Question of the Day
I’ve downloaded the Nexus Pro Trial, focusing on the procured repository function. We want to check open source components for license and security status. Can this be achieved with Nexus Pro alone? If so, what benefit is added by Nexus Audit?
Answer from Ilkka
Both of these points can be achieved with Nexus Pro. Pro has a Repository Health Check function for proxy repositories that will allow you to retrieve information about the components/artifacts that you have retrieved using the proxy. You can retrieve data about associated vulnerabilities and licensing information about those components by running a Repository Health Check.
This report can be run on any proxy repository you have, but will not work on hosted/virtual repositories.
Nexus Auditor allows you to produce a report of an individual application, e.g. a War/Jar file or a bundled NuGet package. The report lists a detailed bill of materials about what open source components were identified from the package. It also lists the same data about vulnerabilities and and licences of the components listed in the bill of materials so you can see what the application has inside it and be aware of any risk from said components.
Resources for These Solutions
- Quick comparison matrix: Nexus Pro, Nexus Pro+, Nexus Lifecycle, Nexus Auditor
- Feature tour: Auditor/Lifecycle
- Nexus Pro Repository Health Check Documentation
- 4 Open Source Components You Need to Update Right Now
Latest posts by Ilkka Turunen (see all)
- The Latest Victim of Deserialization-Gate - November 23, 2015
- Nexus and SSL - November 4, 2015
- 3 Things Developers Can Learn from the Scandal at VW - October 28, 2015
- Automating Nexus Deployment: Cookbooks, Modules and Playbooks - August 18, 2015
- Using the REST API in Nexus 2.x - August 13, 2015