when we hit 50,000 Nexus instances next year, we’ll be sure to let you in on the celebration!

Tags: Cyber Supply Chain Management and Transparency Act, Component Lifecycle Management, Sonatype Nexus, artifactory, H.R. 5793, OSS logistics, government open source software (GOSS), Nexus vs. Artifactory, Nexus Repo Reel, Sonatype Says, software bill of materials, open source management, open source governance, open source policy, open source components, open source security, Cyber Chain Integrity Act, application supply chain management, Everything Open Source, repository manager market share, Archiva, open source software supply chain, Cyber Supply Chain, Maven, open source risk, bill of materials (of 3rd party and open source co, cyber supply chain management, repository management, Software supply chain management, Nexus vs. Archiva, central repository

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.

Learn more on: