Nexus Repository: A Strategic Guide from Git to Governance

As leaders of organizations, innovators of technology, and practitioners of continuous development, we must understand the constant changes in the industry to better suit the needs of the business and of our customers. 

The role of modern software development has evolved. Developers, IT operations, quality engineering, and security teams have embraced new technologies and cultural shifts to accelerate time to market and identify efficiencies in building applications. Teams who adopt best practices and invest in the right tools, at each phase of the software development life cycle (SDLC), enhance their overall productivity and ROI to meet business goals faster. At Sonatype, we specialize in helping organizations build better, faster software more securely without slowing down innovation. Having the privilege to partner and work with some of the top leading brands, we understand the journey to achieve this mission can be challenging without having a cohesive strategy across the entire software supply chain.

The following material is meant to be a guide for understanding the differences in the marketplace when it comes to source code management and git repositories, application-level building and binary repositories, and ultimately open source governance. At a foundational level, we will begin by discussing Nexus Repository and an evolving landscape of package and dependency management tools.

For the purposes of this writing, we will focus on market trends and the benefits of formulating a strategy for both business and functional objectives. At a conceptual level, Sonatype’s Educational Foundations Guide to Package and Dependency Management delivers a deep dive review into the role of package managers in modern software development, key components of application-level dependency managers, and how universal package managers (i.e. binary repositories, such as Nexus Repository) differ from source control management tools (i.e. source code repositories, such as GitHub or Azure Git Repos).

(Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Brent Kostak. Read the original post at: