Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Nexus on the Ascent

September 23, 2020 By Brent Kostak

Heading into this year, JFrog questioned the future of the Nexus Platform following news of Sonatype being acquired by Vista - sensing “tremors” on the horizon. The “tremors” were simply fabrications from a competitor and the reality is that Nexus is stronger and more forward-thinking than ever. The continued ascent of the Nexus Platform is exemplified by our elevated investment in engineering and advanced roadmap to deliver even more customer value. But, don’t just take our word for it. The ascent is no more visible than when looking at developer adoption:

  • Nexus Repository continues to be preferred 2:1 over Artifactory. 
  • Nexus Repository continues to be ranked as the #1 repo manager on IT Central Station
  • 10 million developers trust Nexus to help them manage OSS dependencies, containers, and other build artifacts

We help developers build their best software. Another testament to the diversity of the community we serve: Nexus deployments are visible in 148 countries. It’s this community that keeps us motivated to build the best repository manager and dependency management platform in the market.

Whether it’s serving billions of open source components to developers annually, accelerating DevOps pipelines with our repository manager, enhancing dependency management, or improving security for high performance development teams - developers will continue to be at the core of our innovations, and so will the Nexus Platform.

Rapidly Rising Tides

It’s been awesome to witness the simultaneous rising tides of component-based software development, DevOps practices, software development as a differentiator, and application security investments in the wake of increasing cybercrime. The market interest in these tides continues to fuel our growth, accelerates continued consolidation in the industry, and leads companies to successful exits (whether by acquisition or IPO...we certainly applaud JFrog on their recent NASDAQ debut).

Nexus Knows Developers 

Developers are using more packages and containers than ever 

An increase in open source components has dramatically changed how software is developed, packaged, and deployed. In fact, 1.5 trillion OSS download requests and 90 billion container downloads are expected from this year alone.  

This is why everyone from Fortune 500 enterprises to individual open source contributors use Nexus Repository to store, manage, and create binary packages from source code to production environments. 

Adversaries are increasing attacks on OSS packages

This year’s State of the Software Supply Chain Report found a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains. Understanding what’s in your software has become mission critical. 

Sonatype’s unique position with the Nexus Platform integrates the most precise component intelligence on open source vulnerabilities directly into your internal DevOps pipelines with Repository Health Check. This suite integration gives Nexus Repository Pro users access to Nexus Intelligence data to identify open source risk at the earliest stages of their builds. For our free users, Nexus Repository OSS provides enhanced component intelligence using Sonatype’s OSS Index data.

Our competitors, like JFrog, have consistently been ‘one hop’ behind us when it comes to bringing frictionless security tools for developers straight into their existing DevOps workflows. 

We continue to lead in providing precise open source intelligence to developers for identifying vulnerabilities, understanding risk, and keeping their software supply chains safe. 

Not all DevOps practices are the same

A flexible (on-prem and cloud), universal binary repository manager enables organizations to deploy multiple types of packages while being centrally integrated across their CI/CD ecosystems. Nexus Repository offers enterprise deployment flexibility for any business with on-prem, hybrid, and multi-cloud deployments with AWS, Microsoft Azure, GCP, and Red Hat OpensShift. Focused on container deployments, Nexus users can discover and launch Kubernetes-ready apps.  

Developers need choices 

To keep pace with demand for component based development, millions of packages are available for download. npm alone grew to 1.3 million packages, up 63% this year. Development teams need tools that support more packages, more choices, and more development languages. Nexus Platform integrates with your favorite tools and languages throughout the SDLC. 

Scalability is key 

Nexus Repository has evolved into the world’s most popular binary repository manager with both free support and enterprise grade capabilities. Development teams are working hard to keep up with faster component creation rates from CI/CD and increased sizes of components from a shift in containerized deployments (e.g. each day multiple GB of new docker components are created). As open source usage increases, Nexus Repository helps organizations scale to manage the extensive amount of content within all your repositories. 

Developers want free tools 

Developers want more free tools at their fingertips. It doesn’t just stop at Nexus Repository OSS, but extends into our free offerings. We’ve built numerous developer-friendly tools to find and fix open source vulnerabilities. These tools can run as test scripts in source control, or at build time as part of your CI/CD pipelines. 

We’re Only Climbing Higher

Approaching the final stages of 2020, Sonatype is gearing up for some exciting news as we focus on delivering innovative open source intelligence further left into the hands of developers. Sonatype pioneered the concept of software supply chain automation and introduced policy controls to enable engineering teams to automatically find and fix open source vulnerabilities

Building on our foundation of the most popular binary repository manager and shifting security left across the DevOps pipeline, we look ahead with our partners at Vista as Sonatype becomes indispensable to developers and ascends into new terrain for dependency management security solutions.

Want to experience Nexus Repository for yourself?  Start your Nexus Pro trial today.

 

 

Tags: Nexus vs. Artifactory, Nexus Repository, featured, Product

Written by Brent Kostak

Brent is the Product Marketing Manager connecting developers and DevOps communities to Sonatype Nexus tools and technologies