Sonatype Secures Access to the Central Repository for Component-Based Software Development
Published: November 27, 2012 08:45
Sonatype, the leader in Component Lifecycle Management (CLM), today announced the availability of Secure Socket Layer (SSL) access to the Central Repository, the industry’s primary source for open source software (OSS) components. SSL connectivity to the Central Repository is now a standard feature in Nexus Professional, Sonatype’s market-leading repository manager. The company has also made SSL access available to users of the open source version of Nexus and any other repository manager that connects to the Central Repository for a nominal donation of $10. Sonatype will donate all proceeds to the Apache Foundation for the first six months, then to other member-supported governing bodies such as the Eclipse Foundation thereafter.
The Central Repository houses more than 400,000 components and serves nearly 8 billion requests per year for more than 70,000 organizations worldwide. As the stewards of the Central Repository, Sonatype is committed to ensuring the repository and its access points are well protected and never compromised. Industry standard SSL support provides a secure connection that protects component downloads from man-in-the-middle attacks that could expose organizational weaknesses or inject malware into software builds and ultimately, critical applications.
“OSS components are the building blocks of modern software applications and the vast majority of these are distributed from the Central Repository,” said Jason van Zyl, Founder and CTO of Sonatype. “Sonatype CLM offerings ensure the integrity of the entire software supply chain, which gives our users confidence knowing that their components are secure, trusted and properly licensed. We view SSL connectivity to Central as a natural complement to the overall security profile of OSS components and we are happy to extend these features to all open source developers, not just Nexus Professional users.”
Nearly 20,000 software development organizations rely on Nexus and Nexus Professional to reduce build times, improve collaboration and increase control of OSS components. The actionable security, licensing and popularity information introduced in version 2.0 of Nexus has now been extended with the addition of SSL connectivity to Central in version 2.2. Organizations that embrace component-based development continue to benefit from a secure, stable and scalable system to manage its software components, speed builds and simplify the distribution process.
For organizations that use repository managers Artifactory or Archiva, and others interested in additional information on SSL connectivity to the Central Repository, please visit: http://www.sonatype.com/Products/Secure-Access-to-Central
Sonatype is leading the component revolution. The company’s innovative component lifecycle management products enable organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks. Sonatype operates the Central Repository, the industry's primary source for open-source components, housing more than 400,000 components and serving nearly 8 billion requests per year from more than 70,000 organizations. The company has been a pioneer in component-based software development since its founding by Jason van Zyl, the creator of the Apache Maven build management system and the Central Repository. Since that time, Sonatype has been a leader in core open-source software development ecosystem projects used by more than nine million developers including Nexus, m2eclipse, and Hudson. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit: www.sonatype.com or follow Sonatype on Twitter @SonatypeCM
Apache, Apache Maven and Maven are trademarks of the Apache Software Foundation.
Silver Spring, MD