New Open Source Maven Repository Manager Launched

The leading commercial supporter of the open-source Maven project recently released a new version of its Maven repository manager. Sonatype, the Mountain View, Calif.-based company founded last year by Maven creator Jason van Zyl, announced Nexus Professional, a version of its flagship repository manager enhanced with a superset of features aimed at commercial Maven users.

The Apache Maven Project is an open-source framework and repository for building and managing any Java-based project. It started as an effort to simplify the build processes in the Jakarta Turbine project (a servlet based framework that helps Java developers quickly build Web applications). At the heart of the Maven build management system is something called the project object model (POM). The project defines the POM as "the fundamental unit of work in Maven." It takes the form of an XML file that contains information about a project and such configuration details as dependencies, plugins, and build profiles.

The Maven repository has been growing exponentially, said van Zyl. "Today we count about 75,000 artifacts, or binary components, in that," he said. "Maven downloads from Apache number around 360,000 in the past 12 months. We estimate that the total number of Maven users is around 3 million today, 40 percent of which are professional Java developers. And based on artifact retrievals, use of the Maven Central Repository up 60 percent in 2008."

"A repository is to components as a source-control-management system is to source code," explains Sonatype's new CEO, Mark de Visser. Well-known in open-source circles, de Visser is the former chief marketing officer at PHP tools company Zend Technologies.

"People use components now more than they ever did before," de Visser added. "I think it's a fair estimate that no more than 10 to 20 percent of the business logic people create today is done by themselves, and all the rest are components that they have acquired. These days, the components that they acquire are very often open-source projects. BPM engines, business intelligence, charting, workflow, reporting, Ajax libraries -- all of these things and more are out there in open source flavors. As soon as you start talking about larger, distributed, teams that work in fast cycles -- some our biggest customers build their software every other week -- pretty soon you have a lot of dependencies. Someone changes something and it breaks something else. Maven creates the repository that shields the developers from the complexity of managing all these components."

Sonatype's Nexus manager is a tool for developers whose applications rely on access to Maven repositories -- both internal and external. It's designed to provide those applications with reliable access to the stored software components required for development and provisioning. de Visser advises users of the Maven central repository to maintain their own repositories for the various stages of development.

"We do not encourage people to pool their software components in a central repository every time they run a build," de Visser said. "The more typical usage model is for companies to create a local repository, and populate it only with the artifacts that they're using in that node structure. In fact, many companies have multiple versions of a repository on site. They use one that they can manage locally during the software development phase. Sometimes you'll see several: a development repository, a QA repository, a staging repository and a production repository."

This version of the product includes new security options, support for Lightweight Directory Access Protocol (LDAP) authentication, procurement management features for better control of which artifacts are allowed into the repository, and the ability to manage artifact promotion from a staging repository. The aim, de Visser said, is to provide development teams with full control over the software components and external dependencies around their particular software development cycles.

Last year, Sonatype joined the Eclipse Foundation and link the Maven framework and repository with Eclipse projects. That link, called m2eclipse, provides tight integration with the Eclipse IDE.

An open-source version of Nexus is available under a GPL license. The commercially licensed version provides additional functionality.

About the Author

John K. Waters is a freelance writer based in Silicon Valley. He can be reached at [email protected].