Nexus Pro Repository Manager
Nexus Pro Feature Tour
Reduce build times and keep even the largest teams in sync by collocating proxy servers with developers.
Constant access to components is key for ensuring that developers can deliver software solutions on-time within budget. Nexus repository proxying allows local storage of open source components that are sourced from the Central Repository or other internet-based locations, speeding up builds and controlling access to components. Internal proxy repositories act as mirrors that can be located near the consuming developers, further reducing access time and providing greater availability. The proxy protects you from dependencies that have changed or are no longer available in remote repositories, and allows you to reduce your dependency on networks or internet access that can be slow or unreliable. While additional proxies can be created for ultimate flexibility, Nexus comes preconfigured with a Central Repository, Apache Snapshots and Codehaus Snapshots proxy repositories, reducing time to value.
Improve availability and performance using the enhanced proxy capabilities of Nexus Pro. Your repository is always available to read or write components and remote teams will always have access to the latest versions of your components.
Nexus Pro Feature Tour
Enterprise Technical Support
When you invest in Nexus Pro, you are ensuring support from the team that created the industry-standard in repository management. With Nexus Pro, you not only get the industry-leading repository manager, you get the peace of mind that help is just a phone call away. Our comprehensive support offering is backed by a service level agreement. Sonatype also offers an array of implementation and migration services for organizations looking for an extra level of assistance.
Nexus Pro Feature Tour
Build Promotion and Staging
Ensure the quality of your production releases by managing your development processes with a controlled workflow through development to QA to production.
Establishing high quality software requires rigorous testing methodologies and an efficient process for managing the promotion of software through the dev, test, prod stages. The Nexus Professional Staging Suite provides the ability to create an isolated release candidate repository that can be discarded or promoted allowing you to certify a release. Nexus accomplishes this by creating a temporary staging repository that manages the promotion of artifacts from a staging repository to a release repository. Once the artifacts are added to the staging repository, QA or an administrative resource will be sent a notification. This allows a rigorous set of tests to be performed using the staging system and provides a natural decision point as to whether the staged environment should be discarded or promoted and used to generate the production system.
Nexus Pro Feature Tour
Support for multiple LDAP servers enables authentication failover.
Nexus Pro extends the LDAP authentication features in Nexus OSS. Nexus Professional offers LDAP support features for enterprise LDAP deployments including the ability to cache authentication information, support for multiple LDAP servers and backup mirrors, the ability to test user logins, support for common user/group mapping templates, and the ability to support more than one schema across multiple servers.
User Token Authentication
Authenticate against a Nexus server with user tokens, a pair of authentication keys which can be used in your settings in lieu of storing a plaintext password. This change is moving Nexus towards an authentication system on par with the security of a system that relies on public SSH keys (a system such as Github).
Single Sign-On Support
Nexus can participate in a single sign-on and identity management implementation supported by Atlassian Crowd.
Many organizations turn to Atlassian’s Crowd to implement a single sign-on and identity management system so they can consolidate user accounts and control which users and groups have access to which applications. Nexus Professional contains an optional security plugin that allows you to configure Nexus to authenticate against an Atlassian Crowd instance.
Fine Grained Security
Protect your critical assets by partitioning repositories to permission individual sets of artifacts.
Securing the repository, securing who can administer the server, securing who can access and deploy components is critical in today's development environments. Nexus makes this easy by providing a role-based access control (RBAC) which gives administrators very fine-grained control over who can read from a repository (or a subset of repositories), who can administer the server, and who can deploy to repositories. The security model in Nexus is also so flexible as to allow you to specify that only certain users or roles can deploy and manage artifacts in a specific repository under a specific groupId or asset class. With Nexus it is easy to create detailed security policies based on roles that can be implemented using standards-based tools.
SSL support provides tamper resistant connection to the Central Repository. It eliminates eavesdropping and man-in-the middle attacks that could compromise components. Sonatype is making SSL support available to all repository managers.
