Nexus Repository Cloud
A managed Software-as-a-Service (SaaS) offering for Nexus Repository Pro, leveraging the full capabilities of the platform without the complexities of managing the underlying infrastructure. The service delivers the same high performance and extensive features that users have come to expect from Nexus Repository with the added benefits of cloud-based flexibility and operational freedom.
Fully Managed Service
Sonatype handles all aspects of managing your mission critical service. Providing highly available deployments with rolling updates, replicated backups, and automatic failover in case of any issues. Your deployment seamlessly scales with your repository usage as your development needs grow.
Reduced Total Cost of Ownership
Eliminates costs and time associated with server provisioning, security hardening, maintenance upgrades, and performance tuning.
Focus on Innovation
Frees your IT and development teams from managing tools, allowing them to focus on strategic initiatives and building software. Nexus Repository Cloud is always up-to-date, often before the on-prem release. Leverage the latest features before everyone else.
Migration Services
Sonatype's customer success team is available to assist in migrating your on-prem deployment to the cloud for a smooth transition with minimal downtime. Our experts review your deployment to provide guidance through the whole process.
The functionality of Nexus Repository Cloud is identical to using the self-hosted deployment with these improvements to the experience:
Simplified Administration UI
The administration user interface and REST APIs are simplified as server operations are offloaded from your administration team and managed by Sonatype.
These include the configuration of the following components: blob storage, local users, security realms, system information, outbound and ssl connections, maintenance tasks and capabilities.
Authenticated Access for All Users
Sonatype uses a flexible authentication and identity management platform providing; secure login, single sign-on (SSO), 2FA, and team management.
Connect your own identity provider to provide immediate access for your organization or use our full featured IdP to connect to the entire Sonatype platform. User tokens provide the security and flexibility to integrate with any client tooling.
Allowing anonymous access to your tenant would introduces a critical security risk to your software supply chain. To protect your Nexus Repository Cloud deployment, anonymous access is not available.
Connections Across the Public Internet
Your IdP and notification tooling need to be accessible on the public internet. Nexus Repository Cloud is hosted in SOC 2-compliant environments with encryption at rest and in transit, SSO integration, auditing, and role-based access control. 2FA is enabled by default to add an extra layer of security beyond just passwords, making it significantly harder for unauthorized individuals to access your accounts.
Controlled Access to Server Files
Access to Sonatype's world class support has never been easier. Managing the database, importing and exporting content, upgrading and backing up the service, or seamlessly failing to another region are handled by Sonatype.
Access to the underlying server files such as logging, file storage, and service configuration are protected and require a support ticket when needed.
Integrate with Full REST API Support
Full REST API support is provided for complete automation and scripting when interacting with your external systems. The legacy OSGI bundling and scripting APIs are completely removed from Nexus Repository Cloud for additional security hardening; as they are no longer needed or supported.
Simplified Container Access with Docker Paths
The Docker client has strict requirements for the path where images are hosted in a registry. The Docker path support replaces the previous requirement for access using Docker ports and subdomains. The use of docker subdomains and connector ports are not supported in Nexus Repository Cloud.
Connect to the Cloud Tenant
After purchasing a Sonatype Cloud solution, you receive your license and instructions for setting up the tenant.
Create your Nexus Repository Cloud Tenant
You receive an email with a URL to the service when ready. This URL is unique to your organization and is sensitive information.
Visit https://my.sonatype.com and select
Sign In
.On the login screen, select
Register
to register your new account with your work email address. Once complete, log into your account.Choose Organizations from the user menu under your profile name. Select
Create Organization
.Name your organization using your official company name and add a logo image.
Provide your your license fingerprint from the welcome email.
Provide a list of email addresses for your Nexus Repository Cloud instance's admin users.
Select the
Request
button to provision your Nexus Repository Cloud instance.
Designate your support contacts
Once your license fingerprint validates, select
Support Contacts
from the side menu and then select the team members to authorize as support contacts.You may assign four authorized support contacts.
Provide your Identity Provider details (optional)
Contact your Sonatype account team to assists in securely connecting your identity provider to your cloud tenant as an authorization realm. They will provide instructions for preparing your identity provider for the remote connection.
While you may manage users directly in the Nexus Repository, using an external IdP simplifies onboarding new teams and services.
Log into your Cloud Tenant
After receiving the getting started email, sign in to your tenant to configure your default roles and begin building your pipelines.
