Repository Management with Nexus

2.2. Component Lifecycle Management

Component lifecycle management can be defined as the practice of analysis, control, and monitoring of all components used in your software development lifecycle.

It has emerged as a new category of software development products, information services and practices that help managing agile, collaborative, component-based development efforts. They allows you to ensure the integrity of the modern software supply chain, amplifying the benefits of modern development, while reducing risk.

2.2.1. Increasing Component Usage and Open Source Components

Modern software development practices have shifted dramatically from large efforts of writing new code to the usage of components to assemble applications. This approach limits the amount of code authorship to the business specific aspects of your software.

A large number of open source components in the form of libraries, reusable widgets or whole applicatione, application servers and others is now available featuring very high levels of quality and feature sets, that could not be implemented as a side effect of your business application development. E.g. creating a new web application framework and business workflow system just to create a website with a publishing workflow would be extremely inefficient.

Open source has become an integral part of modern applications in this form of components. A typical enterprise application is comprised of tens, if not hundreds, of components accounting for 80% and more of the application.

2.2.2. Security Vulnerability and License Compliance Risks

With the huge benefits derived from using open source as well as commercial components, comes the complexity of understanding all the implications to your software delivery. These include security vulnerabilities, license compliance problems as well as quality issues, that need to be managed through the whole life cycle starting at the inception of the sofware all the way through development, qualitiy assurance, production deployments and onwards until the decommissioning of the software.

The number of components, their rapid change rate with new releases as well as the ease of adding new dependencies, make the management and full understanding of all involved components a task, that can not be carried out manually and requires the assistance of tools such as Nexus and Sonatype Insight.

2.2.3. Nexus and Component Lifecycle Management

Nexus provides a number of tools that can help you in your CLM efforts. Besides focussing on being a component repository manager it includes features such as the display of security vulnerabilities as well as license analysis results within search results and the Repository Health Check reports for a proxy repository.

Specific examples about using Nexus for CLM related tasks can be found in Chapter 12, Repository Health Check.

Nexus Professional secures your component supply chain as documented in Section 6.2.6, “Accessing The Central Repository Securely”, which forms an important base for your CLM efforts.