The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

How to use the new Repository Health Check 2.0

May 02, 2017 By Daniel Sauble

This is a quick tutorial on how to get started with Repository Health Check (RHC) 2.0 now available in Nexus Repository Manager 3.3.

NOTE: If you’re running an older version of Nexus Repository Manager, you’ll see some of the new features, but you’ll need to upgrade for the full experience, including download trends.

Sign into the Nexus Repository Manager UI and go to the Repositories feature in the admin section. The Health Check column is where we'll start.

RHC blog_1.jpg

First, click the Analyze button to enable RHC on a repository. A dialog box appears, giving you an opportunity to enable RHC on all supported repositories, or just the repository you selected.

RHC blog_2.jpg

Choose “Yes, only this repository” if you want to try out RHC on just the repository you selected. Once you do this, the Analyze button is replaced with an Analyzing… status. The initial scan might take several minutes.

RHC blog_3.jpg

(Tip: hit the Refresh button periodically to see when the scan is complete.)

Once the scan completes, an empty bar chart will appear. Over time, this chart will be populated with the following data:

  • The total number of asset downloads over the last 30 days
  • The total number of bad asset downloads over the last 30 days (i.e. assets belonging to components with vulnerabilities)
  • Bar chart showing a rolling 30 day trend for both of the above

RHC blog_4.jpg

Hover your mouse over the chart to see the RHC summary for this repository. Initially, the summary will look something like this:

RHC blog_5.jpg

As assets are downloaded, the summary will gradually fill out with data. After a year, the summary will look something like this:

RHC 2_0.jpg

There’s a lot here, but here are a few of the highlights:

  • Rolling 14 month trend of asset downloads, including month-over-month and year-over-year comparisons.
  • Top 5 most vulnerable components downloaded from this repository in the last 30 days
  • Link to the detailed RHC report (Pro users only)

If you’re running Pro, click the View Detailed Report button to access the same detailed RHC report that existed in the previous version of RHC.

RHC blog_6.jpg

And that’s it! As always, we’d love to hear what you think. Drop us a line at

Tags: repository health check, Product

Written by Daniel Sauble

Daniel is a Product Owner at Sonatype. He enjoys building software tools for developers and sysadmins and has spent the last eight years in DevOps startups. He has experience in Product Management, UX Design, User Research, Software Development, and Data Science.