Sonatype also provides the ability to secure access to the Nexus user interface and content via https.
Secure delivery is especially important when you set up Nexus for a team of developers spread out over a variety of locations both internal and external to a corporate network.
Nexus Pro Feature Tour
Procure the right components
Control consumption of open source components using white and black lists to avoid quality, security, or licensing issues.
Procuring the right components using a flexible approach can help ensure that your developers deliver software solutions that meet exacting quality and legal standards. Nexus Pro allows you to control the components that are consumed in your development environment through flexible inclusion or exclusion rules. This allows architecture types to review components before they make it into the final release - control necessary to ensure proper licensing with the option to dictate a specific version of software such as Hibernate or Spring. A procured release repository can be used to standardize the final release while still providing the flexibility for developers to add-in dependencies or work with other components earlier in the development lifecycle.
Nexus procurement was introduced as a mechanism to control access to components using a white list / black list approach. This works for some organizations that want to leverage an approval based process. With the advent of agile and the explosion of open source components, many organizations will want to manage components using a more programmatic, streamlined approach. Sonatype supports this approach with CLM. Sonatype can work with you to select the approach that is best for your organization.
Nexus Pro Feature Tour
Support for Build Tools & Repository Formats
Nexus Pro supports more than Maven. Nexus supports many popular build tools and repositories. This may come as a surprise since since the founders of Nexus also founded Maven. And since Maven is also a popular repository format driven by Nexus usage, the two technologies are closely related. Finally, our competitors are eager to spread mis-information and false claims by stating that Nexus only supports Maven.
Nexus supports a variety of build tools, repository formats and runtime environments.
Use Nexus as a single mechanism to manage all of your components including .NET components using Visual Studio NuGet support.
Development environments are becoming increasingly heterogeneous - it's not unusual to see a mix of Java and .NET in almost any size organization. Leveraging Nexus as the common infrastructure for component management allows for consistency and helps facilitate integration and leverage of Java and .NET components. Nexus supports the NuGet repository format for hosted and proxy repositories. Nexus also supports aggregation of NuGet repositories and conversion of other repositories containing ".nupkg" artifacts to the NuGet format. This allows you to improve collaboration and control while speeding up .NET development facilitating open source libraries and sharing of internal artifacts across teams. When you standardize on a single repository for all your development and use it for internal artifacts as well you will get all the benefits of Nexus when working in the .NET architecture.
Support for Maven from the inventors of Maven!
Since we invented Maven, we clearly feel that Maven is the best tool for building and managing any Java-based project. Our opinion is backed by unquestionable market share and developer acceptance. Although Nexus works remarkably well with other alternatives, given our deep understanding and commitment to Maven, Nexus is optimized in virtually every way to work effectively with Maven. Nexus supports the ability the ability to host Maven repositories, which facilitates collaboration and encourages component re-use. Nexus is backwards compatible with Maven 1, 2 & 3, and converts Maven 1 to a format that is understood by Maven 2 clients.
OSGI component support via P2 or OBR repository standards.
Organizations that leverage OSGI components using OBR or use the P2 repository format as a provisioning platform for Eclipse can turn to Sonatype for Nexus quality support. Nexus Professional supports the ability to create proxy repositories which can download OSGi bundles from remote OBR repositories. Nexus Professional can also act as a hosting platform for OSGi bundles, you can configure your builds to publish OSGi bundles to Nexus Professional, and then you can expose these bundle repositories to internal or external developers using Nexus Professional as a publishing and distribution platform. In much the same way, Nexus can supports the P2 Repository for those that use P2 repository format for provisioning Eclipse components. This comprehensive repository approach makes Nexus a "one stop shop" regardless of your preferred repository environment.
Ivy / Gradle
Ivy and Gradle support through the Maven layout.
Just as Nexus is used to support environments that leverage Maven, development teams that rely on Ivy or Gradle can leverage Nexus to allow them to effectively manage their component lifecycle.
