RebelLabs recently put out their Java Tools and Technologies Landscape report, and we were pleased to see Nexus chosen as the component manager of choice by 64% of developers. We saw this same preference carry over in our own recent Open Source Development survey, where 49% of respondents indicated they used Nexus OSS (now known as Sonatype Nexus Repository Community Edition), and 17% indicated they used Nexus Pro (now known as Sonatype Nexus Repository) as their local component manager. Whether you looked at OSS or Pro component managers, a 4-to-1 margin used Sonatype's platforms over the other market alternatives. While any reasonable person could argue that the results from our survey were skewed, the results encouraged us to analyze these market trends further using data that holds a stronger voice of the truth.
By digging into the log data from the Central Repository, we were able to capture more compelling proof of component manager use across the development community.
Based on this analysis, we found approx. 40,000 distinct Nexus servers connected to the Central Repository, giving us 75% of the market share for these connections. The compelling part is that the Nexus connections experienced 100% growth since January 2013. Other leading component managers connected to the Central Repository grew by as much as 22% over the same period. This growth validates the explosive ramp in open source development we've seen over the years, where now 90% of the average application consists of open source components. The takeaway here is, you're not alone in using Nexus. In fact, each time you use Nexus, you're accompanied by a small town of Nexus users.
The analysis also showed that many of these Nexus instances have the Repository Health Check feature enabled. In fact, 32,000 health checks are run daily, ranging from 5 billion(!) components analyzed by our data services every year. Not bad! More proof, analyzing open source components for known security vulnerabilities and unacceptable licenses continues to be a growing priority for organizations who need to identify risks early in the development life cycle. If you do not have this feature enabled, consider turning it on today.
In the realm of component managers, there's still room for growth. We anticipate that many organizations will continue to deploy multiple instances of component managers across the stages of their secure software development life cycles. We also found that 14% of respondents still use Apache httpd, another web server or no component manager. In my opinion, each of these scenarios amounts to a hack solution. And considering the basic maturity of software development practices today, these hack approaches should be considered unacceptable. There are proven component managers on the market, and we hope these users will eventually migrate to using a repository manager as the start of good component practice.
If you want to learn more about Nexus component managers, we have a great community and many resources for you to use. For example, we now offer a free online training course that showcases the Nexus Staging Suite.