Listing Thumbnail

    Sonatype Nexus Repository Pro (Self-Hosted)

     Info
    Sold by: Sonatype 
    Build fast with the world's leading artifact repository manager.

    Overview

    Play video

    Accelerate your DevOps pipelines and enterprise artifact management. Sonatype Nexus Repository  is the leading choice for a centralized, scalable, and secure solution at the heart of your DevOps pipelines. It supports your entire software supply chain, enabling efficient management of components, binaries, and build artifacts.

    Key Features:

    • Enterprise resiliency & replication: Improve your uptime with fast artifact availability, automatic failover, and component replication.
    • Universal format support: Work with the tools you already use in formats like Java, npm, NuGet, Docker, PyPI and RubyGems.
    • Advanced intelligence: Evaluate open source and third-party components for license types, security vulnerabilities, popularity, and age.

    As the industry-leading software supply chain management platform, the Sonatype Platform is the choice of organizations that are currently using or evaluating solutions such as Mend, Jfrog, Snyk, or GitLab. Sonatype provides a comprehensive and integrated solution for all aspects of the software development lifecycle, from secure development to release automation, helping organizations reduce risk and accelerate their time to market.

    Highlights

    • Support up to 18 package formats in a single deployment.
    • "If we want to know what production looks like, we should be able to look at our repository and know - from an infrastructure stack, from a library stack, from an application stack - exactly what is being deployed in production at any given time." - Bryson Koehler, EVP & CTO, Equifax.

    Details

    Delivery method

    Deployed on AWS

    Unlock automation with AI agent solutions

    Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
    AI Agents

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Sonatype Nexus Repository Pro (Self-Hosted)

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (2)

     Info
    Dimension
    Cost/12 months
    Maximum 18.0M requests per month, 300,000 total components
    $11,500.00
    Maximum 18.0M requests per month, 300,000 total components
    $11,500.00

    Vendor refund policy

    We do not offer a refund policy.

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Please contact your assigned Sonatype customer support representative for support.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Centralized Risk Management, Agile Lifecycle Management
    Top
    10
    In Continuous Integration and Continuous Delivery, Application Development, Security
    Top
    10
    In Agile Lifecycle Management, Source Control

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    0 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Package Format Support
    Supports up to 18 different package formats including Java, npm, NuGet, Docker, PyPI, and RubyGems
    Component Intelligence
    Advanced evaluation of open source and third-party components for license types, security vulnerabilities, popularity, and age
    Enterprise Replication
    Provides artifact availability with automatic failover and component replication capabilities
    Artifact Management
    Centralized repository management for software components, binaries, and build artifacts across development pipelines
    Software Supply Chain Security
    Comprehensive platform for managing and securing software development lifecycle components and dependencies
    Artifact Management
    Universal artifact repository supporting 40+ package and file types including machine learning models
    Security Scanning
    Comprehensive security solution with contextual vulnerability analysis, prioritization, and anti-tampering mechanisms across software development lifecycle
    Software Supply Chain Traceability
    Massively scalable platform providing end-to-end visibility and control across software development and deployment environments
    Vulnerability Detection
    Advanced security scanning for real-world risk analysis, exposure discovery, and early blocking of malicious open source packages
    DevSecOps Integration
    Hybrid platform integrated with multiple software package technologies and tools for consolidated enterprise development workflows
    Artifact Format Support
    Supports multiple artifact formats including Docker, Java, Go, PHP, Python, and other development ecosystems
    Access Control
    Implements role-based access controls for secure artifact management and repository access
    Repository Management
    Centralized repository for storing, publishing, and retrieving versioned applications and dependencies
    Operating System
    Deployed on Ubuntu 20.04 Linux distribution with optimized configuration
    Software Artifact Storage
    Provides private hosted repositories for managing software development artifacts and dependencies

    Contract

     Info
    Standard contract
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    26 external reviews
    Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
    Ardhiya C.

    Easy to use repository for sharing artifacts within team

    Reviewed on Mar 11, 2024
    Review provided by G2
    What do you like best about the product?
    I like that it is very easy to use. We are able to simple login to the repository as admins and view all the artifacts that are being used by various proxies and also by various teams. It is also helpful to upload binaries from any server and retrieve them using simple commands. We use Nexus Repository in our daily BAU activities in our devops team.
    What do you dislike about the product?
    I don't like the fact that there isnt a better UI for viewing logs. When you are logged in as admins and you would like to view and capture logs, we have to manually set the timer and keep scrolling rather than it being automated.
    What problems is the product solving and how is that benefiting you?
    We are able to centrally store artifacts and binaries required for our project. As a team, it is very easy to access these packages and also get version information effectively. Through this centralized repository, we are able to retrieve these artifacts and also their information and use it for developement or provide support to our project accordingly.
    Juan Diego P.

