Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Nexus Repository Rising: Say Hello to the New Pro

September 13, 2016 By Derek Weeks

Free Birds, Free Coffee, and Free Willy.  Software development  is hard enough, so we’re making it easier.  You see, a few years ago Sonatype made a promise that Nexus Repository should provide universal component support for free.  This month, we are continuing to live up to that promise by expanding component support in Nexus Repository OSS to include PyPI and RubyGems packages. Nexus Repository now offers free support for seven components types.  For those who thought we only supported Java components, you must be thinking of the other guys.  

 
Screen_Shot_2016-09-08_at_1.51.33_PM.png

 

Book Smart, Street Smart.  Four years ago, we introduced software composition analysis within our repository.  Why?  Developers using components to build software want to know if those parts are good or bad.  Licenses, security vulnerabilities, versions, age, and adoption rates are all attributes of good and bad.  While a basic version of component analysis is available in Nexus Repository OSS, more advanced capabilities of Repository Health Check (RHC) are available in Nexus Repository Pro.  

 

Screen_Shot_2016-09-07_at_9.59.04_AM.png

Development teams don’t want to build software using bad parts. Every day, Sonatype analyzes millions of components across 70,000 repositories for organizations wanting to discriminate between good parts and bad parts.  To achieve this, Sonatype combined machine learning algorithms (book smart) with a team of world class experts who perform non-stop research to precisely distinguish good components from bad (street smart).  As you can see, from RHC’s origins in 2012, we’ve all come a long way to help development teams get smarter about the parts they are using.

Nexus Repository Pro: Application Analysis.  Repository Health Check helps development teams understand if defective, known vulnerable, or poor quality components live in their Nexus repositories.  What RHC does not tell you is if those components have been used in an application.  
With the upcoming release of Nexus Repository 3.1, we have now integrated the ability to perform a detailed analysis of the components and applications within the repository.  Application Health Check (AHC) will enable Nexus Repository users to quickly evaluate components used in the applications.  AHC will provide details on known security vulnerabilities, open source license types, component age, download popularity, safer alternative versions available to developers, and more. This feature is available for both open source and Pro versions of the product.

Big News, Nice Price.  Continuous delivery is hard enough, so we’re making that easier too.  This fall, we are introducing active-active high availability in Nexus Repository Pro.  When development efforts are non-stop, Nexus Repository must be non-stop.  High availability is built-in to Nexus Repository Pro and it is simple to configure, manage and maintain.  A 10-user pack starts at $1200 a year.

Screen_Shot_2016-09-13_at_7.32.49_AM.png

We’re not finished yet.  Our engineering team is working hard to deliver more easy to use features for you across our two Nexus Repository offerings.  Until then, we invite you to learn more about upgrading to Nexus Repository Pro.

Tags: software bill of materials, Software Supply Chain, RubyGems, High Availability, PyPI, Nexus Repository Pro, Product

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.