So What is a Component?

  • All the stuff you use to create your applications
  • The plumbing you don’t want to write yourself
  • Logging, IoC, persistence layer, ORM, …
  • And that you get easily by declaring dependencies with Maven, Gradle, NuGet, npm…
  • Comprises 80-90% of your application
Warning

And you are responsible for it all.

So What is a Component?

  • But also all the parts you create and use
    • Including the application deployment packages
  • JARs, WARs, EARs..
    • but also rpm and npm packages or tar.gz files

What is a Repository?

  • Organized storage for components
  • Uses e.g. GAV coordinates for structure

→ A Component Manager helps with administration and usage of components stored in repositories

Tip

Just like a Git server helps you manage source code in Git repositories

Problems Without Component Manager

  • Common complaint "Maven/Gradle/npm/NuGet is downloading the internet, again!"
  • Everything is cached locally (e.g. in ~/.m2/repository)
  • Components are used from local repo in all your projects
  • But new versions or new components trigger downloads
    • E.g. 500 developers and 500 CI nodes = 1000 downloads
    • Global bank reduced from 2.6 millon to 90k downloads
    • That’s a lot of wasted bandwidth and time
  • How do I use the x.y.z proprietary component - I can’t find it in the Central Repository (or wherever)?
  • How do I share my components with the other teams?
Tip

This is where Sonatype Nexus can help!

Component Manager Tasks

Nexus is a dedicated server software:

It is used to…

  • Proxy and manage access to public repositories
  • Store components that are not in public repositories
  • Manage and host internal releases
  • Distribute components internally and beyond

→ Facilitate internal collaboration across components and teams

Component Usage Growth…

is exploding. And so is usage of Nexus.

images/repository-growth.jpg

Data from access logs to Central Repository.

Nexus Open Source - Nexus OSS

Getting Started - Nexus OSS

Installation is simple:

  1. Install Java 7
  2. Get the bundle with the embedded Eclipse Jetty server
  3. Extract archive, create symbolic link and run 
    sudo cp nexus-x.y.z-bundle.tar.gz /opt
cd /opt
sudo tar xvzf nexus-x.y.z-bundle.tar.gz
ln -s nexus-x.y.z nexus
cd nexus
./bin/nexus console
  4. Go to http://localhost:8081/nexus and log in with admin/admin123
  5. It’s easy and the benefits are immediate.
Tip

Let’s have a look..

Nexus User Interface Tour

  • Search for components
    • including advanced search
    • and find components available in remote repositories!
  • View component details
    • including security and license details in Nexus Pro
  • Repositories
  • Server administration
  • Security
    • fine-grained control
    • component access and user interface

Maven Repository Format

  • Maven repository format is the de-facto standard for JVM build tools
  • Allows build tool independent sharing
  • Ant/Ivy, Ant/Aether, Maven, Gradle, SBT, Grails, Leiningen
  • Proxy Central Repository and others
  • Hosted repository for your releases and third party components
Tip

Detailed instructions for different tools are in the Nexus book.

NuGet

  • Package management for .Net developers
  • Proxy NuGet Gallery
  • Hosted repository for your releases and third party components
  • Support in Visual Studio
  • Nexus OSS 2.9+
Tip

More on the website.

NPM Support

  • Package management for Node.js development
  • Proxy npmjs.org registry
  • Hosted repository for your releases and third party components
  • Part of Nexus OSS 2.10+
Tip

Setup and more tips are in the Nexus book.

RPM/Yum

  • Expose your Maven repository in Yum format
  • Use it for production deployment of your application
  • Originally a community contribution
  • Long time part of Nexus OSS

(J)Ruby Gems Support

Sonatype Nexus as Central Hub

images/nexus-tool-suite-integration.png

→ Nexus is a key component of your enterprise development infrastructure

Community Projects

Nexus plugins and integrations

  • Chef and Puppet script
  • Command line tools
  • CI server integrations
  • and many more
Tip

Write your own with REST or Java API.

The Nexus

  • New community site at http://www.sonatype.org/nexus
  • With blog posts, videos, free training material, downloads
  • Regular Nexus Live event
  • Looking for guest contributions
  • Sonatype can help with presentations, presenter and support at meetings

→ Come to the Sonatype booth!

OSSRH

  • Open Source Repository Hosting at http://oss.sonatype.org
  • Free hosted Nexus Professional for community
  • Hosts snapshot deployments
  • Releases are synced to the Central Repository
  • Publishing is easy!

Central Repository

images/central-stats.png

Central Repository

Repository Health Check

Checks all components in a Nexus repository for * Security vulnerabilities

  • License issues
  • Overview in Nexus OSS
  • Details in Nexus Pro
  • >35000 checks run daily
  • >10000 Nexus instances

Nexus Professional

  • Takes component management to the next level
  • Available for free, if you run a open source forge like JBoss, Apache, …
  • More component information
  • More security features
  • Staging suite for release management
  • CLM integration
Tip

Demo time…

Sonatype CLM

  • Component Lifecycle Management
  • Define policies
    • including security, license, coordinates, labels and other metadata
  • Work with and enforce policies
    • in IDE
    • in CI server
    • SonarQube
    • Maven plugin
    • Command line tool
  • and inspect the results of the analysis
Tip

Do we have time for a demo? Sure…

Application Health Check

  • Scan a file for components
  • Analyze for security and license checks
  • Inspect a comprehensive report
  • For free available on the Sonatype website

Nexus 3

  • Milestone releases available
  • New user interface
  • New backend
  • New features
  • Lots more coming
Tip

We want your feedback! Give it a whirl!

Resources

Visit Us

Come and drop by the Sonatype booth for

  • T-shirts
  • Lightsabers
  • Nexus Professional license for your forge
  • Contact for user group meetings
  • Demos, a chat and …
Tip

a chance to to win a DJI Phantom FC40 Drone.