Sonatype Nexus is Rising Above the Swamp

In case you missed it — our rival JFrog published this blog post on Thursday.  Amidst the hyperbole, JFrog made a few statements that are true, and numerous that are rooted in fear mongering, falsehoods and gimmicky marketing tactics.  Please, allow me to explain.

Facts from JFrog About Sonatype Nexus.

JFrog states, “If you’ve been around in DevOps and DevSecOps for a while, you know that Nexus and Artifactory have been fierce competitors in the repository space. Sonatype had its roots in the Java and Maven space, and built on that success as “the Maven guys” for many years as they expanded their repository solutions.  Recently, Nexus shifted focus to DevSecOps and security aspects of their offering.”

Yes.  It’s true.  We’ve been competing head-to-head with JFrog for years — and we continue to compete with them today.  Make no mistake, on the commercial front, JFrog has been formidable. However, on the open source community front, they have been largely absent.  Conversely, as acknowledged by JFrog, Sonatype has long been steadfast supporters of our fellow engineers in the community. Our founders served as core contributors to Apache Maven.  We’ve long maintained Maven Central and we serve billions of components annually to developers around the world.  Lastly, we founded and actively maintain the Nexus Repository Manager project which has evolved into the world’s most popular binary repository manager with FREE support for all formats.

Separately, as stated by JFrog, it’s true that Sonatype has been actively expanding the Nexus platform beyond traditional repository manager features.  Specifically, we’ve pioneered the concept of software supply chain automation and have delivered innovative policy controls to enable engineering teams to automatically find and fix open source vulnerabilities early and everywhere across the DevOps pipeline.

Fiction (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Matt Howard. Read the original post at:

Avatar photo

Matt Howard

Matt Howard is CMO and SVP of Sonatype, the inventors of software supply chain automation. He is a proven executive and entrepreneur with over 20 years experience developing high-growth software companies. Prior to Sonatype, Mr. Howard co-founded, developed and successfully sold two software companies.

matt-howard has 13 posts and counting.See all posts by matt-howard