Use RPM/YUM to deploy applications to your servers.
Organizations that use Nexus to support their Yum repositories. Nexus can host the RPM packages and Yum clients can interact with the repository using the standard and familiar protocol. This comprehensive repository approach makes Nexus a "one stop shop" regardless of your preferred repository environment.
Nexus Pro Feature Tour
Control Artifact Access and Deployment from a Single Location
Nexus Professional is a central component of your development tooling that integrates directly with the IDE, the Central Repository, the build tool, and the provisioning tool as follows:
Nexus Professional is also integrated with the Sonatype Component Lifecycle Management solution. The Sonatype CLM allows you to manage the components throughout the entire lifecycle and the Sonatype CLM is integrated with other repository managers, popular IDEs and CI tools.
Nexus Pro Feature Tour
Developers can easily browse and select artifacts from any local or remote repository – all from within a familiar development environment. This saves times by reducing context switching and transcription errors.
The Central Repository
This is a two-way integration, with Nexus both pulling and pushing artifacts to and from the Central Repository. The proxy function pulls allowed artifacts from remote repositories and stores them locally where they can be used by the build tool. This reduces build time greatly as large numbers of artifacts do not need to be downloaded with every build.
On the other end of the development process, the Nexus build promotion features are used by many open source development organizations to control the pushing of completed artifacts back to the Central Repository for use by the community.
Components that are downloaded from the Central Repository can be delivered via a secure connection using standard SSL. SSL support is the default configuration for Nexus Pro and Sonatype has extended support for SSL to other repository managers.
This is a two way integration, with build tools like Apache Maven, Ant/Ivy, Gradle, etc. both pulling artifacts from Nexus to satisfy dependencies and pushing newly created artifacts back to the local repository. Storing your artifacts in the Nexus repository encourages collaboration by making it simple for developers to share functionality without having to share source code.
The provisioning tool will take finished applications, stored as binary artifacts in Nexus, and deploy them to servers. The build promotion feature is useful here as it can be used to control which artifacts are ready for deployment.
Component Lifecycle Management
Nexus Professional is integrated with the Sonatype Component Lifecycle Management solution that manages components throughout the entire software lifecycle.
Integrate Nexus capability into your organization using a REST-based services in whatever workflow or process that suits your organization.
Sure, it's great to have a powerful user interface to drive Nexus with, but for many developers, it's all about automating capability directly in the tools and processes that are being used by their organization. To do this effectively, Nexus Pro provides a documented API that leverages REST. Every Nexus feature is exposed as a REST endpoint making it very easy to automate Nexus interactions in just about any language. For example, if you want to automate staging in Nexus from Gradle because you have a series of builds that need to be deployed to a staging URL, it is possible to automate the promotion of a repository from Gradle. This is one small example of what you can accomplish using the REST API - virtually any level of integration can be accomplished from any language or tool, providing great flexibility and extending the use of Nexus.
Nexus Pro Feature Tour
Ideal repo for complete component management
A repository manager is a great starting place for managing components. But to get the most out of your components and your development teams, you need a complete governance solution that spans the entire software lifecycle. We provide a complete component governance solution in the Sonatype Component Lifecycle Management that supports the entire software lifecycle. This augments the repository-centric governance capabilities that are provided by Nexus Pro.
Easily share and publish components across the different constituents in your internal team.
Hosted repositories provide the foundation for sharing and publishing components across your internal team. Nexus hosted repositories can be created and used to manage the components through the build, promotion and staging process. Nexus comes configured with hosted repositories that support releases, snapshots and 3rd parties. The release repository is where your organization publishes internal releases. The snapshot repository is use for internal snapshots that help manage the QA process. Nexus also supports 3rd-party dependencies for commercial, or proprietary licenses that are not available in the public Maven repositories. Support for hosted repositories provides the foundation for build promotion and staging and helps facilitate collaboration between the various development constituencies.
Speed the development process by providing a single virtual location where developers access their components.
