md1.sonatype.com

What is Nexus?

Nexus manages software "artifacts" required for development. If you develop software, your builds can download dependencies from Nexus and can publish artifacts to Nexus creating a new way to share artifacts within an organization. While Central repository has always served as a great convenience for developers you shouldn't be hitting it directly. You should be proxying Central with Nexus and maintaining your own repositories to ensure stability within your organization.

With Nexus you can completely control access to, and deployment of, every artifact in your organization from a single location.


Why Nexus?

If you've developed software on a team, you've probably experienced the paradox that it is often much easier to consume open source than it is to share software between two departments in the same company. This is the problem that Nexus was designed to solve. With Nexus you get a repository that brings the benefits of Central to your internal development groups. It isn't just that Nexus "makes things easier", it is that the services it provide become an essential component of an efficient development lifecycle. Once you've started to use Nexus to support collaboration it's very difficult to go back.

The open source version of Nexus Open provides the following core features:

Proxied Remote Repositories

When you proxy a remote repository with Nexus Open source you can control all aspects of the connection to a remote repository including security parameters, HTTP proxy settings. You can configure which mirrors Nexus will download artifacts from, and you can control how long Nexus will store artifacts and how it will expire artifacts which are no longer referenced by your build.

Hosted Repositories

When you host a repository with Nexus Open Source, you can upload artifacts using the Nexus interface, or you can deploy artifacts to hosted repositories using Maven, Gradle, or Ivy. Nexus will also create the standard Nexus Index for all of your hosted repositories which will allow tools like m2eclipse to rapidly locate software artifacts for your developers.

Repository Groups

Grouping repositories allows you to consolidate multiple repositories into a single URL. This makes configuring your development environment very easy. All of your developers can point to a single repository group URL, and if anyone ever needs a custom remote repository added to the group, you can do this in a central location without having to modify every developer’s workstation.

Fine-grained Security Model

Nexus Open Source ships with a capable and customizable security model. Every operation in Nexus is associated with a privilege, and privileges can be combined into standard Nexus roles. Users can then be assigned both individual privileges and roles that can be applied globally or at a fine grained level. You can create custom administrative roles that limit certain repository actions such as deployment to specific groups of developers and you can use these security roles to model the structure of your organization.

Flexible LDAP Integration

If your organization uses an LDAP server, Nexus Professional can integrate with an external authentication and access control system. Nexus Professional is smart enough to be able to automatically map LDAP groups to the appropriate Nexus roles, and it also provides a very flexible facility for mapping existing users and existing roles to Nexus roles.

Artifact Search

Nexus Open Source provides an intuitive search feature which allows you to search for software artifacts by identifiers such as groupId, artifactId, version, classifier, and packaging, names of classes contained in Java archives, keywords, and artifact checksums. Nexus search makes use of the industry standard for repository indexes, the Nexus Index format, and Nexus will automatically download a Nexus index from all remote repositories which create a Nexus index. Nexus will also automatically expose a Nexus index for any hosted repositories you create.

Scheduled Tasks

Nexus Open Source has the concept of scheduled tasks: periodic jobs which take care of various repository management tasks such as deleting old snapshots, evicting unused items, and publishing repository indexes. REST Services. Nexus Open Source is based on a series of REST services, and when you are using the Nexus web front-end UI, you are really just interacting with a set of REST service. Because of this open architecture, you can leverage the REST service to create custom interactions or to automate repository management with your own scripts.

Nexus Plugins

Nexus Open Source provides a rich API for extension in the form of Nexus Plugins. When you write a Nexus Plugin, you can customize REST services, the Nexus UI, repository formats, or write components that can intercept requests and add new capabilities to the platform. The plugin API which you have access to in Nexus Open Source is the same plugin API that is used to implement value-added features available in Nexus Professional.

Integration with m2eclipse

When you use Nexus as a repository manager it creates indexes that support some of the next-generation tools available in m2eclipse - Sonatype’s Maven plugin for the Eclipse IDE. If you publish new artifacts and archetypes to Nexus, they are immediately available to m2eclipse project creation wizards and are included in m2eclipse search results.

What is Nexus Professional?

Nexus Professional was designed to meet the needs of the enterprise. It is a central point of access to external repositories which provides the necessary controls to make sure that only approved artifacts enter into your software development environment. It is also a central distribution point with the intelligence required to support the decisions that go into making quality software.

Once you start to use the workflow and decision support features of Nexus Professional, you will start to see it as the "assembly line" - the central collaboration point for your software development efforts.

Why Nexus Professional?

