Sonatype, the leader in software supply chain automation, today released the latest version of Nexus Repository, adding free support for seven of the most popular software component types. Additionally, Sonatype announced that Nexus Repository has now surpassed 100,000 active installations, including a majority of the Fortune 100, and continues to experience massive growth in usage. Over the last three years, active Nexus Repository installations grew 240%.
“Nexus Repository is now fluent in seven of the world’s most popular software component ecosystems, benefiting more than 10 million developers,” said Wayne Jackson, CEO, Sonatype. “Our blend of public and proprietary data with expert research and analysis helps ensure only the best software components are being used to make the world’s software applications.”
As the world’s most popular repository manager, Nexus Repository offers free support for Java, npm, PyPl, Bower, RubyGems, and NuGet components. Nexus Repository also functions as a free, private, on-premise registry for Docker containers used by 400,000 people in DevOps and Continuous Delivery practices.
“Nexus Repository is a core piece of our Continuous Delivery pipeline and very much part of our software supply chain,” said Shannon Lietz, DevSecOps Leader at Intuit. “Nexus Repository delivers artifacts to all of our different environments and ensures consistency and quality across our software supply chain.”
Sonatype automates the evaluation of over a billion components a day for its Nexus user community and now delivers supply chain intelligence for npm packages. Each day, over 150 million npm packages are downloaded. Nexus Repository will now automatically analyze npm packages for security vulnerabilities and license risks. With 1 in 16 of the world’s component downloads known to have security vulnerabilities, this new capability will further improve the world’s software build quality.
Added Kohsuke Kawaguchi, Jenkins founder and CTO at CloudBees, “Repositories are a critical part of many Jenkins users’ Continuous Delivery and DevOps toolchains. Just like Jenkins, millions of people rely on repository managers for their day-to-day operations. It is great to see companies like Sonatype continue to make investments — like the support for Docker images — to keep this critical component strong.”
