• Stars
    star
    215
  • Rank 183,925 (Top 4 %)
  • Language
    Java
  • License
    Eclipse Public Li...
  • Created almost 7 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Composer support for the Nexus Repository Manager (work in progress!)

Nexus Repository Composer Format

Maven Central CircleCI Join the chat at https://gitter.im/sonatype/nexus-developers DepShield Badge

Table Of Contents

Developing

Requirements

Also, there is a good amount of information available at Bundle Development

Building

To build the project and generate the bundle use Maven

mvn clean package

If everything checks out, the bundle for Composer should be available in the target folder

Build with Docker

docker build -t nexus-repository-composer .

Run as a Docker container

docker run -d -p 8081:8081 --name nexus-repository-composer nexus-repository-composer 

For further information like how to persist volumes check out the GitHub repo for our official image.

The application will now be available from your browser at http://localhost:8081

  • As of Nexus Repository Manager Version 3.17, the default admin password is randomly generated. If running in a Docker container, you will need to view the generated password file (/nexus-data/admin.password) in order to login to Nexus. The command below will open a bash shell in the container named nexus-repository-composer:

    docker exec -it nexus-repository-composer /bin/bash
    $ cat /nexus-data/admin.password 
    

    Once logged into the application UI as admin using the generated password, you should also turn on "Enable anonymous access" when prompted by the setup wizard.

Using Composer With Nexus Repository Manager 3

We have detailed instructions on how to get started here!

Installing the plugin

There are a range of options for installing the Composer plugin. You'll need to build it first, and then install the plugin with the options shown below:

Easiest Install

Thanks to some upstream work in Nexus Repository (versions newer than 3.15), it's become a LOT easier to install a plugin. To install this format plugin, you can either build locally or download from The Central Repository:

Option 1: Build a *.kar file locally from the GitHub Repo

  • Clone this repo and cd to the cloned directory location
  • Build the plugin with mvn clean package -PbuildKar
  • There should now be a nexus-repository-composer-<version>-bundle.kar file in your <cloned_repo>/target directory

Option 2: Download a *.kar file from The Central Repository

Once you've completed Option 1 or 2, copy the nexus-repository-composer-<version>-bundle.kar file into the <nexus_dir>/deploy folder for your Nexus Repository installation.

Restart Nexus Repo, or go ahead and start it if it wasn't running to begin with.

You should see the new repository types (e.g. composer (hosted, proxy, group)) in the available Repository Recipes to use, if all has gone according to plan :)

Temporary Install

Installations done via the Karaf console will be wiped out with every restart of Nexus Repository. This is a good installation path if you are just testing or doing development on the plugin.

  • Enable the NXRM console: edit <nexus_dir>/bin/nexus.vmoptions and change karaf.startLocalConsole to true.

    More details here: Bundle Development

  • Run NXRM's console:

    # sudo su - nexus
    $ cd <nexus_dir>/bin
    $ ./nexus run
    > bundle:install file:///tmp/nexus-repository-composer-0.0.8.jar
    > bundle:list
    

    (look for org.sonatype.nexus.plugins:nexus-repository-composer ID, should be the last one)

    > bundle:start <org.sonatype.nexus.plugins:nexus-repository-composer ID>
    

(more) Permanent Install

For more permanent installs of the nexus-repository-composer plugin, follow these instructions:

  • Copy the bundle (nexus-repository-composer-0.0.8.jar) into <nexus_dir>/deploy

This will cause the plugin to be loaded with each restart of Nexus Repository. As well, this folder is monitored by Nexus Repository and the plugin should load within 60 seconds of being copied there if Nexus Repository is running. You will still need to start the bundle using the karaf commands mentioned in the temporary install.

(most) Permanent Install

If you are trying to use the Composer plugin permanently, it likely makes more sense to do the following:

  • Copy the bundle into <nexus_dir>/system/org/sonatype/nexus/plugins/nexus-repository-composer/0.0.8/nexus-repository-composer-0.0.8.jar

  • Make the following additions marked with + to <nexus_dir>/system/org/sonatype/nexus/assemblies/nexus-core-feature/3.x.y/nexus-core-feature-3.x.y-features.xml

          <feature prerequisite="false" dependency="false">wrap</feature>
    +     <feature prerequisite="false" dependency="false">nexus-repository-composer</feature>
    

    to the <feature name="nexus-core-feature" description="org.sonatype.nexus.assemblies:nexus-core-feature" version="3.x.y.xy"> section below the last (above is an example, the exact last one may vary).

    And

    + <feature name="nexus-repository-composer" description="org.sonatype.nexus.plugins:nexus-repository-composer" version="0.0.8">
    +     <details>org.sonatype.nexus.plugins:nexus-repository-composer</details>
    +     <bundle>mvn:org.sonatype.nexus.plugins/nexus-repository-composer/0.0.8</bundle>
    + </feature>
     </features>
    

    as the last feature.

This will cause the plugin to be loaded and started with each startup of Nexus Repository.

