Healthcheck Features in Nexus Pro / Nexus Auditor

Author, Ilkka Turunen

Repository Health Check

Question of the Day

I’ve downloaded the Nexus Pro Trial, focusing on the procured repository function. We want to check open source components for license and security status. Can this be achieved with Nexus Pro alone? If so, what benefit is added by Nexus Audit?

Answer from Ilkka

Nexus Pro

Both of these points can be achieved with Nexus Pro. Pro has a Repository Health Check function for proxy repositories that will allow you to retrieve information about the components/artifacts that you have retrieved using the proxy. You can retrieve data about associated vulnerabilities and licensing information about those components by running a Repository Health Check.

This report can be run on any proxy repository you have, but will not work on hosted/virtual repositories.

Nexus Auditor

Nexus Auditor allows you to produce a report of an individual application, e.g. a War/Jar file or a bundled NuGet package. The report lists a detailed bill of materials about what open source components were identified from the package. It also lists the same data about vulnerabilities and and licences of the components listed in the bill of materials so you can see what the application has inside it and be aware of any risk from said components.

Repository Health Check

Resources for These Solutions

The following two tabs change content below.
Ilkka Turunen is a Solutions Architect at Sonatype. He has worked with companies large and small as a infrastructure consultant and as a developer. Now he aims to show how the Nexus products can benefit teams large and small. He's based in London, UK and can best be found in a coffee shop near the silicon roundabout.

Related posts