Today we are excited to announce the availability of the incredibly popular repository manager and private container registries, Nexus Repository, on DC/OS. Among its many benefits, Nexus Repository will deliver the first, free, enterprise-scale private Docker registry to the Mesosphere DC/OS community.
With over 120,000 active installations and millions of users, Nexus is the repository manager of choice for many DevOps toolchains. While there is a commercial version of Nexus Repository, the free version available in Mesosphere DC/OS provides full-function support for managing binaries, build artifacts, and Docker images.
Artifact repositories play an important role in the software development lifecycle especially in the age of Docker containers. Utilizing a standardized repository manager for your software artifacts and container images provides many benefits:
- Efficiency - Accelerating DevOps toolchains and collaboration with dedicated local storage for all components (binaries, build artifacts, containers)
- Speed - Improving build performance by proxing public repositories like DockerHub, Maven Central, npmjs.org, then caching those components locally
- Security - Ensuring proper access controls and security for proprietary container images, binaries, and build artifacts
- Quality - Improving component selection resulting in higher quality applications and less unplanned work
Running Nexus on DC/OS allows users to have a unified repository for not just Docker containers, but their software artifacts such as Java JAR, WAR, EAR formats; plain ZIP or .tar.gz files, other package formats such as NuGet packages, RubyGems, npm packages, PyPI packages, and others. DC/OS customers can also partition a single Nexus instance to many repositories across multiple teams and even between different environments such as Dev, test, and production.
For Nexus users, Mesosphere DC/OS is the premier platform for building and elastically scaling modern data rich applications. DC/OS provides a one-click installation of Nexus Repository, and provides a unified platform for container orchestration, entire CI/CD and data services that can run either on-premise and on the cloud.
Please check this video for a quick demo.
To Security and Beyond
Nexus Repository also includes two component intelligence options, Repository Health Check and Application Health Check. Each provides a detailed list of security vulnerabilities and license compliance issues for any open source components found inside Nexus repositories or applications stored within.
The relationship between Mesosphere and Sonatype does not stop at the repository manager. While having a free, private registry to manage Docker containers is cool, many people deploying containers are also concerned about security. In fact, the recent DevSecOps Community survey showed that 88% of organizations are concerned about security when deploying containers, yet only 54% of those have tools available to help with this issue.
Sonatype offers a solution called Nexus Lifecycle Container Analysis (LCA). This solution helps organizations analyze the application contents of a container to assess them for security vulnerabilities, license risks, and other related issues. More news on this solution will be coming...stay tuned.
If you happen to be in Austin this week for DockerCon, plan to stop by the Mesosphere booth to learn more about Nexus Repository and Mesosphere DC/OS working together.
May 24 - Live Demo
For those of you not attending DockerCon, please join us on May 24th for our live demo of Mesosphere's DC/OS platform using Nexus as part of a CI/CD toolchain. We will also be showing of our Nexus Lifecycle Container Analysis solution that analyzes security vulnerabilities in the application layer of your containers.
Written by Justin Young
Proud Angeleno, Inquisitive Tinkerer, Optimistic Trendsetter.