Welcome!

DevOps Leadership Series

Derek Weeks

Subscribe to Derek Weeks: eMailAlertsEmail Alerts
Get Derek Weeks via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Article

Nexus Repository Rising

Say Hello to the New Pro

Free Birds, Free Coffee, and Free Willy. Software development  is hard enough, so we’re making it easier.  You see, a few years ago Sonatype made a promise that Nexus Repository should provide universal component support for free.  This month, we are continuing to live up to that promise by expanding component support in Nexus Repository OSS to include PyPI and RubyGems packages. Nexus Repository now offers free support for seven components types.  For those who thought we only supported Java components, you must be thinking of the other guys.


Screen_Shot_2016-09-08_at_1.51.33_PM.png

 

Book Smart, Street Smart. Four years ago, we introduced software composition analysis within our repository.  Why?  Developers using components to build software want to know if those parts are good or bad.  Licenses, security vulnerabilities, versions, age, and adoption rates are all attributes of good and bad.  While a basic version of component analysis is available in Nexus Repository OSS, more advanced capabilities of Repository Health Check (RHC) are available in Nexus Repository Pro.


Development teams don’t want to build software using bad parts. Every day, Sonatype analyzes millions of components across 70,000 repositories for organizations wanting to discriminate between good parts and bad parts.  To achieve this, Sonatype combined machine learning algorithms (book smart) with a team of world class experts who perform non-stop research to precisely distinguish good components from bad (street smart).  As you can see, from RHC’s origins in 2012, we’ve all come a long way to help development teams get smarter about the parts they are using.

Nexus Repository Pro: Application Analysis. Repository Health Check helps development teams understand if defective, known vulnerable, or poor quality components live in their Nexus repositories.  What RHC does not tell you is if those components have been used in an application.
With the upcoming release of Nexus Repository 3.1, we have now integrated the ability to perform a detailed analysis of the components and applications within the repository. Application Health Check(AHC) will enable Nexus Repository users to quickly evaluate components used in the applications.  AHC will provide details on known security vulnerabilities, open source license types, component age, download popularity, safer alternative versions available to developers, and more. This feature is available for both open source and Pro versions of the product.

Big News, Nice Price. Continuous delivery is hard enough, so we’re making that easier too.  This fall, we are introducing active-active high availability in Nexus Repository Pro.  When development efforts are non-stop, Nexus Repository must be non-stop.  High availability is built-in to Nexus Repository Pro and it is simple to configure, manage and maintain.  A 10-user pack starts at $1200 a year.




We’re not finished yet.  Our engineering team is working hard to deliver more easy to use features for you across our two Nexus Repository offerings.  Until then, we invite you to learn more about upgrading to Nexus Repository Pro.

More Stories By Derek Weeks

In 2015, Derek Weeks led the largest and most comprehensive analysis of software supply chain practices to date across 160,000 development organizations. He is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies, reduce costs, and sustain long-lasting competitive advantages.

As a 20+ year veteran of the software industry, he has advised leading businesses on IT performance improvement practices covering continuous delivery, business process management, systems and network operations, service management, capacity planning and storage management. As the VP and DevOps Advocate for Sonatype, he is passionate about changing the way people think about software supply chains and improving public safety through improved software integrity. Follow him here @weekstweets, find me here www.linkedin.com/in/derekeweeks, and read me here http://blog.sonatype.com/author/weeks/.