New design, new feature: Maven Central improvements for developers

March 28, 2023 By Amanda Yeo

3 minute read time

Maven Central Repository has made the biggest change to its platform since its inception.

Hosted by Sonatype, Maven Central Repository is one of the largest Java repositories in the world. It has helped countless Java developers download and manage their projects' dependencies.

Several changes have been made to our website to better assist developers find the right open source components to include in their builds, such as how to identify those components that are safe.

Improved user experience

Maven Central has moved from search.maven.org to central.sonatype.com in order to improve security and vulnerability detection for the consumer.

A new and modern design will make it easier for developers to know which components are better suited for their build and help them make better decisions at a glance. The new website showcases more community-driven information such as "Most Popular Packages used in the Last 90 days," "Popular Categories of Searches," and even how many times a package has been installed and used in other projects. All of these are crucial in helping to determine which components are safer to use.

Previous Home Page interface:
 
OldDesign_MavenCentralHome

New Home Page interface:

NewUserDesign_MavenCentral

On top of these visual upgrades, additional capabilities have been added to the backend for better data filtering of components in the search bar function.

Project safety: Sonatype Safety Rating

A helpful feature that has now been integrated into Maven Central Repository is the Sonatype Safety Rating. This aggregate rating estimates the likelihood of an open-source project containing security vulnerabilities.

Projects are rated on a 1-10 scale, with 1 being the least safe and 10 being the safest. The more confident the model is that a project will not contain vulnerabilities, the higher the rating.

The model is based on empirical research conducted by the Sonatype Research Team. They had analyzed thousands of projects and determined a high correlation between the Safety Rating and the presence of vulnerabilities, with 88% of projects scoring below 5 having existing known vulnerabilities. The inclusion of this metric within Maven Central will give developers a deeper confidence and understanding of a component to empower them to make informed decisions.

NewUserDesign_MavenCentral_CardView

Sonatype_Safety_Rating_MavenCentral

How will this change affect APIs?

Many developers may wonder how these changes will affect their API connection to search.maven.org. It is comforting for developers that these upgrades will have no effect on the APIs as the changes will only affect physical users accessing the website. These changes have been carefully considered, and any APIs accessing the website will be redirected back to search.maven.org as not to disturb any workflows.

By building these upgrades for Maven Central, developers can now enjoy a more secure online experience when building their projects. In turn, these changes should help develop a better software supply chain for the open-source market, allow developers to worry less about the security of their projects and spend more time building new unique projects that will drive world change.

Tags: open source security, developer, Open Source, Maven, java

Written by Amanda Yeo

Amanda Yeo is a Product Marketing Manager at Sonatype with a customer-first mindset. She has a proven track record of bringing eight successful products to market throughout her career. Her strengths lie in collaborating with her product team and using empathy and understanding to discover what her customers genuinely want and need. Outside of work, Amanda also enjoys planning for her next world adventure or perfecting her puns, which she often uses on her unsuspecting colleagues and friends.