    Perfect solution for artifact management

    Reviewed on Jan 16, 2024
    Review provided by G2
    What do you like best about the product?
    Fit all my needs for artifact management. Easy to use, flexible, and easy to integrate into our CI/CD processes.
    What do you dislike about the product?
    Sometimes, it's difficult to understand all the different options provided, and default pricing plans don't always fit any company's needs.
    What problems is the product solving and how is that benefiting you?
    Single source of truth for our artifacts.
    CuneytGurses

    A stable solution that provides a central platform for storing build artifacts, saving us significant maintenance and hardware costs.

    Reviewed on Nov 09, 2023
    Review provided by PeerSpot

    What is our primary use case?

    Our primary tool is Sonatype Nexus Repository Manager. We use it for NPM, Maven, and Docker repositories. Additionally, we utilize Nexus Firewall for repository governance. Looking ahead, I'm considering implementing Nexus Repository Manager 3 as an alternative. This would help us manage packages from Nexus IQ Server and support various package formats such as NPM, Maven, and Docker.

    We rely on Sonatype Nexus Repository Manager as our main tool, employing it for NPM, Maven, and Docker repositories. In addition, Nexus Firewall plays a crucial role in our repository governance. As we plan for the future, I'm exploring the option of incorporating Nexus Repository Manager 3. This move would enhance our ability to manage packages from Nexus IQ Server and cater to different package formats like NPM, Maven, and Docker.

    What is most valuable?

    Primarily, the extensive support for a wide range of packages is a crucial factor. The effectiveness of new-age package managers is often determined by the breadth of packages they can handle. In this regard, Nexus Repository Manager 3 stands out for its comprehensive coverage, accommodating a vast array of packages widely utilized across the globe. This inclusivity enables easy access to a diverse range of packages, making it a pivotal aspect of its functionality.     

    What needs improvement?

    Particularly concerning OSF-type licenses, while they support a multitude of features, there's room for improvement in the single point transform, especially for grouping. It appears that currently, the grouping functionality is not robust, particularly for Docker images within a group. The support for this aspect seems to be contingent on the license type. For instance, with the Voss license type, there is a noticeable absence of support for this feature. This is an area that could benefit from enhancement in the upcoming updates.

    For how long have I used the solution?

    I have been using Sonatype Nexus Repository for five months.

    What do I think about the stability of the solution?

    I am, personally, quite satisfied with the stability and would rate it 8 out of 10. 

    What do I think about the scalability of the solution?

    I would rate the scalability of this solution a four out of ten. The reason being, it's not very scalable, and significant efforts are required to enhance scalability. There are noticeable limitations that need to be addressed for smoother scalability.Currently, there are approximately forty-eight users working with Nexus Repository in our company. As for future plans, I don't foresee a significant increase in the usage of Nexus Repository.

    How are customer service and support?

    While it's true that there is no explicit support for various license types, the summer type seems to be highly favored and encouraged among users. It holds a prominent position, perhaps earning a rating of seven for its effectiveness and user adoption.

    How was the initial setup?

    It is easy and I would rate it 8 out of 10.The entire deployment process, including installation, manual testing, and all implementation phases, typically takes around one week but only one person is usually sufficient to handle the entire deployment efficiently.

    What other advice do I have?

    I can confidently recommend this solution. The main reason is its stability. In comparison to other competitors, especially when I consider alternatives like Project X, Nexus stands out as a stable and reliable choice. This reliability is a key factor that makes me feel comfortable recommending it to other users. Based on its performance, I would rate it 8 out of 10. 

    Bernard Parinas

    Easy-to-scale product with a valuable scanning feature

    Reviewed on Nov 06, 2023
    Review provided by PeerSpot

    What is our primary use case?

    We use Sonatype Nexus Repository as a proxy for external packages for internet users. It also helps us manage internal packages and works as a repository for container images.

    How has it helped my organization?

    The product helped our organization improve runtime efficiency. We do not have to connect third-party vendors while building external packages or storing container-approved images. It allows end-to-end life cycle accessibility.

    What is most valuable?

    Sonatype Nexus Repository has a valuable internal scanner feature. It automatically scans external artifacts, such as Fortify SAST, before storing them in the repository.

