New Nexus Repository Reference Architectures

Sonatype is pleased to announce a new set of Reference Architectures for Nexus Repository. This key resource allows Repository administrators, operations and devops professionals to ensure that their Repository deployments are appropriately sized to meet the ever growing need to serve components and application binaries at scale.

Sonatype Nexus Repository is used every day by millions of developers to manage and secure billions of component and application downloads. Sizing correctly is important to ensure that developers can develop, test, and ship code quickly at scale without costly interruptions.

As high as usage is already, rapid growth in usage also shows no sign of stopping. Why is this?

  • Teams build more often. Chasing ever faster feedback cycles using continuous integration practices, practices which mean teams can be building and publishing many times.
  • Container use continues to grow. Bundling applications into containers is a powerful paradigm, but containers can be large. This means more storage and I/O consumption for repositories.
  • Development tool chains are being centralized to allow better efficiencies of scale and compliance with organizational policies.
  • Engineering leaders now recognize the need to have all of their teams pulling their third-party dependencies and open source through an auditable ingestion point.

Shadow Downloads Means Invisible Risk

In particular, the rapid rise of supply chain attacks on development infrastructure means that centralized supply chains are no longer optional. Invisible parts of the supply chain (so-called “shadow downloads”) are directly correlated to unmanaged risk of costly supply chain attacks.

Where before, only the most mature development organizations would centralize developer downloads of open source, this practice is now essential to protecting the organization.

Eliminating this, in turn, drives the need for a reliable, scalable management of that supply chain.

In-Product Guidance

As part of the launch of the new Reference Architectures, Nexus Repository will add in-product guidance to help administrators make good deployment choices. The first such feature, now available in Repository 3.66, is a set of in-product usage meters and warnings when the deployment model is insufficient for the current scale.

Repository 3.66 will warn administrators about higher than recommended use of the embedded database mode. While the legacy embedded database (OrientDB) is a popular choice for small teams and/or Repositories deployed as edge caches, it is not recommended for use in more demanding situations because of the possibility of data integrity problems or outright data corruption. In-product warnings will help Repository administrators avoid this deployment anti-pattern.


Sonatype is committed to providing the world’s best software supply chain optimization technology and intelligence. If you would like to learn more about scaling Nexus Repository, the new Reference Architectures are a great starting point.

1 Like