Nexus OSS is a free open source repository manager. It supports a wide range of package formats and it’s used by hundreds of tech companies.
This chart bootstraps a Nexus OSS deployment on a cluster using Helm. This setup is best configured in GCP since:
- google cloud storage is used for backups
- GCE Ingress controller is used for using a pre-allocated static IP in GCE.
There is also the option of using a proxy for Nexus that authenticates Nexus against an external identity provider (only GCP IAM at the moment) which is disabled by default.
Prerequisites
- Kubernetes 1.8+ with Beta APIs enabled
- PV provisioner support in the underlying infrastructure
- Fulfill Nexus kubernetes requirements
Flow control for binaries and build artifacts.
✔ Store: Give your teams a single source of truth for every component they use.
✔ Adapt: Provide universal coverage for all major package formats and types.
✔ Cache: Optimize build performance and reliability by caching proxies of remote repositories.
✔ Scale: Install on an unlimited amount of servers for an unlimited amount of users.
The world’s most popular repository
- Centralized repository for managing all popular component formats
- Single source of truth for all binaries and build artifacts.
- Gain insight into component security, license, and quality issues.
Universal support for all popular formats
- Store and distribute Maven/Java, npm, NuGet, RubyGems, Docker, P2, OBR, APT and YUM and more.
- Manage components from dev through delivery: binaries, containers, assemblies, and finished goods.
- Awesome support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy.
- Compatible with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more.
Explore the Nexus Platform
- Docker: Automate container security and scale DevOps with Lifecycle container analysis.
- Java: Automate open source governance and scale DevOps with precise intelligence for Java components.
- JavaScript: Automate open source governance and scale DevOps with precise intelligence for JavaScript components.
- .Net: Automate open source governance and scale DevOps with precise intelligence for.Net components.
- PyPI: Proxy and host PyPI components and define and enforce rules for PyPI component usage to ensure only the best PyPI components enter your Nexus Repository.
- GitHub: The Nexus Platform plugin for Jenkins pushes component intelligence into GitHub where developers can view and respond to policy violations.
- PHP: Generate a software bill of materials for PHP components to identify potential security risks and prioritize remediation based on severity.
- Swift: Generate a software bill of materials for Swift components to identify potential security risks and prioritize remediation based on severity.
- CocoaPods: Generate a software bill of materials for CocoaPods to identify potential security risks and prioritize remediation based on severity.
- Ruby Gems: Proxy and host Ruby Gem repositories and generate a software bill of materials for Ruby Gem components to identify potential security risks.
- C and C++: Generate a software bill of materials for C and C++ components to identify potential security risks and prioritize remediation based on severity.
- Eclipse: Empower developers with precise component intelligence directly within the Eclipse IDE.
- IntelliJ IDEA: Empower developers with precise component intelligence directly within IntelliJ IDEA.
- Microsoft Visual Studio: Empower developers with precise component intelligence directly within Microsoft Visual Studio.
- Jenkins: Shift security and quality practices left by automatically sending alerts or failing Jenkins builds when application components are out of compliance with your open source policies.
- Atlassian Bamboo: Shift security and quality practices left by automatically sending alerts or failing Bamboo builds when application components are out of compliance with your open source policies.
- Maven: Infuse your Maven builds with the most precise component intelligence and automatically fail builds based on policy violations, including violations found in transitive dependencies.
- SonarQube: View Sonatype’s precise component intelligence directly in SonarQube 6.x projects and dashboards, ensuring teams are evaluating every facet of high-quality application development.
- Xebia Labs: Identify the risk associated with open source components used within your applications and understand where those applications are deployed – QA, UAT, Production.
- npm: Node.js developers, Grunt users, and others can use Nexus Repository Manager to proxy npmjs.org and locally host their own npm packages.
- NuGet: .Net developers can take advantage of the NuGet package manager and the integration in VisualStudio to manage their own and third-party packages.
- Bower: Use Nexus Repository Manager to proxy and host Bower repositories.
- Yum: Establish a deployment pipeline from your Maven build to your Linux servers using RPM packages and YUM repositories.
- RPM: Define and enforce rules for RPM usage to ensure only the best RPM components enter your Yum Nexus Repository.
- GitLFS: Reduce download times by hosting large files locally in Nexus Repository, so all of your binaries are managed in one central location.
- AWS: Manage and secure open source and third-party components in the cloud with Nexus Repository and IQ Server.
- OpenShift: Use Nexus to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.
- Mesosphere DC/OS: Deploy Nexus Repository as a free solution for managing open source components and Docker containers within DC/OS.
- Atlassian Crowd: Connect the Nexus Repository to the same security backend as Confluence, Bamboo, and JIRA.
- Atlassian Bitbucket: The Nexus Notifier plugin for Jenkins pushes component intelligence into Bitbucket Code Insights where developers can view and respond to policy violations.
Related
