Sonatype Nexus Repository Review

If there are any issues in build security, it picks them up right away


What is our primary use case?

We use it as a repository for build artifacts. We have 300 developers and most of them use Nexus Repository to do their builds.

They are mostly stream-mode applications, as well as front-end Angular applications. We definitely pull down most of the main dependencies, binaries, build artifacts, and release candidates.

How has it helped my organization?

We use it for open-source governance, that's one of its every day uses. We have so many applications and so many services.

What is most valuable?

If there are any issues in build security, it can pick them up straight away.

What needs improvement?

We had some issues with the container platform, but we raised a support ticket and it was sorted out for us.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

So far we haven't had any issues. But when we go into the container world we might, because we haven't gone into the container world yet.

What do I think about the scalability of the solution?

We've had no issues, as of now, with the scalability. We have been licensed for 250 users for the Repository and we haven't found any issues. The users' roles are DevOps, pure developers, and some of them are testers. As for deployment and maintenance of the solution, that comes under DevOps. Some of the DevOps guys are supporting the platform as well as doing the builds and setting up the pipelines, etc.

How are customer service and technical support?

I talk to Camden from Sydney, and he's been helpful. I've never had any issues with him. Amar has been a very good support resource as well, including help with the documentation.

If you previously used a different solution, which one did you use and why did you switch?

They were using Artifactory before, and they were not happy.

How was the initial setup?

Nexus is pretty straightforward. It's not complex. We didn't have any issues. The deployment took a couple of hours from start to end.

In terms of an implementation strategy, we started off pretty simply, just setting up a server, making sure that the server was connected to the internet. We then pulled everything from down from the internet and set up the Nexus server. We then gave proper access to the developers who wanted to use it.

What about the implementation team?

Our deployment was entirely internal.

What was our ROI?

We just got a license for 250 at the end of December, so people have just started using it recently. Previously, the guys who were using it were using the open source license. So we don't have any evaluation of ROI yet.

Which other solutions did I evaluate?

I'm not sure if they evaluated other products. But people have used Nexus a lot and they are quite comfortable with it.

What other advice do I have?

It's definitely worth looking into as a DevOps tool, which can be integrated into the build pipelines.

We use the Nexus Repository but now we are definitely planning to increase the usage.  We are looking at the Lifecycle and Firewall products as well. This is the first time we have started looking into this aspect of Dev Lifecycle Ops. That's in the process of evaluation and, once all the evaluation is done, we will consider it. The build Repository is definitely the main application but to make sure whatever we do is secure and compliant, the Lifecycle is looking to be more important.

I rate the product at eight out of ten. The two points are because it's still somewhat unknown, we haven't used it intensively.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest

Sign Up with Email