DevOpsTec 戴博斯科技，DevSecOps的專家，提供完整的Sonartype Nexus repository pro 完整使用情境說明，讓你快速上手 Nexus repository pro 在 DevSecOps 中如何正確且有效的提高程式碼資安與品質，更進一步的說明Nexux系列方案如何與GitLab進行整合，完美打造您團隊的DevSecOps 方案! 更多資訊請見https://www.devops.com.tw/

1. Sonatype Nexus Demo
Code smarter. Fix faster. Be secure.
Automate software supply chain management to accelerate
developer innovation.

2. • Sonatype Nexus Overview
• Nexus Feature
• Nexus integration with CI/CD
• 實機展示
• Sonatype Price
• Nexus version compare
• DevOps Support
• Q&A

3. Nexus Overview

4. Nexus is a repository manager. It allows you to proxy,
collect, and manage your dependencies so that you
are not constantly juggling a collection of JARs.
It makes it easy to distribute your software. Internally,
you configure your build to publish artifacts to Nexus
and they then become available to other developers.
What is Nexus?

5. DevSecOps

6. Sonatype Nexus Repository Pro

7. Nexus Firewall

9. Sonatype Nexus Lifecycle

10. Sonatype Feature

12. • Advanced Binary Fingerprinting — 使用
獨特的漏洞識別，消除開發人員的摩擦，
減少誤報和漏報。
• Content Profile Insights(內容資料洞
察) — 通過減少花在修復安全、許可、架
構和遷移風險上的時間來優化依賴庫的管
理。
• Deep Code Analysis(深度代碼分析) — 了
解關鍵性能和可靠性問題以及開發人員修
復率，以衡量程式碼品質有效性。
Discover risk the right way — with precise and
accurate data.

13. • Advanced Policy Controls — 根據應用
程序數據和 SDLC 階段自動執行安全策
略和法律合規義務。
• Continuous Monitoring — 在幾分鐘
內檢測已佈署應用程序中新發現的漏洞。
• Infrastructure as Code Rules — 使開
發人員能夠在開發早期即可發現並修復。
Innovate faster without compromising quality or
security

14. • Early Warning Detection — 在使用 Sonatype
的 Nexus Intelligence 進入開發管道之前阻止
和防止惡意行為和惡意軟件注入威脅。
• Perimeter Control — 通過自動策略實施自動
防止依賴混淆攻擊進入存儲庫。
• Behavioral Inspection — 通過基於行為的安全
策略的自動檢查，從構建到運行時保護容器。
Protect the integrity of code, delivery pipelines,
and operating environments.

15. • #7 - Speedier Builds
• #6 - Saving the bandwidth of Central Maven Repositories
• #5 - Predictability and Stability
• #4 - Control and Auditing
• #3 - Ability to Deploy 3rd-party Artifacts
• #2 - Ability to Host Internal Repositories
• #1 - Ability to Host Public Repositories
Why Nexus?

16. Nexus integration with CI/CD

17. Create
Branch
Pipeline trigger Code
Quality & Security
Scan Create Pull
Request
Trigger Build &
Test & Deploy
Code Quality & Code
Security Scan
Gitlab Runner
deploy artifact
to GCP
Auto Code Quality &
Code Security Scan
in Client
Define Scan
Rule & Project
Push Code &
Code Review
Nexus IQ CLI
Docker Container
Analysis
Get OSS
Scan
Vulnerability
Build Artifacts
& Scan
Vulnerability
Artifacts Manager & Scan
Vulnerability
1.
2.
4.
5.
3.
6.
7.
8.
9.
11.
12.
10.

18. Sonatype Full Platform Workflow

19. 實機展示

20. Sonatype Price

21. https://www.sonatype.com/products/pricing?hsLang=en-us

22. Nexus version compare

23. Repository Oss vs Pros
https://www.sonatype.com/products/repository-oss-vs-pro-
features
1. Stage和Build推廣
2. SAML/SSO、企業LDAP整合
3. 儲存空間擴展與遷移零停機
4. Pro提供進階Repository健康檢查報告
5. 個別Repository搬移
6. 可佈署到npm和Docker
7. 彈性故障切換
8. 原廠支援和專門的客戶成功團隊

24. Technical support & training

25. Technical support & training
原廠技術支援
項目 時間
Q&A by email or
Sonatype support system
購買後一年.由Sonatype開
出License時間起計

26. What’s Consultant Hours

27. 戴博斯企業專業的顧問輔導

29. FB 粉絲專頁
官方網站