    What needs improvement?

    There could be more add-on features for the product. They should provide automation for adding container images and artifacts in compliance with security requirements.

    For how long have I used the solution?

    We have been using Sonatype Nexus Repository for one year.

    What do I think about the stability of the solution?

    I rate the product's stability a seven out of ten. Sometimes, there are challenges in mitigating intermittent incidents. There might be factors such as network issues impacting communication.

    What do I think about the scalability of the solution?

    We have 20,000 to 40,000 end users for the product. It is easy to scale. I rate its scalability an eight out of ten. We use it 24/7.

    How are customer service and support?

    The technical support team takes time to respond and depends on the nature of the request. We have to keep contacting them. However, the process to create tickets is simple.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I have worked on POCs for different products.

    How was the initial setup?

    The initial setup is simple if you have access to container images. It is a seamless process for upgrading as well. Everything is well documented on the vendor’s official site. They form regular maintenance to comply with organizational requirements. They have a good maintenance process for updating and addressing issues. We have a team of 100 executives working on the current project to maintain components.

    What's my experience with pricing, setup cost, and licensing?

    I use the open-source version of the product, which is free of cost.

    What other advice do I have?

    I rate Sonatype Nexus Repository an eight out of ten. I advise others to update the business continuity plan for components regularly, i.e., semi-annually or quarterly. Use container images for the next migration or maintenance update. They should secure the user interface. Additionally, they should ensure a good storage process and plan a retention policy for all attacks.

    Which deployment model are you using for this solution?

    On-premises
    Axel Niering

    Provides proxy repository to Maven and stable solution

    Reviewed on Oct 06, 2023
    Review provided by PeerSpot

    What is our primary use case?

    It's our building background. We use it as a proxy repository to Maven, for example, and we use it to store our own good results and to bring them into production. So it's a turning point for this.

    How has it helped my organization?

    It works well together with the Nexus IQ. We can check our incoming artifacts from third parties with the help of the Nexus Secure server, which correlates with the Nexus support.

    And we can provide good results or products to customers where they can download it from there and bring it into production on servers or something like that. So it's everything in this field.

    What is most valuable?

    The quality of documentation is good. I can find what I'm looking for every time. Except, there are some mistakes or errors in the backpacks. So, in this case I have to contact support.

    What needs improvement?

    It is not as well-suited for managing NPM packages as it is for managing Maven packages.

    So, there are potential challenges in seamlessly integrating with non-Maven technologies.

    For how long have I used the solution?

    I have been using this for five years. I am using Sonatype Nexus Repository version 3.48.

    What do I think about the stability of the solution?

    The product has been stable since the deployment. I would rate the stability a nine out of ten. 

    What do I think about the scalability of the solution?

    We are not using any scaling mechanisms which are provided with this product. We would just use more CPU, something like that. But it's okay. There's not much need for scalability here. Not so many people are accessing the repository right now. So it works fine for us.

    There are over 130 end users using this solution. 

    How are customer service and support?

    The customer service and support are good because if there are some problems, we can open a ticket there. And usually, we get help within a day at the latest. Often much earlier.

    They are good regarding their speed of response, and the staff is very good. 

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup was not challenging. We've changed from Nexus 2, which we have used earlier. So, this was a migration process, which was just a simple turn-on. Just that system is a step on, but however, it worked fine. So there was no real problem. 

    What about the implementation team?

    The deployment took around two months. Two to three people were involved in the process.

    We have around five administrators for the solution.

    What's my experience with pricing, setup cost, and licensing?

    The licensing cost is transparent and cheap. Overall, it is a very good price. 

    We pay for a license, and the support is connected to it. We regularly communicate with our customer success engineer. And we have the technical support and the documentation. So, there's no extra charge for the support included in the license.

    Which other solutions did I evaluate?

    Our company used JFrog. 

    What other advice do I have?

    I recommend examining your processes to determine if they align with this tool, as its history is heavily concentrated on Maven. If your operations involve Maven, this solution is likely the most suitable. 

    As we primarily focus on Java and Maven, I would give this solution a rating of nine out of ten in such cases. 

    However, if your emphasis shifts towards NPM products or NuGet, using Nexus is still feasible but may require more effort. The tool is more centered around Maven, making it a bit challenging to seamlessly integrate with NPM. 

    In such scenarios, opting for a different product might be more favorable. Nevertheless, if your environment revolves around Java or related technologies, Nexus stands out as a top-notch product in the market.

    Which deployment model are you using for this solution?

    On-premises
    View all reviews