{"id":13511799,"url":"https://github.com/sonatype/nexus-public","last_synced_at":"2026-04-07T22:01:19.511Z","repository":{"id":35749906,"uuid":"40029062","full_name":"sonatype/nexus-public","owner":"sonatype","description":"Sonatype Nexus Repository Open-source codebase mirror","archived":false,"fork":false,"pushed_at":"2026-03-24T18:34:23.000Z","size":172492,"stargazers_count":2469,"open_issues_count":352,"forks_count":694,"subscribers_count":113,"default_branch":"main","last_synced_at":"2026-04-04T00:16:34.787Z","etag":null,"topics":["repository","repository-management"],"latest_commit_sha":null,"homepage":"https://www.sonatype.com/products/repository-oss-download","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"epl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sonatype.png","metadata":{"files":{"readme":"README.md","changelog":"changed.groovy","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-07-31T23:42:41.000Z","updated_at":"2026-04-03T13:47:49.000Z","dependencies_parsed_at":"2026-01-17T13:11:28.445Z","dependency_job_id":null,"html_url":"https://github.com/sonatype/nexus-public","commit_stats":{"total_commits":1168,"total_committers":7,"mean_commits":"166.85714285714286","dds":"0.023116438356164393","last_synced_commit":"fc7a25764171b2550d7c87a9d4e97d5eaae6a263"},"previous_names":[],"tags_count":169,"template":false,"template_full_name":null,"purl":"pkg:github/sonatype/nexus-public","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype%2Fnexus-public","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype%2Fnexus-public/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype%2Fnexus-public/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype%2Fnexus-public/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sonatype","download_url":"https://codeload.github.com/sonatype/nexus-public/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonatype%2Fnexus-public/sbom","scorecard":{"id":837688,"data":{"date":"2025-08-11","repo":{"name":"github.com/sonatype/nexus-public","commit":"aec50e47d080933bc235f29e2669591343112a12"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.9,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Eclipse Public License 1.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'","Warn: branch protection not enabled for branch 'release-2.15.2-03'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"45 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-6v67-2wr5-gvf4","Warn: Project is vulnerable to: GHSA-pr98-23f8-jwxv","Warn: Project is vulnerable to: GHSA-qh8g-58pp-2wxh","Warn: Project is vulnerable to: GHSA-q4rv-gq96-w7c5","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v","Warn: Project is vulnerable to: GHSA-wxr5-93ph-8wr9","Warn: Project is vulnerable to: GHSA-4cx2-fc23-5wg6","Warn: Project is vulnerable to: GHSA-vv7r-c36w-3prj","Warn: Project is vulnerable to: GHSA-4p6w-m9wc-c9c9","Warn: Project is vulnerable to: GHSA-5v34-g2px-j4fw","Warn: Project is vulnerable to: GHSA-q5r4-cfpx-h6fh","Warn: Project is vulnerable to: GHSA-fx2c-96vj-985v","Warn: Project is vulnerable to: GHSA-269q-hmxg-m83q","Warn: Project is vulnerable to: GHSA-5jpm-x58v-624v","Warn: Project is vulnerable to: GHSA-prj3-ccx8-p6x4","Warn: Project is vulnerable to: GHSA-xpw8-rcwv-8f8p","Warn: Project is vulnerable to: GHSA-389x-839f-4rhx","Warn: Project is vulnerable to: GHSA-xq3w-v528-46rv","Warn: Project is vulnerable to: GHSA-6mjq-h674-j845","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-6chw-6frg-f759","Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx","Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf","Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674","Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T19:35:24.902Z","repository_id":35749906,"created_at":"2025-08-23T19:35:24.902Z","updated_at":"2025-08-23T19:35:24.902Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31530647,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["repository","repository-management"],"created_at":"2024-08-01T03:01:11.208Z","updated_at":"2026-04-07T22:01:19.493Z","avatar_url":"https://github.com/sonatype.png","language":"Java","funding_links":[],"categories":["Java","Resources","Projects using Karaf","工件仓库","Platform Engineering"],"sub_categories":["[Npm](https://www.npmjs.com)","Artifact Management"],"readme":"\u003c!--\n\n    Sonatype Nexus (TM) Open Source Version\n    Copyright (c) 2008-present Sonatype, Inc.\n    All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.\n\n    This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,\n    which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.\n\n    Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. \"Sonatype\" and \"Sonatype Nexus\" are trademarks\n    of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the\n    Eclipse Foundation. All other trademarks are the property of their respective owners.\n\n--\u003e\n# Sonatype Nexus Repository Core\n\nSonatype Nexus Repository is the single source of truth for all your internal and third-party binaries, components, and packages. Integrate all your development tools into a centralized binary repository manager so that you can choose the best open source components, optimize your build performance, and ship code quickly while increasing visibility across your SDLC.\n\nThis is the open source codebase of Nexus Repository Core. This contains functionality for maven, raw, and APT repository formats, and uses an embedded H2 database that is appropriate for small workloads.\n\nFor a fully-featured version of Nexus Repository, download the Community Edition binary from https://www.sonatype.com/products/nexus-community-edition-download. Community Edition includes additional format support such as npm, Docker, NuGet, PyPI and many others. It also allows use of an external PostgreSQL database that allows you to deploy Nexus Repository under Kubernetes.\n\n#### Issues\n\nIf you are using Nexus Repository Core or Community Edition and need to report an issue or request an enhancement, [open an issue here](https://github.com/sonatype/nexus-public/issues).\n\nFor help with Nexus Repository Core or Community Edition, please join the [Sonatype Community](https://community.sonatype.com/) to get tips and tricks from other users.\n\nTo report a security vulnerability, please see https://www.sonatype.com/report-a-security-vulnerability\n\nSonatype Nexus Repository Pro customers can contact our world-class support team at https://support.sonatype.com/.\n\n## Build Requirements\n\nBuilds use Apache Maven and require Java 17. Apache Maven wrapper scripts are included in the source tree.\n\n### Configuring Maven for SNAPSHOT Dependencies\n\nFollowing best practices, the nexus-public POM does not include any root `\u003crepositories\u003e` elements.\n\n## Building From Source\n\nReleased versions are tagged and branched using a name of the form `release-{version}`. For example: `release-3.72.0-04`\n\nTo build a tagged release, first fetch all tags:\n\n```shell\ngit fetch --tags\n```\n\nThen checkout the remote branch you want. For example:\n\n```shell\ngit checkout -b release-3.77.0-08 origin/release-3.77.0-08 --\n```\n\nThen build using the included Maven wrapper script. For example:\n\n```shell\n./mvnw clean install -Dpublic\n```\n\nThe `public` property is required outside of Sonatype's internal infrastructure.\n\n## Running\n\nTo run Nexus Repository, after building, unzip the assembly and start the server:\n\n    unzip -d target assemblies/nexus-base-template/target/nexus-base-template-*.zip\n    ./target/nexus-base-template-*/bin/nexus console\n\nThe `nexus-base-template` assembly is used as the basis for the official Sonatype Nexus Repository distributions.\n\n## License\n\nThis project is licensed under the Eclipse Public License - v 1.0, you can read the full text [here](LICENSE.txt)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsonatype%2Fnexus-public","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsonatype%2Fnexus-public","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsonatype%2Fnexus-public/lists"}