The Fine Print

It is worth noting that this is NOT SUPPORTED by Sonatype, and is a contribution of ours to the open source community (read: you!)

Remember:

  • Use this contribution at the risk tolerance that you have
  • Do NOT file Sonatype support tickets related to Composer support in regard to this plugin
  • DO file issues here on GitHub, so that the community can pitch in

Phew, that was easier than I thought. Last but not least of all:

Have fun creating and using this plugin and the Nexus platform, we are glad to have you here!

Getting help

Looking to contribute to our code but need some help? There's a few ways to get information:

Composer Plugin

The composer plugin elendev/nexus-composer-push (https://github.com/Elendev/nexus-composer-push) provide a composer command to push to a Nexus Repository using this plugin.

More Repositories

1

nancy

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
Go
560
star
2

search-maven-org

TypeScript
478
star
3

DevAudit

Open-source, cross-platform, multi-purpose security auditing tool
C#
360
star
4

auditjs

Audits an NPM package.json file to identify known vulnerabilities.
TypeScript
223
star
5

nexus-repository-import-scripts

A few scripts for importing artifacts into Nexus Repository
Shell
200
star
6

jake

Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle.
Python
111
star
7

nexus-repository-apt

A Nexus Repository 3 plugin that allows usage of apt repositories
Java
105
star
8

nexus-repository-helm

At the Helm, Helm Yeah, v k8s
Java
97
star
9

nexus-scripting-examples

Sample scripts that use NXRM's scripting interface
HTML
85
star
10

scan-gradle-plugin

Gradle plugin that scans the dependencies of a Gradle project using Sonatype platforms: OSS Index and Nexus IQ Server.
Java
77
star
11

nexus-repository-cargo

Nexus Repository Cargo Format
Java
69
star
12

ahab

ahab is a tool to check for vulnerabilities in your apt, apk, or yum powered operating systems, powered by Sonatype OSS Index.
Go
66
star
13

repo-diff

Compare the contents of your hosted and proxy repositories for coordinate collisions
Python
60
star
14

audit.net

Identify known vulnerabilities in .net nuget dependencies
C#
55
star
15

gonexus

Go API for provisioning and interacting with Sonatype's Nexus Repository Manager and Nexus IQ Server
Go
44
star
16

helm-nexus-push

A plugin for helm that will push a chart to a Nexus Hosted Repository
Shell
43
star
17

nexus-repository-apk

Java
42
star
18

ossindex-gradle-plugin

Dependency audit plugin for gradle
Java
40
star
19

oysteR

Create purls from the filtered sands of your dependencies, powered by OSS Index
R
40
star
20

nexus-blobstore-google-cloud

Nexus Repository Manager Blobstore backed by Google Cloud Storage
Java
39
star
21

nexus-repository-conan

Conan the Barbarian, C packaging, fun times
Java
39
star
22

docker-nginx-nexus-repository

This is a template for deploying Nexus Repository Manager behind an NGINX reverse proxy.
Shell
36
star
23

nexus-repo-github-action

Nexus Repository for GitHub Actions
Dockerfile
36
star
24

nexus-repository-installer

Installer for Nexus Repository Manager 3
Dockerfile
32
star
25

nexus-repository-r

R, v data science, much functional programming, doge
Java
31
star
26

cargo-pants

Rust
28
star
27

cheque

Audit C/C++ projects (make, cmake, command line, etc.)
Go
23
star
28

nexus-cli

A Go based CLI for the Nexus platform
Go
22
star
29

nexus-repository-cpan

Much regex, v perl, super excite
Java
22
star
30

nexus-repository-p2

V Eclipse, hella P2, much OSGi
Java
21
star
31

iq-config-as-code

Python
20
star
32

nexus-iq-chrome-extension

Chrome extension for use with Sonatype Nexus Lifecycle - IQ server
CSS
20
star
33

copy-modules-webpack-plugin

A Webpack plugin which copies module sources to a separate directory
JavaScript
18
star
34

vscode-iq-plugin

Visual Studio Code plugin for Nexus IQ
TypeScript
18
star
35

nexusiq-successmetrics

An application for retrieving and viewing success metrics from Sonatype Nexus IQ
Java
15
star
36

chelsea

Dependency vulnerability auditor for Ruby
Ruby
14
star
37

bach

Dependency vulnerability auditor for PHP
PHP
14
star
38

nexus-repository-puppet

Java
13
star
39

nexus-blobstore-azure-cloud

Nexus Repository Manager Blobstore backed by Azure Blob Cloud Storage
Java
13
star
40

nexus-repository-terraform

12
star
41

nancy-github-action

Sonatype Nancy for GitHub Actions
Shell
11
star
42

iq-success-metrics2

10
star
43

nexus-format-archetype

Archetype for creating Nexus format plugin
Java
10
star
44

nexus-repository-vgo

Experimental repo for a vgo proxy and maybe more
Java
10
star
45

iq-fortify-parser

Deprecated Sonatype IQ Fortify SSC Community Integration 18.x to 20.x (replaced by Partner Integration version 4.x)
Java
10
star
46

