Managing Java Dependencies with Nexus Lifecycle

A typical Java application can have hundreds of external dependencies that include proprietary libraries and others from many different sources. Tools such as Maven, make adding and managing these dependencies easy, but by themselves they aren’t very picky about what gets included in a project build. Developers and testers who are focused on rapid delivery of quality software may not have enough time to vet the libraries they are including in their products. Since those libraries can bring in dependencies of their own, it can be difficult to know the exact contents of an application. The results can be messy software products that include libraries with different licensing models, multiple versions of the same library, and libraries with known security and functionality issues.

 

Sonatype, the developers behind the Nexus Repository manager, have created a tool for implementing policy-based dependency management. Nexus IQ is the server component in three of their offerings: Nexus Auditor, Nexus Lifecycle and  Nexus Firewall. Nexus IQ scans project dependencies and Maven repositories, checking for criteria such as license type, reported security issues, age, and popularity. When integrated into a Nexus-managed repository, IQ can then either warn developers of a policy violation or block a build entirely; with the Nexus Firewall option, offending libraries can be quarantined for review, and then black-listed or white-listed based on your choice.

 

 

 

Related Content
Confluence template
Streamlining Employee Performance Reports in Confluence
Learn how to efficiently manage employee performance reports in Confluence by take advantage of Excellentable...
Excellentable collaborative editing
Unleash the Power of Tables in Confluence with Excellentable
Excellentable transforms tables in Confluence, with unique view mode features like sharing searches,...
work from anywhere
Embracing the Freedom: Work from anywhere
If our products can be used from anywhere, we should also be able to work from anywhere. This blog shows...

Leave a Reply

Your email address will not be published. Required fields are marked *