Sonatype Nexus Repository Overview

Sonatype Nexus Repository is the #1 ranked solution in our list of top Software Distribution tools. It is most often compared to JFrog Artifactory: Sonatype Nexus Repository vs JFrog Artifactory

What is Sonatype Nexus Repository?
Nexus Repository is powered by Repository Manager, the same technology engine found in our OSS version deployed at more than 100,000 organziations world-wide. It is Built on the shoulders of Maven, Repository Manager supports all popular component formats and brings your entire development organization together. It includes staging and release functionality that provides support for operations and quality assurance processes prior to production and gives you instant insight into potential component security, license, and quality issues, enabling teams to take corrective action early and quickly.

Sonatype Nexus Repository is also known as Nexus Repository, Nexus Repository Manager.

Sonatype Nexus Repository Buyer's Guide

Download the Sonatype Nexus Repository Buyer's Guide including reviews and more. Updated: January 2021

Sonatype Nexus Repository Customers
Goldman Sachs, Toyota, Disney, Deutsche Bank
Sonatype Nexus Repository Video

Pricing Advice

What users are saying about Sonatype Nexus Repository pricing:
  • "One of the challenges we had around licensing was how to deal with anonymous requests. According to the letter of the contract, an anonymous request consumes a license. We had to do some work to get over the fact that any anonymous interactions with the Repository product had to be put back to an end-user account."
  • "Nexus Repository Manager Pro is quite affordable because it's about €100, per user, per year. Purchasing licenses was not really a big issue for us. Regarding Nexus IQ, it's much more expensive. We purchased 250 licenses and they cost us about €120,000."
  • "In my opinion, the pricing is very fair and very customer-oriented. It's much better than any other tool I have used so far."
  • "It's quite expensive. They are charging around $110 or $120 per user, per year. It's quite expensive in comparison to the other tools available in the market."
  • "It seems like a fair price, based on other software solutions I've purchased."

Sonatype Nexus Repository Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
ColinStandish
Project Manager at a hospitality company with 10,001+ employees
Real User
Top 20Leaderboard
Oct 16, 2019
Vastly improved our whole release cycle; automated processes help to deliver code

What is our primary use case?

We happily use containers as a way of scaling out microservices so we use Nexus Repository for the management of containers, as a kind of repository. That's about 50 percent of what we use it for. The other side is that it is used for application and development artifacts. We use it to track artifacts in a repository so we can deploy software code. It's not a code library because we GitLab as well. It's more for the compartmentalized aspect that fits in and we can redeploy those on-demand. The way we deploy it is private cloud, ultimately. We have an internal cloud infrastructure that we… more »

Pros and Cons

  • "The key benefit we get from it is speed to delivery. It has improved our overall time to get new applications out with new code. That's true whether from a platform perspective, where we are quickly deploying up-to-date docker containers, or whether we are looking to deploy new code out to deliver a new application."
  • "We've had some challenges around the database they use. We've had some big outages and it's due to the fact that we haven't found the database they use is all that stable... We've had some really positive conversations with Sonatype around that and they've provided us with the support and special services to help us migrate off of that, on to another type of database platform which we have more control over."

What other advice do I have?

Talk to Sonatype about how flexible they can be around their licensing. We did purchase 500 licenses, but initially we were around 20. Rather than paying for the whole thing, I would say, "If we commit to the 500 over a particular period of time..." and have that conversation about what a realistic ramp-up would be. See if you can be charged for the number of users you have, rather than paying for 500 users but only using 20, which is what we did. It wasn't an effective use of money at that point. If I was doing it again, I'd have a better commercial conversation with them around how we could…
Christophe Arnaud
Engineering Manager at a tech vendor with 10,001+ employees
MSP
Jul 4, 2019
Enables us to store and manage access rights for sharing components among teams, but some repository formats are not supported

What is our primary use case?

We are primarily using Nexus Repository Manager to store the components we are building and to share them among our teams. We are also using it to get a cache from older, available public repositories which we need to build our projects. Regarding Nexus IQ, we are using it mainly to scan our projects to see the security vulnerabilities that may be occurring in our products.

Pros and Cons

  • "The most important feature of Nexus Repository Manager is the storing and sharing of components. For Nexus IQ, it's the scanning of projects and the rating of vulnerabilities and license violations that we may have in our products."
  • "[A] main feature that is missing in Nexus IQ is the ability to explore the history of the different reports that have been generated for a given product. For the time being, in the Nexus IQ UI, we are only able to browse the latest reports that have been generated for a given product. It would be really useful for us to be able to go back in time by browsing through the reports and to have a tool that would give us the evolution of the metrics."

