Sonatype-Nexus

Nexus OSS is a free open source repository manager. It supports a wide range of package formats and it’s used by hundreds of tech companies.

This chart bootstraps a Nexus OSS deployment on a cluster using Helm. This setup is best configured in GCP since:

• google cloud storage is used for backups
• GCE Ingress controller is used for using a pre-allocated static IP in GCE.

There is also the option of using a proxy for Nexus that authenticates Nexus against an external identity provider (only GCP IAM at the moment) which is disabled by default.

Prerequisites

• Kubernetes 1.8+ with Beta APIs enabled
• PV provisioner support in the underlying infrastructure
• Fulfill Nexus kubernetes requirements

Flow control for binaries and build artifacts.

✔ Store: Give your teams a single source of truth for every component they use.

✔ Adapt: Provide universal coverage for all major package formats and types.

✔ Cache: Optimize build performance and reliability by caching proxies of remote repositories.

✔ Scale: Install on an unlimited amount of servers for an unlimited amount of users.

The world’s most popular repository

• Centralized repository for managing all popular component formats
• Single source of truth for all binaries and build artifacts.
• Gain insight into component security, license, and quality issues.

Universal support for all popular formats

• Store and distribute Maven/Java, npm, NuGet, RubyGems, Docker, P2, OBR, APT and YUM and more.
• Manage components from dev through delivery: binaries, containers, assemblies, and finished goods.
• Awesome support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy.
• Compatible with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more.

Explore the Nexus Platform

• Docker: Automate container security and scale DevOps with Lifecycle container analysis.
• Java: Automate open source governance and scale DevOps with precise intelligence for Java components.
• JavaScript: Automate open source governance and scale DevOps with precise intelligence for JavaScript components.
• .Net: Automate open source governance and scale DevOps with precise intelligence for.Net components.
• PyPI: Proxy and host PyPI components and define and enforce rules for PyPI component usage to ensure only the best PyPI components enter your Nexus Repository.
• GitHub: The Nexus Platform plugin for Jenkins pushes component intelligence into GitHub where developers can view and respond to policy violations.
• PHP: Generate a software bill of materials for PHP components to identify potential security risks and prioritize remediation based on severity.
• Swift: Generate a software bill of materials for Swift components to identify potential security risks and prioritize remediation based on severity.
• CocoaPods: Generate a software bill of materials for CocoaPods to identify potential security risks and prioritize remediation based on severity.
• Ruby Gems: Proxy and host Ruby Gem repositories and generate a software bill of materials for Ruby Gem components to identify potential security risks.
• C and C++: Generate a software bill of materials for C and C++ components to identify potential security risks and prioritize remediation based on severity.
• Eclipse: Empower developers with precise component intelligence directly within the Eclipse IDE.
• IntelliJ IDEA: Empower developers with precise component intelligence directly within IntelliJ IDEA.
• Microsoft Visual Studio: Empower developers with precise component intelligence directly within Microsoft Visual Studio.
• Jenkins: Shift security and quality practices left by automatically sending alerts or failing Jenkins builds when application components are out of compliance with your open source policies.
• Atlassian Bamboo: Shift security and quality practices left by automatically sending alerts or failing Bamboo builds when application components are out of compliance with your open source policies.
• Maven: Infuse your Maven builds with the most precise component intelligence and automatically fail builds based on policy violations, including violations found in transitive dependencies.
• SonarQube: View Sonatype’s precise component intelligence directly in SonarQube 6.x projects and dashboards, ensuring teams are evaluating every facet of high-quality application development.
• Xebia Labs: Identify the risk associated with open source components used within your applications and understand where those applications are deployed – QA, UAT, Production.
• npm: Node.js developers, Grunt users, and others can use Nexus Repository Manager to proxy npmjs.org and locally host their own npm packages.
• NuGet: .Net developers can take advantage of the NuGet package manager and the integration in VisualStudio to manage their own and third-party packages.
• Bower: Use Nexus Repository Manager to proxy and host Bower repositories.
• Yum: Establish a deployment pipeline from your Maven build to your Linux servers using RPM packages and YUM repositories.
• RPM: Define and enforce rules for RPM usage to ensure only the best RPM components enter your Yum Nexus Repository.
• GitLFS: Reduce download times by hosting large files locally in Nexus Repository, so all of your binaries are managed in one central location.
• AWS: Manage and secure open source and third-party components in the cloud with Nexus Repository and IQ Server.
• OpenShift: Use Nexus to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.
• Mesosphere DC/OS: Deploy Nexus Repository as a free solution for managing open source components and Docker containers within DC/OS.
• Atlassian Crowd: Connect the Nexus Repository to the same security backend as Confluence, Bamboo, and JIRA.
• Atlassian Bitbucket: The Nexus Notifier plugin for Jenkins pushes component intelligence into Bitbucket Code Insights where developers can view and respond to policy violations.