The Component Lifecycle Management Company 4 Outcomes of an Advanced Repo Manager Strategy What a Repository Can Do for You Go Fast. Be Secure. The Webinar will start at 12 PM EDT Tweet your thoughts: #sonatype
Jun 14, 2015
The Component Lifecycle Management Company
4 Outcomes of an Advanced Repo
Manager StrategyWhat a Repository Can Do for You
Go Fast. Be Secure.
The Webinar will start at 12 PM EDT
Tweet your thoughts: #sonatype
The Component Lifecycle Management Company
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 -
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
Re
qu
est
s in
Mill
ion
s
8 BillionRequests in 2012
Growth Drivers
Mobile Cloud
Web Apps Big Data
The Component Revolution
#sonatype
The Component Lifecycle Management Company
90%Assembled
A Sea Change in Application Development
Written
Source: 2012 / 2013 Sonatype analysis of more than 1,000 enterprise applications
#sonatype
The Component Lifecycle Management Company
A Highly Complex Ecosystem
Complexity Diversity Volume Change
One component may rely on 00s
of others
40,000 Projects200MM Classes
400K Components
Typical EnterpriseConsumes 000s of
Components Monthly
Typical Component is Updated 4X
per Year
#sonatype
The Component Lifecycle Management Company
The Need for Repository Management
Why Use a Repository?
Reduce Build Times by proxying cloud repositories and caching components locally.
Improve Collaboration by providing a central location to store, manage, and share common components used across developers and teams.
Enhance Control by providing a mechanism to observe, manage, and govern component usage.
#sonatype
The Component Lifecycle Management Company
Nexus Professional & Nexus Pro CLM Edition
Go Beyond Basic Repository Management
Deliver on time with smart proxy to ensure your repos are always available and your teams are in sync.
Meet quality standards with automated control of release management staging and promotion.
Make intelligent decisions by validating the health of the components in your repository.
Protect your assets with access control and secure connectivity to the Central Repository.
#sonatype
Nexus Pro: the foundation for complete Component Lifecycle Management
The Component Lifecycle Management Company
Exclusive Pro Features: Smart Proxy
Reduce build times, improve availability and keep teams in sync with Nexus Smart Proxy.
#sonatype
The Component Lifecycle Management Company
Smart Proxy & Component Storage Options Speed Development Efforts
Faster build times since all components & dependencies are available locally.
Better reliability since you are not dependent on public internet and external network access.
Constant availability eliminates unplanned downtime using Nexus HA configuration option.
Free your source control system of components & their dependencies (they don’t need to be version controlled).
Facilitate collaboration & sharing for internal and external teams.
Simplify access to components using a single virtual location where developers access their components.
#sonatype
The Component Lifecycle Management Company
Exclusive Pro Features: Repository Health Check
Repository Health Check lets you assess the security, licensing and popularity of your components.
#sonatype
The Component Lifecycle Management Company
Repository Health Check Allows you to Analyze Component Risk
Avoid using tainted components that put your organization at risk – security & licensing risk.
Quickly assess your security posture by viewing a breakdown of vulnerabilities based on severity and threat level.
Quickly analyze your license risk by viewing the licenses by category and number of conflicting licenses.
Easily perform detailed analysis by drilling into comprehensive license and security analysis.
Repo analysis is good starting point for CLM which applies policy to staging and promotion and extends component management throughout the software lifecycle.
#sonatype
The Component Lifecycle Management Company
Exclusive Pro Features: Build Promotion and Staging
Streamline workflow and control how components flow through development, QA, and production with Nexus Pro staging.
#sonatype
The Component Lifecycle Management Company
Nexus Pro CLM Edition: Use Policy to Manage Releases
Define and enforce build promotion and staging rules based on component security,
licensing, and popularity information.
#sonatype
• Policies can be defined based on security, licensing & quality metadata
• Releases can be stopped, warnings created & notifications generated
• Other enforcement points available as part of Sonatype CLM
The Component Lifecycle Management Company
Staging & Promotion with Automated Policies Provides Better Release Management
Easily manage releases by creating isolated candidates that can be promoted or discarded based on release tests.
Manage release promotion for “dev to test to prod” & coordinate releases between multiple project teams (for example GUI, Data Services, & Business Logic teams).
Improve collaboration between internal and external development teams through controlled sharing of releases.
Automated policy provides control with minimal effort, ensuring that releases meet your security, licensing & architecture policies.
#sonatype
The Component Lifecycle Management Company
Exclusive Pro Features: Access Control & SSL
Control access with LDAP and user tokens. Atlassian Crowd supports Single Sign-On efforts.
Communications with the Central Repository are SSL encrypted to prevent man-in-the-middle attacks.
#sonatype
The Component Lifecycle Management Company
Nexus Security Ensures Trusted Access & Component Delivery
Ease administrative burden & support authentication failover by using LDAP to support authentication.
Strengthen authentication efforts with user tokens that eliminate the need to store plaintext passwords.
Simplify access to Nexus by providing your users the ability to leverage Nexus using Single Sign-On.
Protect your critical assets by partitioning repositories to permission individual sets of assets.
Ensure the components you download are delivered securely by using SSL to support a tamper resistant connection to the Central Repository.
#sonatype
The Component Lifecycle Management Company
Foundation for Agile, Component-Based Development
Nexus Pro: Repository Foundation for Complete Component Lifecycle Management
Extend component management to your entire software development including your IDE, & build/CI/CD process.
Ensure your production applications are trusted using the Sonatype CLM to monitor & identify newly discovered vulnerabilities.
#sonatype
The Component Lifecycle Management Company
Sonatype Product Family
Nexus OSS
Sonatype CLM Component Lifecycle Management• Centrally define governance policies• Enforce throughout the lifecycle• Integrate with existing developer tools• Build security in from the start• Continuous trust for production apps
Sonatype Nexus Repository Management• Improve collaboration• Controlled release process
Industry standard open source repository manager
Nexus Pro
Enterprise features, enterprise support
Nexus Pro CLM Edition
Component governance in the repo
Sonatype CLM
Nexus OSS Repository• Speed Builds
#sonatype
The Component Lifecycle Management Company
Questions
The Component Lifecycle Management Company
Don’t Miss the Rest of the Nexus Series
#sonatype
Download a Free Trial – Updated Trial Guide and New Ant & Gradle Samples http://www.sonatype.com/nexus/free-trial
Join Nexus Live – An Insider’s Tech Talk with Product Experts https://plus.google.com/u/0/events/cfopeju15jdp61fv76kv3a8n0bs
Take a Training Course- Full Day Training to Maximize use of Nexus & Mavenhttp://www.sonatype.com/nexus/training
The Golden Repo is a Great First Step: October 15th at 12 EDT
Yes, Policies Can Speed Development: November 6th at 12pm EDT
Register Now - http://www.sonatype.com/request/nexus-webinar-series