What other advice do I have?

Before deploying Nexus Repository Manager, really focus on the architecture that will be deployed. It will impact all the users who will have to use Repository Manager, especially if they are quite far from the central server. Think about deploying Nexus Repository Manager locally in order to help. Local users get their information faster and in a more efficient way. Regarding Nexus IQ, I would say the opposite: Try to be as central as possible and to have the fewest Nexus IQ servers to meet your needs, because the more you have, the more you will spread the information, and the less you'll be…
Learn what your peers think about Sonatype Nexus Repository. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,719 professionals have used our research since 2012.
Hagen Rahn
Senior Software Engineer at SYSTEMA Systementwicklung Dipl.-Inf. Manfred Austen GmbH
Real User
Top 20Popular
Feb 22, 2019
Provides a central platform for storing build artifacts, saving us significant maintenance and hardware costs

What is our primary use case?

The primary use case is to store good artifacts our company has produced and proxy external artifacts to help reduce the outgoing traffic and to filter specific components which are known to be vulnerable.

Pros and Cons

  • "The primary feature is that I now have the ability to provide a central platform for storing build artifacts; a concise way for any project team to store its build with us."
  • "I'm waiting for hot publication between several Nexus instances. That's more important for me right now because in our company we have several locations distributed all over the world, and each location is producing its own artifacts, sometimes for the same project. I really would appreciate a scenario where the developers could provide their data to the local repository and it would be hot-replicated to the other repository instances."

What other advice do I have?

Our company is about 25 years old. When we started developing stuff in Java, we didn't have much tool support and, as we are a company that integrates other systems, we basically built our own tools. That's quite nice if you can do it, but it is always a burden to maintain. That was another aspect we had in mind. We wanted to reduce the maintenance of self-created systems and to get our administrators to use a standardized toolchain. That really helped to reduce their efforts and keeps us up to date with current developments in the business. As you know, software development is something that…
Architec9c59
Architect at a consultancy with 1,001-5,000 employees
Real User
Leaderboard
Mar 7, 2019
Sanitized our development lifecycle, we now know where people will store their software

What is our primary use case?

At the moment we use it as storage, as a repository, the proxy to internet repositories, and for internal storage of our binaries. But we are looking seriously into using it for compliance to policy, for open-source dependencies that may have security issues or contradictory license usage. If certain dependencies do not comply with our licensing policies, then we want to be able to identify them. We are very interested in it to ensure the traceability of our open-source dependencies, to make sure that we are not using dependencies that could cause problems in the future, that could cause… more »

Pros and Cons

  • "For us, the ability to do proxying and federations of repositories is very important. It gives us flexibility. We are the largest physics research laboratory in the world. With 12,000 people, we need to have good solutions to federate organizations inside our lab."
  • "It has very good enterprise integration, so we are able to integrate it with the rest of our infrastructure for authentication, for role management. That is very useful."
  • "We feel that if the product could be configured more easily through configuration files, instead of API calls and databases, that would make it easier to integrate with other DevOps tools. This is one of the hurdles that we encountered when we tried to integrate Nexus 3 with our OpenShift installation."

What other advice do I have?

My advice would be to think about the scalability. I would really advise everybody to go for it, to go for having repositories in their organization, to make their software and even hardware development more organized. Go for it, adopt one. We are using the latest version of Nexus 2. We are in the process of rolling out Nexus 3 on a much wider scale. In terms of using the solution to manage binaries, build artifacts, and release candidates across the DevOps pipeline, I would say yes, we're doing so. We're not as well-developed in terms of DevOps as other organizations, but we are certainly…
Kulbhushan Mayer
DevOps Practitioner at a financial services firm with 5,001-10,000 employees
Real User
Leaderboard
Mar 12, 2019
We are able to manage multiple central repositories, but it lacks the ability to move repositories between instances

What is our primary use case?

We are using this tool for our Java, .NET, AngularJS and Node.js. Apart from that, we have recently built a solution to utilize this tool for Docker images as well.

Pros and Cons

  • "The searching capability is good... and we are managing multiple central repositories."
  • "I onboarded .NET, then I onboarded JS. And about six or eight months back, I onboarded Python. And I am about to onboard Docker. The availability of integrations allows me to do this."
  • "They should have some feature where we can move a specific repository from one instance of Nexus to another instance of Nexus. As of now, this feature doesn't exist."
  • "They should have the ability to support multiple data centers. That is actual scalability and, in effect, high-availability."