Set the Default Role
As a public cloud deployment, Nexus Repository Cloud does not include anonymous access, so all users must be authenticated through your identity provider configured for your tenant. Once users are authenticated, they are provided a base level of access using the Default Role
capability. Manually create a role with with minimum access available to all authenticated users of your tenant.
Add a role to provide the default level of access
Use the instructions below for adding a new role to your Nexus Repository Cloud tenant. This role is to be used by all users that are available to authenticate through your tenant access. Use the section below for selecting the privileges.
See Creating Roles
Set the default permissions
Set the minimum required privileges to access your Nexus Repository Cloud Tenant as required my your organization's security policies. Below are suggested minimum permissions to get started. To upload components, they will need the additional repository-view privileges
nx-healthcheck-read nx-search-read // To access and read all repositories, use the following. nx-repository-view-*-*-read nx-repository-view-*-*-browse // To upload components nx-repository-view-*-*-add
See Privileges
Set this role as the Default Role
Enable the capability to assign the new role as the default role.
See Default Role
Getting Started
Setting up Repository Firewall
Repository Firewall provides automatic enforcement of your organization's open source policies while CI builds and developers request them from remote proxies. This protects your organization from open source risk such as malware, license, and security vulnerabilities.
Enable User Tokens
Client access to your repositories require authentication and user tokens are the recommended way to allow automated systems to securely interact with Nexus Repository Cloud. After enabling the User Tokens and rotation requirements your users may log into the user interface to generate their tokens for using in their client tools and API calls.
Setting up your Build Pipeline Environments
Staging environments consist of a group repository used as a single endpoint for client tools that aggregate remote proxy and internal hosted repositories. These simplify access for development teams while providing full access control of the available repositories to administrators.
See Staging Concepts
Content Selector
Content Selectors are filters defining a specific subsets of content within a repository based on the content's path. They are most commonly used to restrict write access to a namespace belonging to a specific team. When designing your access model consider using content selectors for managing namespaces.
Cleanup Policies
Cleanup policies are crucial in helping to control storage costs by automatically delete old and unused artifacts. Removing clutter keeps the repository lean and fast, ensuring quick searches and responsive build times for developers and CI/CD tools. They help prevent the accidental use of outdated or potentially insecure components by removing them, ensuring developers are more likely to use the correct, approved artifacts.
See Cleanup Policies
Invite Users to the Cloud Tenant
Administrators may directly invite users to the tenant through the Settings -> Security -> Users
view. An email is sent to the user to verify their email address while setting up 2FA access. Once complete, the user is able to login with permissions provided by the Default User role.

Select
Invite Users
and fill out the form providing the email and the name of the user.A confirmation email is sent to the user to verify their email address.
After entering a password, new users will need to follow the instructions to configure 2FA.
Using Client Tools
Development tools such as maven, npm and docker fetch dependencies directly from public servers on the internet. While this works for small projects, it introduces inefficiencies and risks to project stability and build reliability. Configuring your client tools to use your Nexus Repository Cloud Tenant is a fundamental step in modern software development that provides significant advantages in speed, reliability, and security.
Locate the Configuration File
Find the correct configuration file for your specific tool. This file is where you define which repository the tool should use to download packages and dependencies.
Point the Client to Your Nexus Repository
Add or modify the setting that specifies the repository URL. The goal is to replace the default public repository (like Maven Central, npmjs.org, or PyPI) with the URL of proxy repository configured in your Nexus Repository tenant.
See Formats
Configure Your Credentials
Provide your access token generated from the Nexus Repository UI. Your user token is a unique, randomly generated key used to authenticate with API calls and to configure clients.
See User Token and User Token REST API
Administrator Roles
In the identity management platform, the Sonatype Platform - Administrator
is assigned to the primary user associated with the purchased license. This role is automatically mapped to the in-built read-only nx-admin
role in Nexus Repository Cloud and cannot be modified.
The nx-admin
role may be granted to other users directly, or via another role mapping when desired.
Usage Limits
Nexus Repository Cloud operates on a usage-based licensing model designed to offer predictable and fair pricing.
Consumption
Defined as the sum of
Egress
andStorage
. Nexus Repository Cloud reports historical usage reporting to help price Cloud opportunities.Egress: This refers to the total size, in gigabytes, of all components downloaded from the Nexus Repository Cloud environment per month.
Storage: This refers to the total size, in gigabytes, of all components stored in the repository's blob stores managed by Nexus Repository Cloud.
See Usage Metrics