惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
D
Docker
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
About on SuperTechFans
WordPress大学
WordPress大学
Recent Announcements
Recent Announcements
Engineering at Meta
Engineering at Meta
H
Help Net Security
Vercel News
Vercel News
S
SegmentFault 最新的问题
罗磊的独立博客
F
Full Disclosure
Microsoft Azure Blog
Microsoft Azure Blog
V
Visual Studio Blog
Last Week in AI
Last Week in AI
V
V2EX
腾讯CDC
IT之家
IT之家
爱范儿
爱范儿
博客园 - Franky
MyScale Blog
MyScale Blog
aimingoo的专栏
aimingoo的专栏
The Register - Security
The Register - Security
Help Net Security
Help Net Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
www.infosecurity-magazine.com
www.infosecurity-magazine.com
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
B
Blog RSS Feed
雷峰网
雷峰网
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
Recorded Future
Recorded Future
A
Arctic Wolf
Cyberwarzone
Cyberwarzone
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
S
Schneier on Security
GbyAI
GbyAI
Schneier on Security
Schneier on Security
O
OpenAI News
F
Fortinet All Blogs
Y
Y Combinator Blog
Forbes - Security
Forbes - Security
NISL@THU
NISL@THU
M
MIT News - Artificial intelligence
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
MongoDB | Blog
MongoDB | Blog

2024 Sonatype Blog

Open Source, Open Infrastructure, and the Space Between Request for Comments: CARE and Maven Central Q2 2026 Open Source Malware Index AI Is Forcing a New Open Source Security Model Vulnerability Prioritization Is Missing the AI-Era Point The Hidden National Security Threat Inside AI-Driven Software Miasma Returns: Leo Platform Compromise in npm The Rise of Collective Defense for Open Source Signal Over Noise: Reachability Analysis Is the Reality Check SCA Has Been Missing Software Security Has to Start at Assembly easy-day-js Targets Mastra, Dependency Attacks Grow Open Publishing, Commercial Scale Software Dependency Cooldowns Are a Symptom, Not a Strategy Atomic Arch npm Campaign Adds Malicious Dependency From SBOMs to AI BOMs: Why SPDX 3.0 Matters Mythos Found 10,000 Vulnerabilities. The Bigger Challenge Is Fixing Them New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages Lazarus Group's Latest: Brandjacking Campaign on npm 5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook The AI Race Is Becoming a Remediation Race Red Hat Cloud Services npm Packages Hijacked Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies AI Is Making Software Autonomous, and Governance Must Follow Your Outdated Repository Still Works, But It May Not Be Safe Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT AppSec Tools Explained: SAST vs SCA vs DAST | Sonatype Managing Open Source Software Risks With the HeroDevs EOL Dashboard Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target Building Trusted AI Development With Kiro and Sonatype Guide How to Build a Software Supply Chain Security Playbook The Evolution of Open Source Malware: From Volume to Trust Abuse The Mythos AI Vulnerability Storm: What to Do Next Malicious PyTorch Lightning Packages Found on PyPI Why Developer Experience Is the Foundation of DevSecOps Success Open is Not Costless: Reclaiming Sustainable Infrastructure Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths The Time Is Now to Prepare for CRA Enforcement Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition Mythos and the AI Vulnerability Storm: Exploring the Control Point When AI Writes Code, Who Governs the Dependencies? Why Software Supply Chain Security Requires a New Playbook Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust Modernizing Nexus Repository: Moving Beyond OrientDB AI, DevSecOps, and the Future of Application Security: The Gartner® Report How Sonatype's Container Scanning Protects You From Zero-Days Axios Compromise on npm Introduces Hidden Malicious Package Is Your Repository Ready for What's Next? Autonomous Development and AI: Speed vs. Security Grounded Intelligence Ensures Safe AI Software Development Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds Sonatype Discovers Two Malicious npm Packages
Q1 Updates in Nexus Repository: More Formats, Stronger Operations, and a Better Day-to-Day Experience
tvrablik@son · 2026-04-24 · via 2024 Sonatype Blog

If you are responsible for keeping software delivery moving, more ecosystems usually mean more overhead.

More package types can turn into more tools to manage, more one-off workflows, and more chances for things to slow down or fall out of policy. At the start of 2026, Sonatype Nexus Repository moved in the opposite direction: expanding support for Terraform and Swift while also making the platform easier to run, automate, and trust.

