Sonatype Nexus Repository Reviews

Our primary use case of this solution is for our CICD pipeline, to build and store our artifacts in the repository. I'm the principal engineer and we are customers of Sonatype. 

We previously used a clunky system that required logging on to AWS IAM before reaching out to the CodeArtifacts and it would then expire after 12 hours. This required additional maintenance for developers so we were looking for a more efficient solution. Nexus provides a single sign-on that doesn't expire unless you change your password. The developer logs in once for the entire day which increases efficiency and helps the developer to more easily maintain the workflow.

In comparison to solutions like JFrog, Nexus provides ease of use. Navigation on the UI is easy and simple to understand. In addition, the integration with the rest of our CICD tools like Jenkins and GitLab CI is pretty seamless with very little additional work that needs to be done. Sonatype is feature-rich, even in the open-source version and what they offer is easy to understand, nicely documented and it fits very well into our environment.

One issue is that Nexus Repository doesn't have an end-to-end solution that helps developers easily sign an image and store it or to deploy that image if it's not signed. We're looking for other tools to help us with that. We'll continue to use Nexus but only for storing our artifacts. It would be great if Nexus had some features to help us maintain our container images as well. The solution could be more intuitive.

We are using goharbor for our container registry. It has a feature that helps us to define a pattern and other features that have allowed us to configure the container images more easily. In that sense, Nexus is not as feature-rich. I'm hoping that the features we use on goharbor will be integrated into Nexus and then we won't need as many tools to run our infrastructure. 

I've been using this solution for five years. 

Stability is not entirely the responsibility of Nexus. The cloud provider needs to provide stability on the backend side as well. We haven't had any problems and the solution is stable. 

We haven't reached the scalability stage yet but I'm quite sure that it is pretty solid because as long as you're using a backend that supports high availability, it will be fine. We have around 150 users who are mainly engineers.

We haven't needed to use technical support. 

The deployment is straightforward and the solution is very easy to set up. If the solution is only for a lab playground, everything will run in one container, and that's easy. If additional configuration is required for production usage in a high availability area then deployment will be more complex. We have in-house engineers who do this for us. 

We are using the open-source solution which is free.

It's important to know that the solution will not be able to fit perfectly with your use case and other tools will be required.

I would rate this solution nine out of 10. 

Sonatype Nexus Repository is our content repository for the programs we are developing.

It has enhanced the pipeline. It's a critical part of the DevOps infrastructure.

While there are not many features, they're all useful, particularly the ability to store and retrieve content, and to proxy all of the features that an enterprise repository manager should have.

I would like to see multifactor authentication implemented.

The only thing that I would like to see is multifactor authentication. This is a critical feature that must be included.

I have been working with Sonatype Nexus Repository for a couple of years.

We are using the most recent version.

It is a cloud, but it is limited to our company and is hosted by AWS and Azure.

Sonatype Nexus Repository is stable. It's solid.

Sonatype Nexus Repository is scalable, we are able to scale both vertically and horizontally. We haven't had any problems either way.

My current program has about 100 users, but they are not users, but rather a pipeline. The primary user is the pipeline. This solution is used hundreds of times throughout the day by the pipeline.

It's a critical piece of our infrastructure.

Technical support is excellent.

If you have a support license, which we do, it's very good. They are extremely competent, and they know what they are doing.

We have corporate licenses, for  SonarQube and Sonatype Nexus Lifecycle.

I am not sure how long we have had corporate licenses. Sonatype offers several products, including Nexus, Nexus Repo, and Nexus IQ, which I have worked with for a few years,  perhaps two, or three years.

The initial setup is straightforward.

The complexity of the setup varies depending on the type. The LFS type was essentially a three. Other repo types were a ten.

The deployment process was very simple, taking only a few hours.

We are integrators. 

I completed the implementation. It's fairly simple to integrate.

Maintenance requires very little staff.

I can't quantify it, but we couldn't execute our pipeline without it.

It's a corporate license, but I'm not sure how much it will cost.

There were costs in addition to the standard licensing fees. The standard is free.

It was already in place, but I am satisfied with it.

It should be integrated and become a part of your pipeline as soon as possible. The earlier you start, the better.

I would rate Sonatype Nexus Repository an eight out of ten. A score of eight, because, the multifactor is critical. That's why it loses a couple of points.

We are using Sonatype Nexus Repository for capturing or creating our software bill of materials, such as Maven, Python, no NPM, and Node.js Repos. They are open-source packages that we've scanned and that we want to keep as is. Additionally, we use it for our snapshots and releases of our own binaries.

The most valuables features of the Sonatype Nexus Repository are you can block any uploads that you do not want. For example, from Maven. Even though someone will try to create a pump file with a package not currently in our repository, they can go and get it, but it won't store it into the Sonatype Nexus Repository and therefore won't be propagated across the enterprise.

Sonatype Nexus Repository could improve by making the experience working with CI/CD pipelines, such as GitHub Action or GitLab better.

I have been using the Sonatype Nexus Repository for approximately 

The stability of the Sonatype Nexus Repository is good, we did not have any performance issues.

I did not use technical support.

The initial installation of the Sonatype Nexus Repository is straightforward.

My advice to others wanting to implement the Sonatype Nexus Repository is to make sure that it supports the language they are developing in. If you're a .NET developer, that would be a difficult language to use. However, if you want to do docker images, make sure you know what kind of docker to do.

I rate Sonatype Nexus Repository an eight out of ten.

I have found managing the artifact features very useful.

They could improve the user interface and REST APIs. I found that JFrog has multiple features as compared to Nexus Artifactory. JFrog is more advanced, so it has many good features. The REST API is good. The CLI and the integration with other build tools are quite good in JFrog, so comparatively I found the Nexus has to improve a lot.

I have been using Sonatype Nexus Repository for the past year.

The stability of Sonatype Nexus Repository is very good.

I found that Sonatype Nexus Repository is scalable in multiple cases.

The technical support is good, although I have not had to work with the technical support a lot.

The setup was relatively easy and did not take a long time.

I currently use the open source version and enterprise version with my client. The cost is managed by the client.

I would rate Sonatype Nexus Repository an eight out of ten.