iq-github-action

Sonatype Lifecycle GitHub Action
Shell
9
star
47

nexus-iq-server-installer

Installer for Nexus IQ Server
Dockerfile
9
star
48

nexus-repository-elpa

Java
9
star
49

deployment-reference-architecture

References for deploying Nexus products.
Mustache
9
star
50

nexus-repository-microsoft-symbol-server

Java
8
star
51

cs-auth-proxy

SAML SSO for Sonatype Nexus IQ
Shell
8
star
52

nexus-kubernetes-openshift

A Plugin for Sonatype Nexus to allow for automatic provisioning via K8s/OpenShift ConfigMaps and Secrets
Groovy
7
star
53

nexus-repository-conda

Java
7
star
54

iq-success-metrics

Python
7
star
55

intentionally-vulnerable-golang-project

This is a project we created that has dependencies with vulnerabilities, for us to test out nancy
Shell
7
star
56

nexus-iq-webhook-reference-implementation

A reference implementation for consuming webhooks via serverless.
JavaScript
7
star
57

nexus-development-guides

7
star
58

iq-webhook-listener

Shell
6
star
59

cyclonedx-sbom-examples

This repo has example CycloneDx xml formatted SBOMs for popular components across multiple ecosystems. Also, instructions for building and generating the sboms in the readme. If you add or update components, commit back up to the repo.
Java
6
star
60

nexus-platform-reference

Docker-compose project for demo's / testing / training
HTML
5
star
61

nexus-ci-examples

CI example builds and Sonatype Lifecycle analysis for different languages
Groovy
5
star
62

iq-api-examples

Repository for API example scripts for IQ Server.
Python
5
star
63

nexus-webhook-publish

A lil Golang app that takes Nexus Repo webhooks and uses them to publish components to other repos such as npmjs
Go
4
star
64

go-sona-types

Common utility packages for working with OSS Index, Nexus IQ Server, CycloneDX sboms or getting a....user-agent
Go
4
star
65

docker-nancy

nancy wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal
Dockerfile
4
star
66

circleci-maven-release-orb

3
star
67

nexus-repository-cabal

Java
3
star
68

nexus-repository-chef

Java
3
star
69

circleci-nancy-orb

A CircleCI orb for using Nancy to scan your Golang projects
Go
3
star
70

hazelcast-swarm

Docker swarm discovery plugin for hazelcast
Java
3
star
71

terraform-provider-sonatyperepo

Terraform Provider for configuring Sonatype Nexus Repository Manager
Go
2
star
72

homebrew-nancy-tap

Ruby
2
star
73

hashbrowns

Go
2
star
74

DevAudit-Chocolatey-package

Chocolatey package configuration for DevAudit
PowerShell
2
star
75

devsecops-community-survey

The question set used for the DevSecOps Community Survey
2
star
76

circleci-nexus-orb

2
star
77

sonatype-platform-browser-extension

The Sonatype Platform Browser Extension
TypeScript
2
star
78

sonatype-field-workshop

Examples and docs for Sonatype field workshops
Java
2
star
79

nexus-hipchat-notifier

HipChat Connect Addon to notify a chat room when a component or asset is cached in a Nexus Repository
JavaScript
2
star
80

nexus-monitoring

Shell
2
star
81

nexus-lifecycle-gitlab

Creates image to use as a GitLab runner to perform Lifecycle Evaluations
Shell
2
star
82

the-cla

Sonatype's CLA bot - affectionally known as Paul Botsco
Go
2
star
83

nexus-repository-labrat2

Another place to test things, likely to be removed soon.
Java
2
star
84

terraform-provider-sonatypeiq

Terraform Provider for configuring Sonatype IQ Server
Go
2
star
85

nexus-iq-api-client

Generated API Clients for Nexus IQ Server
Python
2
star
86

nexus-community-it-support

Library that offers support for booting NXRM + community plugin for integration testing
Java
2
star
87

iq-fortify-ssc-integration

Integration service to pass data from IQ to SSC (deprecated in favor of iq-fortify-parser)
Java
2
star
88

codetocloud-workshop

JavaScript
1
star
89

nexus-repository-labrat

Test of custom Nexus Format, created using the Nexus Format Archetype
Java
1
star
90

speedbump

Swift
1
star
91

ossindex-python

Python library for querying OSS Index
Python
1
star
92

nexus-iq-api-client-go

Generated API Client in Go for Sonatype IQ Server
Shell
1
star
93

nexus-groovy-scripts

A collection of groovy scripts for Nexus Repository Manager 3
1
star
94

js-sona-types

Like go-sona-types, but for Javascript!
TypeScript
1
star
95

log4j-hackapp

Hackable applicaiton
Java
1
star
96

example-auditjs-repo

1
star
97

example-ahab-repo

Dockerfile
1
star
98

nexus-it-script-client

Java
1
star
99

jake-github-action

Sonatype Jake for GitHub Actions
Dockerfile
1
star
100

commercial-contributions

1
star