Nexus 2.0 supports .NET: “Building a more Secure and Effective Development Environment”
While we released Nexus Professional 2.0 last week, today we’re officially announcing our support for .NET. Here’s a key excerpt from today’s press release:
Sonatype, the company that is transforming software development, today announced that software developers using the .NET Framework can now utilize the Sonatype Nexus Professional repository manager to store, access and manage .NET components. Nexus is already the industry’s most widely used repository manager for Java components. By extending support to .NET, Sonatype now offers an ideal solution for Microsoft development teams, as well as heterogeneous development organizations.
Public Service Announcement: Your build is leaking (and how to stop it)
Use Maven. Gradle, or Ivy? or any other tool that depends on a remote repository? (Which is just about every build tool these days.) If you do, there’s a good chance that your builds are constantly leaking information about your projects, and if you don’t take some simple measure to protect yourself external actors can learn a lot about your internal projects.
The Department of Super Secret Projects (The SSP)
To illustrate this problem, let’s take a fictional government agency, the Department of Super Secret Projects, the SSP. Now everything the SSP does is, by definition, super secret. From the super secret propulsion system for a new sub to the super secret space-based laser project, this department is working on the kinds of projects that only a handful of people are working on and even fewer people are aware of.
Technology Focus: What is Scala?
Two weeks ago we talked about how many of the projects hosted in Scala Tools are moving over to publish directly to Central. That process is ongoing. In this post, I want to start something new. At Sonatype we touch a lot of different technologies and communities, and I want to make sure that we’re doing all we can to help put a spotlight on some of the communities that we’re watching. Whether it is a .NET-focused open source foundation like Outercurve, a customer that contributes back to Nexus OSS or, in this post, the Scala community, I think that Sonatype can at least help introduce some of these interesting technologies to a larger audience.
Gain some Insight with a Nexus Repository Health Check
Nexus 2.0 turns your repository manager into the first line of defense against security vulnerabilities and the perfect platform to assess your exposure to open source licenses. With this release, your repository becomes more than just a place to file binary artifacts, it becomes a tool you can use to implement security policy and govern which open source licenses are used in your projects.
Nexus is in perfect position to be your OSS “sentry”: keeping watch over insecure artifacts as they are downloaded from remote repositories. Your builds and your developers request open source artifacts from Nexus all the time, and Nexus relays those requests to remote repositories downloading the open source artifacts your teams have come to depend on. While your company builds software and completes CI builds, your Nexus instance is assembling a local cache of all the artifacts used in your applications. You can scan this local proxy cache for problematic components with a feature we’ve named Repository Health Check.
What is NuGet? (for Java Developers)
Nexus Professional 2.0 supports NuGet repositories, and while you’ll hear much more about that next week I think it’s important to introduce what NuGet is before we introduce you to how Nexus supports it. NuGet and NuGet Gallery is a relative newly way for .NET developers and .NET open source projects to distribute binaries. Nexus provides first-class support for proxying, hosting, and grouping the NuGet package repository format.
Now, I understand that the bulk of our audience is comprised of Java developers, and when a Java developer sees a .NET announcement or feature fly by it’s often met with a shrug. For whatever reason, there’s almost no overlap between Java developers and .NET developers, so I think it’s important to talk about NuGet in terms Java developers can understand. I also think it’s important for people to realize just how interested Sonatype is in spreading the word about NuGet. NuGet and NuGet Gallery remind us of Central, and if you’ve been paying attention to my blog posts in particular, I’m convinced that Central transformed both the way Java developers consume artifacts and the rate at which open source innovation happened over the last decade.