What other advice do I have?

If you have the ability to implement this tool within your team by yourself, go with the open-source solution that they have, rather than going ahead with the paid solution. I started with the 2.2 version but two weeks back I upgraded to 3.15. Before that, I was using 3.14 and prior to that I was on 3.9. The clean-up policies have been improved: How we manage our changes, how we manage our artifacts, how much we need to keep, and how much we want to remove. That has effectively improved. In addition, slowly they have onboarded multiple technologies. As I mentioned, I started just with Java and…
SeniorApba61
Senior Application Architect at a financial services firm with 10,001+ employees
Real User
Leaderboard
Mar 12, 2019
Hosting libraries that can be used across multiple teams helps improve productivity

What is our primary use case?

We are using Nexus Repository as a Java repository for our libraries. We cannot host proxy libraries because we don't have access to the internet. We're downloading libraries manually and then uploading them to our Nexus repositories. That's the current approach. We not only upload open-source libraries but also our own libraries that we developed.

Pros and Cons

  • "The core features are the most important: We can host libraries, upload them, and they can be used across multiple teams."
  • "When it comes to uploading NPM libraries, JavaScript dependencies libraries, it is a little bit of a convoluted process. They need to improve uploading libraries for NPM-type repositories."

What other advice do I have?

Try to leverage most of the feature set. The security scans are a great feature. When the open-source libraries are downloaded, Nexus can provide an automated solution to certify them for use. It might be a good idea, as well, to make this product part of the build pipeline, so you don't have to build every time. In terms of managing binaries, build artifacts and release candidates across the DevOps pipeline, we are not using Nexus for checking our artifacts in the build pipeline. We do utilize Nexus if I create a utility library in a project and this library needs to be used across ten other…
Anthony Evans
Chief, Enterprise Automated Deployment (EAD) Branch at a government with 11-50 employees
Real User
Top 20Leaderboard
Feb 28, 2019
Helps ensure that developers utilize the safe open-source components we provide to them

What is our primary use case?

Our primary use case is as a manager and storage location for open-source software components. We utilize the Nexus repository to store safe open-source components that our developers can utilize in their applications, as opposed to their going out to the internet and getting potentially unsafe versions of the open-source components. We use it to manage binaries both in the IMR and in staging. Our biggest use of the software, as stated before, is to store open-source software components for user applications. The second biggest use is as a staging repository. We'll stage binaries for changes… more »

Pros and Cons

  • "One of the most valuable features is the variety of permissions you can use on the repository. That helps us protect access to the information inside of the repository."
  • "I would like to see them build in some scanning features out-of-the-box, as opposed to only getting them by buying the add-ons of Nexus IQ Server. I would like to see some level of ability to filter in the tool itself, through scanning the binaries in there."

What other advice do I have?

Make sure you know how you want to use it, and set up your rules, processes, and policies before you implement it. Their customer service is pretty good. Their software does what it says it does. They've got another component add-on we're looking to purchase that will assist us. Sonatype has business relationships with other companies which sell their software, and their name is known in the DevOps world. They're a stable company and have a stable product. In terms of the number of users using our Nexus Repository, just about every developer who programs in Java has to use one portion of it…
Yogesh Shetty
Senior Information Technology Specialist at a financial services firm with 5,001-10,000 employees
Real User
Leaderboard
Feb 26, 2019
If there are any issues in build security, it picks them up right away

What is our primary use case?

We use it as a repository for build artifacts. We have 300 developers and most of them use Nexus Repository to do their builds. They are mostly stream-mode applications, as well as front-end Angular applications. We definitely pull down most of the main dependencies, binaries, build artifacts, and release candidates.

Pros and Cons

  • "If there are any issues in build security, it can pick them up straight away."
  • "We had some issues with the container platform, but we raised a support ticket and it was sorted out for us."

What other advice do I have?

It's definitely worth looking into as a DevOps tool, which can be integrated into the build pipelines. We use the Nexus Repository but now we are definitely planning to increase the usage. We are looking at the Lifecycle and Firewall products as well. This is the first time we have started looking into this aspect of Dev Lifecycle Ops. That's in the process of evaluation and, once all the evaluation is done, we will consider it. The build Repository is definitely the main application but to make sure whatever we do is secure and compliant, the Lifecycle is looking to be more important. I rate…