Sonatype Nexus Training — Artifact Repository, Binary Management & Supply Chain Security

What Is Sonatype Nexus?

Sonatype Nexus Repository is an artifact repository manager supporting Maven, Gradle, Docker, npm, PyPI, NuGet, Helm, RubyGems, and more. Nexus provides proxy repositories (cache external dependencies), hosted repositories (store internal artifacts), and group repositories (unified access). Combined with Nexus Lifecycle (IQ Server), it provides vulnerability scanning, license compliance, and policy enforcement — blocking vulnerable components before they enter your supply chain.

Role in the DevOps Supply Chain

Nexus is the central store for all binaries. Builds resolve dependencies through Nexus (caching for speed and resilience). Builds publish artifacts to Nexus (single source of truth). Deployments pull from Nexus (guaranteed provenance). Nexus Lifecycle adds security: every component is evaluated against known vulnerabilities and license policies before it can be used or deployed. This is supply chain security at the artifact level.

Who Should Attend

• DevOps engineers managing artifact repositories and supply chain security
• Build/release engineers implementing artifact lifecycle management
• Security engineers enforcing open-source governance policies
• Teams evaluating Nexus vs. Artifactory

Learning Outcomes

• Configure Nexus repositories — proxy, hosted, group — for Maven, Docker, npm, PyPI
• Implement artifact promotion across environments with staging repositories
• Integrate Nexus with Jenkins, GitHub Actions, Maven, Gradle, and Docker
• Deploy Nexus Lifecycle for vulnerability and license policy enforcement
• Manage RBAC, content selectors, cleanup policies, and backup

Course Modules

1. Nexus Architecture — Repository types. Blob stores. Repository formats. High availability. Deployment options.
2. Maven/Gradle Repositories — Proxy, hosted, group repos. Staging repositories. Build integration via settings.xml.
3. Docker Registry — Docker hosted and proxy repos. Image push/pull. Docker group repos. Image cleanup.
4. npm, PyPI, NuGet Repositories — npm registry configuration. PyPI proxy cache. NuGet hosted repos.
5. CI/CD Integration — Jenkins + Nexus. GitHub Actions + Nexus. Artifact upload and promotion pipelines.
6. Nexus Lifecycle (IQ Server) — Policy engine. Vulnerability database. License compliance. Build blockage. SBOM.
7. Administration — RBAC and content selectors. User token authentication. Backup and restore. Monitoring.
8. Capstone: Secure Artifact Pipeline — Build a Nexus + Lifecycle pipeline: build → publish → scan → promote → deploy.

Hands-on Labs (14 total)

Configure Maven, Docker, and npm repositories with proxy, hosted, and group types. Set up Maven staging repositories with artifact promotion. Integrate Nexus with Jenkins pipeline. Configure Nexus Lifecycle policies and block vulnerable components. Implement cleanup policies for Docker image retention.

Related Courses

See Artifactory Training, DevOps Engineering, and DevSecOps Engineering.