Managing Java Dependencies with Nexus Lifecycle

A typical Java application can have hundreds of external dependencies that include proprietary libraries and others from many different sources. Tools such as Maven, make adding and managing these dependencies easy, but by themselves they aren’t very picky about what gets included in a project build. Developers and testers who are focused on rapid delivery of quality software may not have enough time to vet the libraries they are including in their products. Since those libraries can bring in dependencies of their own, it can be difficult to know the exact contents of an application. The results can be messy software products that include libraries with different licensing models, multiple versions of the same library, and libraries with known security and functionality issues.


Sonatype, the developers behind the Nexus Repository manager, have created a tool for implementing policy-based dependency management. Nexus IQ is the server component in three of their offerings: Nexus Auditor, Nexus Lifecycle and  Nexus Firewall. Nexus IQ scans project dependencies and Maven repositories, checking for criteria such as license type, reported security issues, age, and popularity. When integrated into a Nexus-managed repository, IQ can then either warn developers of a policy violation or block a build entirely; with the Nexus Firewall option, offending libraries can be quarantined for review, and then black-listed or white-listed based on your choice.




Related Content
5 tips for your Confluence Excel sheets
Creating informative excel sheets in Confluence is a challenge. Here are the top 5 tips to keep your...
Confluence Charts with Excellentable - Some more use cases
Charts in Confluence are an extremely useful tool when you want to show data in a visual matter. Excellentable...
How to embed Excel in Confluence
With Excellentable, you can embed excel spreadsheets right inside confluence. Excellentable allows importing...

Leave a Reply

Your email address will not be published. Required fields are marked *