Why Do I Need a Binary Repository Manager?

This is an excerpt from Out of the Wild: A Beginner’s Guide to Package and Dependency Management, a Sonatype Guide. This is the final installment. (Read part one and part two.)

So, why do I need a Binary Repository Manager?

Binary repository managers serve a couple of important functions as part of a modern software development lifecycle.

First, they can serve as a local copy, or “proxy,” repository for the language-specific package repositories/registries we discussed earlier. Creating these proxy repositories in a repository manager to store and cache your OSS components locally—rather than downloading them directly from an online repository every time you kick off a build—can provide some of the following benefits, as stated in our own Repository Management Basics course:

  • Increasing build performance due to a wider distribution of software and locally available parts.
  • Reducing network bandwidth and dependency on remote repositories.
  • Insulating your company from outages in the internet, outages of public repositories (Maven Central, npm, etc.), or even removal of an open source component.

In addition, repository managers serve as a “single source of truth” for the binaries used in your build processes.

At this stage, you may be asking yourself, but why can’t I just store my binaries where I store my source code? And the short answer is that you can. But you probably won’t want to after you understand more about how version or source control tools like GitHub differ from binary repository managers…

I use a Version/Source Control Management repository to store my source code. Why do I need a Repository Manager for my binaries?

As DZone’s Refcard on Using Repository Managers concisely states, “Repository Managers are to binaries what source repositories or VCS (Version Control Systems) are to sources.”

Authors Brian Fox and Carlos Sanchez go (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ember DeBoer. Read the original post at: