Maven

Open Publishing, Commercial Scale

Open Publishing, Commercial Scale

| | Central, central repository, development infrastructure, Maven, Modern Infrastructure, open source, Publishing to the Central Repository, Registry, scale
This is not just a Maven Central story ...
2024 Sonatype Blog

From Abuse to Alignment: Why We Need Sustainable Open Source Infrastructure

| | Central, central repository, Maven, open source, Thought Leaders
Open source doesn't run on any individual project, foundation, or company — it runs on shared infrastructure. That's why we've come together with other stewards to issue a Joint Statement on Sustainable Stewardship ...
2024 Sonatype Blog
Free isn't free: The hidden costs of tooling decisions in open source infrastructure

Free isn’t free: The hidden costs of tooling decisions in open source infrastructure

| | central repository, Maven, Nexus Repository, open source, software supply chain, Thought Leaders
When I first wrote about the tragedy of the commons and Maven Central, I called attention to a startling reality: a small percentage of users — mostly large enterprises — were unknowingly ...
2024 Sonatype Blog
Beyond IPs: Addressing organizational overconsumption in Maven Central

Beyond IPs: Addressing organizational overconsumption in Maven Central

| | Central, central repository, community, Maven, The Central Repository
When we published Maven Central and the Tragedy of the Commons, we highlighted a disturbing pattern: just 1% of IP addresses accounted for 83% of Maven Central's total bandwidth, often traced back ...
2024 Sonatype Blog
Java at 30: From portable promise to critical infrastructure

Java at 30: From portable promise to critical infrastructure

| | Apache Maven, Brian Fox, central repository, Java, Maven
Thirty years ago, Java introduced the world to "write once, run anywhere." What began as a bold promise of portability and simplicity soon transformed into a defining force in modern software ...
2024 Sonatype Blog

Central Publisher Portal now validates Sigstore signatures

| | code signing, Maven, pgp signature, secure by design, The Central Repository
As part of our ongoing efforts to enhance security and trust in the Central repository ecosystem, we are introducing Sigstore signature validation in the Central Publisher Portal. Sigstore is a project that ...
2024 Sonatype Blog
Maven Central and the tragedy of the commons

Maven Central and the tragedy of the commons

| | community, Java, Maven
The tragedy of the commons is a concept in economics and ecology that describes a situation where individuals, acting in their own self-interest, collectively deplete a shared resource. In simpler terms, it's ...
2024 Sonatype Blog
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern

SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern

| | CycloneDX, DevZone, Maven, SBOM, Vulnerabilities
In late 2023, a few members of the Apache Logging Services project – known for providing the famous Log4j logging framework – received funding from the Sovereign Tech Fund (STF) to enhance ...
Sonatype Blog
The history of Maven Central and Sonatype: A journey from past to present

The history of Maven Central and Sonatype: A journey from past to present

| | central repository, community, DevZone, Maven, software supply chain
In Java development, Maven Central stands as a cornerstone, an indispensable repository of open source software components and libraries ...
Sonatype Blog

Software Packages, Do We Even Need Them?

| | Maven, Package Managers, secure software supply chain
  ...
Sonatype Blog
Load more