Once you have decided which components should be used by your developers, you will want to make those components available to your developers in a seamless fashion. The last thing you want is for the developer to struggle with finding the location of the components. Nexus provides the concept of a group repository that allows you to expose the aggregated content of multiple proxy and hosted repositories with one URL to your developers using their favorite tools. Combining multiple repositories including external proxy repositories or hosted repositories that are setup for internal use provides a powerful feature that leads to greater developer productivity. Developers can access the correct components by leveraging a single URL shielding them from the potential complexity of multiple related repositories.
Discover & browse components via search
Find the right components you need to optimize your development efforts. Nexus Pro lets you search by custom metadata, browse archives and view component dependencies.
With OpenSearch, you can conveniently search for components from your browser's search bar. Our remote repository browsing feature coupled with Nexus Indexer support means that you can find remote components without having to login into remote repositories. You can also search public components locally without downloading the everything from the internet. Effectively developing component based software requires using the right components - components that can be trusted from a security, licensing and quality perspective. Nexus Pro provides the ability to identify and understand the right components from the start. Search by artifact metadata including GAV coordinates, class name or a class name pattern, checksum, or user defined metadata. View popularity and Sonatype Insight details as well as POM, Javadoc and file metadata component dependency details.
Nexus Feature Tour
Repository Health Check
Assess the components that your projects are using and avoid risks by reviewing popularity, license type and security vulnerabilities for every component in the repository.See Sample Report
Software components and the environment in which they live are constantly changing - think about evolving security threats for one. Being able to assess the health of the components in your repository is critical, starting with an overview of the security and license alerts that exist in your repository and then drilling down into the individual components. This allows you to quickly see the breakdown of vulnerabilities based on severity and the threat level it poses to your repository. You can see the number of licenses detected by category and the number of conflicting licenses. Once you have the overall picture or your repository health, you can dig deeper for a comprehensive license and security analysis. This health assessment is critical since things are constantly changing - new threats are introduced, software components are revised and the deployment environment is far from static.See Sample Report
Nexus Pro Feature Tour
Nexus Pro CLM Edition
Nexus Pro CLM Edition extends Nexus Pro by providing the ability to define and enforce policies that govern staging. With Nexus Pro CLM Edition, the powerful controls for the release process you get from Nexus Pro are combined with the rich information and validation available in Sonatype CLM server. Using them together you can ensure that any releases you produce are actively and automatically validated against up to date information in terms of security vulnerabilities and license characteristics for all the components you use – ensuring any whitelists or blacklists you maintain are enforced. For example you can establish a policy that notifies you or stops the staging process if any components in your software have known security vulnerabilities or use a license that is incompatible with your business model.
With Nexus Pro CLM Edition, you define policies based on security, licensing and quality metadata and use the policy to enforce action that control staging repositories used to support QA, as well as production repositories that support production applications.
Define policies that are based on security, licensing and quality intelligence from the Central Repository. Policy constraints can be defined by the security, legal/licensing and architecture teams to ensure that applications meet your organization standards.
Automated Policy Management & Approvals
Policies can enforce action for staged and production repositories. You can configure the enforcement point to fail, warn or do nothing when releasing or promoting the staging repository.
This example is configured to provide a warning if a component is included that violates an architecture constraint for a staged release. The same policy is configured to fail the release of the production deployment. The ability to provide guidance or enforce action for other points in the development lifecycle is available as part of the complete CLM solution.
Complete Component Lifecycle Management
Nexus CLM provides a natural path to the complete Component Lifecycle Management (CLM) solution. Sonatype CLM allows you to extend component management beyond the staging process of the repository. CLM manages the entire software lifecycle, the development process as well as the production environment. CLM guides development action by integrating directly in the tools developers use - IDE, build / CI environment.
The same policies that you create in the Nexus CLM to manage the staging process can be extended to guide or enforce actions in the procurement, development, build and operate phases of the lifecycle.