4 Outcomes of an Advanced Repo Manager Strategy

The Component Lifecycle Management Company

4 Outcomes of an Advanced Repo

Manager StrategyWhat a Repository Can Do for You

Go Fast. Be Secure.

The Webinar will start at 12 PM EDT

Tweet your thoughts: #sonatype


2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 -

1,000

2,000

3,000

4,000

5,000

6,000

7,000

8,000

Re

qu

est

s in

Mill

ion

s

8 BillionRequests in 2012

Growth Drivers

Mobile Cloud

Web Apps Big Data

The Component Revolution

#sonatype


90%Assembled

A Sea Change in Application Development

Written

Source: 2012 / 2013 Sonatype analysis of more than 1,000 enterprise applications

#sonatype


A Highly Complex Ecosystem

Complexity Diversity Volume Change

One component may rely on 00s

of others

40,000 Projects200MM Classes

400K Components

Typical EnterpriseConsumes 000s of

Components Monthly

Typical Component is Updated 4X

per Year

#sonatype


The Need for Repository Management

Why Use a Repository?

Reduce Build Times by proxying cloud repositories and caching components locally.

Improve Collaboration by providing a central location to store, manage, and share common components used across developers and teams.

Enhance Control by providing a mechanism to observe, manage, and govern component usage.

#sonatype


Nexus Professional & Nexus Pro CLM Edition

Go Beyond Basic Repository Management

Deliver on time with smart proxy to ensure your repos are always available and your teams are in sync.

Meet quality standards with automated control of release management staging and promotion.

Make intelligent decisions by validating the health of the components in your repository.

Protect your assets with access control and secure connectivity to the Central Repository.

#sonatype

Nexus Pro: the foundation for complete Component Lifecycle Management


Exclusive Pro Features: Smart Proxy

Reduce build times, improve availability and keep teams in sync with Nexus Smart Proxy.

#sonatype


Smart Proxy & Component Storage Options Speed Development Efforts

Faster build times since all components & dependencies are available locally.

Better reliability since you are not dependent on public internet and external network access.

Constant availability eliminates unplanned downtime using Nexus HA configuration option.

Free your source control system of components & their dependencies (they don’t need to be version controlled).

Facilitate collaboration & sharing for internal and external teams.

Simplify access to components using a single virtual location where developers access their components.

#sonatype


Exclusive Pro Features: Repository Health Check

Repository Health Check lets you assess the security, licensing and popularity of your components.

#sonatype


Repository Health Check Allows you to Analyze Component Risk

Avoid using tainted components that put your organization at risk – security & licensing risk.

Quickly assess your security posture by viewing a breakdown of vulnerabilities based on severity and threat level.

Quickly analyze your license risk by viewing the licenses by category and number of conflicting licenses.

Easily perform detailed analysis by drilling into comprehensive license and security analysis.

Repo analysis is good starting point for CLM which applies policy to staging and promotion and extends component management throughout the software lifecycle.

#sonatype


Exclusive Pro Features: Build Promotion and Staging

Streamline workflow and control how components flow through development, QA, and production with Nexus Pro staging.

#sonatype


Nexus Pro CLM Edition: Use Policy to Manage Releases

Define and enforce build promotion and staging rules based on component security,

licensing, and popularity information.

#sonatype

• Policies can be defined based on security, licensing & quality metadata

• Releases can be stopped, warnings created & notifications generated

• Other enforcement points available as part of Sonatype CLM

Charles Gold

Need higher res images


Staging & Promotion with Automated Policies Provides Better Release Management

Easily manage releases by creating isolated candidates that can be promoted or discarded based on release tests.

Manage release promotion for “dev to test to prod” & coordinate releases between multiple project teams (for example GUI, Data Services, & Business Logic teams).

Improve collaboration between internal and external development teams through controlled sharing of releases.

Automated policy provides control with minimal effort, ensuring that releases meet your security, licensing & architecture policies.

#sonatype


Exclusive Pro Features: Access Control & SSL

Control access with LDAP and user tokens. Atlassian Crowd supports Single Sign-On efforts.

Communications with the Central Repository are SSL encrypted to prevent man-in-the-middle attacks.

#sonatype


Nexus Security Ensures Trusted Access & Component Delivery

Ease administrative burden & support authentication failover by using LDAP to support authentication.

Strengthen authentication efforts with user tokens that eliminate the need to store plaintext passwords.

Simplify access to Nexus by providing your users the ability to leverage Nexus using Single Sign-On.

Protect your critical assets by partitioning repositories to permission individual sets of assets.

Ensure the components you download are delivered securely by using SSL to support a tamper resistant connection to the Central Repository.

#sonatype


Foundation for Agile, Component-Based Development

Nexus Pro: Repository Foundation for Complete Component Lifecycle Management

Extend component management to your entire software development including your IDE, & build/CI/CD process.

Ensure your production applications are trusted using the Sonatype CLM to monitor & identify newly discovered vulnerabilities.

#sonatype


Sonatype Product Family

Nexus OSS

Sonatype CLM Component Lifecycle Management• Centrally define governance policies• Enforce throughout the lifecycle• Integrate with existing developer tools• Build security in from the start• Continuous trust for production apps

Sonatype Nexus Repository Management• Improve collaboration• Controlled release process

Industry standard open source repository manager

Nexus Pro

Enterprise features, enterprise support

Nexus Pro CLM Edition

Component governance in the repo

Sonatype CLM

Nexus OSS Repository• Speed Builds

#sonatype


Questions


Don’t Miss the Rest of the Nexus Series

#sonatype

Download a Free Trial – Updated Trial Guide and New Ant & Gradle Samples http://www.sonatype.com/nexus/free-trial

Join Nexus Live – An Insider’s Tech Talk with Product Experts https://plus.google.com/u/0/events/cfopeju15jdp61fv76kv3a8n0bs

Take a Training Course- Full Day Training to Maximize use of Nexus & Mavenhttp://www.sonatype.com/nexus/training

The Golden Repo is a Great First Step: October 15th at 12 EDT

Yes, Policies Can Speed Development: November 6th at 12pm EDT

Register Now - http://www.sonatype.com/request/nexus-webinar-series

http://www.sonatype.com/nexus/free-trial

https://plus.google.com/u/0/events/cfopeju15jdp61fv76kv3a8n0bs

https://plus.google.com/u/0/events/cfopeju15jdp61fv76kv3a8n0bs

http://www.sonatype.com/nexus/training

http://www.sonatype.com/request/nexus-webinar-series



4 Outcomes of an Advanced Repo Manager Strategy

Technology

component management

component security

component risk

component revolution

component usage

basic repository management

sonatype nexus pro

sonatype clm