{pro} and {oss} manage software components required for development, deployment, and provisioning. If you develop software, the repository manager can help you share those components with other developers and end users. It greatly simplifies the maintenance of your own internal repositories and access to external repositories. With {pro} and {oss} you can completely control access to, and deployment of, every component in your organization from a single location.
The repository manager is available in two editions:
-
{oss}
-
{pro}
The basis of all versions is formed by {oss}. It is licensed under the Eclipse Public License version 1.0 and can be used to get started with component and repository management. It provides a plugin infrastructure for all its features and supports numerous repository formats out of the box.
{pro} builds on top of the numerous features of {oss} and adds component information integration, improvements for the release process, improved LDAP integration and other features typically required by enterprises and advanced users.
Integration of {pro} with the {iq} makes your component management policies and rules configurable and actionable and provides further automation and integration with numerous tools to advanced users.
Upgrades from {oss} can be easily performed. This makes {oss} an easy, yet powerful solution to get started with component and repository management. {pro} adds further features as well as full support by Sonatype.
- TIP
-
Check out [concepts] for more background on repository management in your software development life cycle.
{oss} provides you with an essential level of control over the external repositories you use and the internal repositories you create. It provides infrastructure and services for organizations that use repository managers to obtain and deliver software. If you create software libraries or applications for your end users, you can use {oss} to distribute your software. If your software depends on open source software components, you can cache software components from remote repositories.
- Hosting Repositories
-
When you host a repository with {oss}, you can upload components using the interface, or you can deploy components to hosted repositories using a build tool. The repository manager also creates the standard index for all of your hosted repositories, which will allow tools to rapidly locate software components for your developers.
- Proxy Remote Repositories
-
When you proxy a remote repository with {oss}, you can control all aspects of the connection to a remote repository, including security parameters, and HTTP proxy settings. You can configure how long the repository managers stores components, and how it will expire components which are no longer referenced by your build.
- Repository Groups
-
Grouping repositories allows you to consolidate multiple repositories into a single URL. This makes configuring your development environment very easy. All of your developers can point to a single repository group URL, and if anyone ever needs a custom remote repository added to the group, you can do this in a central location without having to modify every developer’s workstation.
- Numerous Repository Formats
-
The concepts of hosted repositories, proxy repositories and repository groups are supported for a number of repository formats such as Maven 2, NuGet, NPM, RubyGems or YUM. This allows you to facilitate one repository manager to bring the same advantages to all developers in a team relying on different technologies and build tools including Apache Maven, Apache Ant with Apache Ivy or Eclipse Aether, Gradle, SBT, .Net, Node.js, Ruby and many others.
- Hosting Project Web Sites
-
The repository manager is a publishing destination for project web sites. While you very easily generate a project web site with Maven, without {oss} or {pro}, you will need to set up a WebDAV server and configure both your web server and build with the appropriate security credentials. With the repository manager, you can deploy your project’s web site to the same infrastructure that hosts the project’s build output. This single destination for binaries and documentation helps to minimize the number of moving parts in your development environment.
- Fine-grained Security Model
-
{oss} ships with a very capable and customizable security framework that can be used to configure user interface as well as component access. Every operation is associated with a privilege, and privileges can be combined into standard roles. Users can then be assigned both individual privileges and roles that can be applied globally or at a fine-grained level. You can create custom administrative roles that limit certain repository actions, such as deployment to specific groups of developers, and you can use these security roles to model the structure of your organization.
- Flexible LDAP Integration
-
If your organization uses an LDAP server, {pro} and {oss} can integrate with an external authentication and access control system. The repository manager is smart enough to be able to automatically map LDAP groups to the appropriate roles, and it also provides a very flexible facility for mapping existing users and existing roles to roles.
- Component Search
-
{oss} provides an intuitive search feature which allows you to search for software components by identifiers, such as groupId, artifactId, version, classifier, and packaging, names of classes contained in Java archives, keywords, and component sha1 checksums. In addition the repository manager can automatically download the index from remote repositories. This allows discovery of components available in these remote repositories without prior downloads.
- Scheduled Tasks
-
{oss} has the concept of scheduled tasks: periodic jobs which take care of various repository management tasks, such as deleting old snapshots, evicting unused items, and publishing repository indexes.
- REST Services
-
{oss} is based on a series of REST services, and when you are using the web front-end UI, you are really just interacting with a set of REST services. Because of this open architecture, you can leverage the REST service to create custom interactions or to automate repository management with your own scripts.
- Integration with m2eclipse
-
When you use {pro} or {oss} as a repository manager it creates indexes that support the Maven integration for the Eclipse IDE -M2Eclipse. They are immediately available to the project creation wizards and are included in search results in the IDE and other operations with dependencies and plugins.
{pro} is designed to meet the needs of the enterprise and builds upon solid foundation and features provided by {oss}. It acts as a central point of access to external repositories and a central distribution point with the intelligence required to support the decision that go into making quality software.
- Rich Component Information
-
The {ds} provide up-to-date and accurate information about known component security vulnerabilities as well as license issues found by component source inspection. This information is available in {pro} and helps your users with their component choice.
- Staging Suite
-
When was the last time you did a software release to a production system? Did it involve a QA team that had to sign off on a particular build? What was the process you used to re-deploy a new build if QA found a problem with the system at the last minute? The Staging Suite provides workflow support for the release process of binary software components. If you need to create a release component and deploy it to a hosted repository, you can use the Staging Suite to post a collection of related, staged components which can be tested, promoted, or discarded as a unit. The repository manager keeps track of the individuals who are involved in a staged, managed release and can be used to support the decisions that go into producing quality software.
- Support for OSGi Repositories
-
{pro} adds support for OSGi Bundle repositories and P2 repositories for those developers who are targeting OSGi or the Eclipse platform. Just like you can proxy, host, and group Maven 2, NuGet or NPM repositories with {oss}, {pro} allows you to do the same with OSGi repositories.
- Enterprise LDAP Support
-
{pro} offers LDAP support features for enterprise LDAP deployments, including detailed configuration of cache parameters, support for multiple LDAP servers and backup mirrors, the ability to test user logins, support for common user/group mapping templates, and the ability to support more than one schema across multiple servers.
- Support for Atlassian Crowd
-
If your organization uses Atlassian Crowd, {pro} can delegate authentication and access control to a Crowd server and map Crowd groups to the appropriate roles.
- Maven Settings Management
-
{pro} along with the Nexus M2Settings Maven Plugin allows you to manage Maven settings. Once you have developed a Maven Settings template, developers can then connect to {pro} using the Nexus M2Settings Maven plugin which will take responsibility for downloading a Maven settings file from the repository manager and replacing the existing Maven settings on a local workstation.
- Custom Repository Metadata
-
{pro} provides a facility for user-defined custom metadata. If you need to keep track of custom attributes to support approval workflow or to associate custom identifiers with software components, you can use the repository manager to define and manipulate custom attributes which can be associated with components in a repository.
Integration of {pro} with the {iq} can be used to define component usage policies and automate the enforcement during the release process with the Staging Suite and display application specific component information.
- Component Usage Policies
-
The {iq} allows you to define component usage policies in terms of security vulnerabilities, license issues and many other characteristics of the used components.
- Release Policy Enforcement
-
The Staging Suite can be configured to use application-specific policies for automated release validation.
- Application Specific Component Information
-
The component information displayed in the {pro} can take the application-specific policies of your organization into account and display the specific validation result to the users.