Nexus Professional offers the following features:

.NET Support (New in 2.0)

Improve collaboration and control while speeding .NET development. Standardize on a single repository for all your development and get all the benefits of Nexus when working in the .NET architecture.

Repository Insight (New in 2.0)

Avoid risks by identifying problematic components. New reports identify licensing, security and quality information about every component in the repo.

Improved Proxy Scalability (New in 2.0)

Keep even the largest teams in sync and reduce build times by collocating proxy servers with developers. An enhanced proxy pushes updates from the master, improving the performance of even the largest configurations.

Staged Releases

When was the last time you did a software release to a production system? Did it involve a QA team that had to sign-off on a particular build? What was the process you used to re-deploy a new build if QA found a problem with the system at the last minute? Because few organizations use a mature process to manage binary software artifacts, there is little in the way of infrastructure designed to keep track of the output of a build. The Nexus Staging Suite changes this by provide workflow support for binary software artifacts. If you need to create a release artifact and deploy it to a hosted repository, you can use the Staging Suite to post a collection of related, staged artifacts which can be tested, promoted, or discarded as a unit. Nexus keeps track of the individuals that are involved in a staged, managed release and can be used to support the decisions that go into producing quality software.

Artifact Procurement

Consider the default behavior of a proxy repository. Any developer can reference any artifact stored in a remote repository and cause Nexus to retrieve the artifact from the remote repository and serve back to a developer. Very often a company might want to control the set of artifacts which can be referenced in a proxy repository. Maybe the company has unique security requirements which require every third-party library to be subjected to a rigorous security audit before they can used. Or, maybe another company has a legal team which needs to verify that every artifact referenced by your software adheres to an inflexible set of license guidelines. The Nexus Procurement Suite was design to give organization this level of control over the artifacts that can be served from Nexus.

Hosting Project Sites

Nexus Professional is a publishing destination for project web sites. While you very easily generate a project web site with Maven, without Nexus, you will need to set up a WebDAV server and configure both your web server and build with the appropriate security credentials. With Nexus, you can deploy your project’s web site to the same infrastructure that hosts the project’s build output. This single destination for binaries and documentation helps to minimize the number of moving parts in your development environment. You don’t have to worry about configuring another web server or configuring your builds to distribute the project site using a different protocol, you simple point your project at Nexus and deploy the project site.

Support for OSGi Repositories

Instead of just supporting JAR repositories, Nexus Professional supports OSGi Bundle repositories and P2 repositories for those developers who are targeting OSGi or the Eclipse platform. Just like you can proxy, host, and group repositories, Nexus Professional allows you to do the same with OSGi repositories.

Enterprise LDAP Support

Nexus Professional offers LDAP support features for enterprise LDAP deployments including detailed configuration of cache parameters, support for multiple LDAP servers and backup mirrors, the ability to test user logins, support for common user/group mapping templates, and the ability to support more than one schema across multiple servers.

Support for Atlassian Crowd

If your organization uses Atlassian Crowd, Nexus Professional can delegate authentication and access control to a Crowd server and map Crowd groups to the appropriate Nexus roles.

The User Account Plugin

When you are running a large, public instance of Nexus, it is often very useful to allow users to sign up for an account without the assistance of an administrator. Nexus Professional’s User Account plugin allows for just this. With this plugin activate, a new user simply has to fill out a simple form and type in letters from a CAPTCHA. Once a user has signed up for Nexus, Nexus will then send an email with a validation link. If you are working in an environment with hundreds or thousand of users the user account plugin will allow you to support the tool without having to create logins for each individual user.

Maven Settings Management

Nexus Professional along with the Nexus Maven Plugin allow you to manage Maven Settings. Once you have developed a Maven Settings template, developers can then connect to Nexus Professional using the Nexus Maven plugin which will take responsibility for downloading a Maven Settings file from Nexus and replacing the existing Maven Settings on a local workstation.

Support for Artifact Bundles

When software is deployed to the Central repository, it is deployed as a signed artifact bundle. Nexus Professional’s Staging Suite allows you to upload artifact bundles to a staged repository.

Artifact Validation and Verification

The software artifacts you download from a remote repository are often signed with PGP signatures. Nexus Professional will make sure that these PGP signature are valid and the procurement plugin defines a few other rules that can be applied to artifacts which are downloaded from remote repositories. Nexus Professional also defines an API which allows you to create your own custom verification rules.

Custom Repository Metadata

Nexus Professional provides a facility for user-defined, custom metadata. If you need to keep track of custom attributes to support approval workflow or to associate custom identifiers with software artifacts, you can use Nexus to define and manipulate custom attributes which can be associated with artifacts in a Nexus repository.