Automation
This section guides using the APIs, webhooks, and integrations to automate Nexus Repository functionality.
REST API
Use the REST API to integrate Nexus Repository with external systems. Nexus Repository leverages the OpenAPI Specification (OAS) as its official API documentation. This document is available to download from any instance at the following URL and does not require privileges to access.
<nexus_url>/service/rest/swagger.json
Swagger UI in Nexus Repository
We ship Nexus Repository with Swagger UI - a simple, interactive user interface, where REST calls are processed directly through the UI to observe the results in the browser.
This interface is located under the API section via the System sub-menu of the Settings menu.
The nx-settings-read privilege is required to access this page. This privilege provides access to multiple views in the user interface. There is not a setting to view only the API view at this time.
The API view lists all APIs and their examples, however, only the APIs that the user has permission to utilize are functional.
Beta Endpoints in the Nexus Repository API
APIs under the beta endpoints are fully supported by Sonatype and are safe to use in production systems. Compatible newer versions may have aliases allowing newer functionality without changing the published endpoint.
Scripting API
Scripts may be written to perform custom tasks that can't be handled directly through the UI or the REST API. Nexus Repository scripts are written in the Groovy programming language.
To make Nexus Repository more secure, the Groovy scripting engine is disabled by default.
See the Script API documentation for details.
Nexus Platform Integrations
Below are official integrations for Nexus Repository. Bring open-source policy management and Sonatype component intelligence to Nexus Repository.
IQ Server
The Sonatype IQ Server is an open-source governance and policy management tool that provides compliance metadata to open-source components stored in the Nexus Repository.
Learn how to connect your Nexus Repository to the IQ Server.
Feature Matrix
Integration Features | Requirements |
|---|---|
Repository Firewall Audit and Quarantine | Repository Firewall License |
Component Intelligence | Lifecycle License |
Hosted Repository Analysis | Lifecycle License |
Repository Firewall Audit and Quarantine
Repository Firewall is a solution that prevents components with known risks from entering your software supply chain.
When new components are requested from the public ecosystems:
The Repository Firewall automatically compares every component against a set of organization-defined policies.
Components or dependencies that violate your policies are quarantined for review by your security team.
Limiting the risks that your organization can manage.
Learn more in the Firewall documentation.
Component Intelligence
The component info view uses Lifecycle Component Intelligence to display a component's available versions from the public ecosystems and associated risks aligning with your governance policies.
It highlights the available component information for a particular version and displays the specific version numbers at the bottom of the graphic.
Additionally, the view shows details for that version of the component in the right-hand list of properties.
Learn more in the Sonatype Lifecycle documentation
Hosted Repository Analysis
Hosted repository analysis provides a way to analyze your built applications without modifying the build systems.
Using hosted repository analysis, security teams can measure and mitigate risks in an artifact staging workflow before promoting artifacts to production repositories.
Learn more in the Hosted Repository Analysis documentation
Nexus Repository for Maven Plugin
Use the Nexus Repository for Maven plugin for staging packages.
See the Nexus Repository Maven Plugin documentation.
Nexus Platform Plugin for Jenkins
A Jenkins plugin that integrates via Jenkins Pipeline or Project steps with Nexus Repository and Sonatype Lifecycle.
See Nexus Platform Plugin for Jenkins documentation.