The result is not just broader format support. It is a more practical way for development, DevOps, and IT teams to centralize software components, reduce tool sprawl, and keep work moving across a growing mix of languages, packages, and infrastructure artifacts.

More Format Support With a Clear Payoff for Users

One of the biggest themes at the start of the year was broader format support, especially for teams working in infrastructure as code and the Apple ecosystem.

Terraform Support

With support for Terraform, teams can manage more of their infrastructure artifacts through Nexus Repository instead of handling them through separate, disconnected workflows. That means a more consistent way to access providers and modules, better performance through caching, and stronger control over both internal and external Terraform dependencies.

For DevOps and platform teams, that is especially useful. Infrastructure artifacts no longer have to live off to the side with their own process and tooling. They can be managed with the same level of control, visibility, and consistency as the rest of the software supply chain.

Swift Support

Support for Swift brings the same kind of simplification to teams building for Apple platforms. With Swift packages now supported in Nexus Repository, teams can centralize dependencies, improve build performance, reduce reliance on external Git hosting, and create a cleaner way to manage internal Swift packages alongside approved third-party components.

For development teams, that means less friction in the toolchain. For IT and platform teams, it means fewer exceptions to support and a more consistent way to manage another important ecosystem.

What makes both of these additions valuable is not just that Terraform and Swift are now supported. It is that teams can manage more of their software and infrastructure dependencies in one place instead of stitching together separate workflows for different ecosystems. That leads to a smoother experience for developers and a more scalable operating model for the teams responsible for control, governance, and reliability.

A Better Path Off OrientDB and Into Modern Deployments

Another important update is the new Instance Migrator, which gives customers on OrientDB-based deployments a simpler path to PostgreSQL, H2, or to Nexus Repository Cloud.

That matters because 3.70.x was the last release to use OrientDB, and as of January 9, 2026, support for OrientDB is officially sunset. Older OrientDB-era deployments carry increasing security that have been addressed in newer releases, so for teams still on those versions, this creates a clearer way to move off legacy infrastructure and onto a more modern platform with better performance, security, and manageability.

For teams that have been putting off modernization because migration felt like too much work or too much risk, this is the kind of improvement that can make the next step a lot more practical.

The Platform Got Stronger Too

The start of the year was not only about supporting more formats. It was also about making Nexus Repository easier to operate day to day.

Reduced Operational Complexity

One of the biggest platform-level changes was the move from Elasticsearch to SQL for search. Search now runs directly against the configured database, which reduces deployment complexity and cuts down on moving parts while preserving the search experience teams already know.

This is the kind of change that makes life easier for the people running the platform. Less infrastructure to maintain usually means less operational overhead and fewer things to troubleshoot.

Better APIs and Automation for Teams

There were also useful improvements for teams building automation around Nexus Repository. A new Capabilities API endpoint makes it easier to retrieve capability types and metadata programmatically. Improvements to browse tree cleanup give administrators more control after component deletion. And the new User Token API adds more precise, programmatic control over token creation and management.

For teams trying to automate routine administration and tighten up how credentials are managed, these are practical improvements that save time and reduce manual effort.

Strengthened Security and Operational Resilience

On the security and resilience side, the updates were less flashy but still important. URL validation helps protect against SSRF by blocking outbound connections to private network addresses, localhost, and cloud metadata endpoints. Recovery Mode adds a controlled state for safe reconciliation between the database and blob storage after outages or inconsistencies.

These are the kinds of improvements that matter most when something goes wrong. They help make the platform safer to operate and easier to recover.

A Faster, More Transparent User Experience

The user experience got better too. Faster page loads, lower bandwidth usage, and improved caching efficiency make Nexus Repository feel more responsive in everyday use. There were also improvements to policy-compliant component selection in npm metadata, making it easier for users to understand why a version is unavailable and what they can use instead.

That kind of clarity matters. It removes guesswork and helps teams move faster without having to stop and investigate every policy decision by hand.

A Strong Start to the Year

The start of the year sets the tone for where Nexus Repository is headed: helping more teams bring more of their workflows into a centralized, governed system while continuing to improve the experience of running and managing it.

That means broader ecosystem support, a clearer path off legacy deployments, and ongoing improvements to performance, security, and operations. Taken together, it is a stronger foundation for teams that want more control without more complexity.

Tags