Sold by: Carahsoft Technology Corporation
Deployed on AWS
Build fast with the world's leading artifact repository manager.
4.4
Overview
Sonatype [Private Offer] combines the benefits of the Private Offer feature along with Carahsoft's contract vehicles in providing customers a seamless acquisition process for their cloud-based products and solutions from AWS Marketplace.
Built by the founders and stewards of Maven Central, Sonatype Nexus Repository is the repository manager of choice for a centralized, scalable, and secure solution at the heart of your delivery pipelines. Nexus Repository empowers software development teams to manage components, binaries, and build artifacts across their entire software supply chain. Scale your artifact repository manager for efficiency. Build quickly and reliably. Publish and cache components in a central repository that connects natively to all popular package managers. DevOps with ease. Control the lifecycle of staged builds and custom metadata directly from your CI/CD server. Scale without worry. Handle global workloads with dynamic storage, cleanup policies, and multi-node resiliency. Tighten open source risk management. Keep developers productive and help them use the highest quality open source available and keep intentionally malicious components away with our open source risk management tool. Flexible Security. Control access to your components with single sign-on (SSO), role-based access controls, and full auditability. Assess Open Source Risk. Centralize your consumption of open source to gain insight into the risk in your software supply chain. Identify Intentionally Malicious Components. Add Sonatype Repository Firewall to stop OSS risk from entering your SDLC using next-generation behavioral analysis and automated policy enforcement.
This listing is for Private Offers ONLY. Please reach out for more details. Thank you.
Highlights
- Support up to 18 package formats in a single deployment.
- "If we want to know what production looks like, we should be able to look at our repository and know - from an infrastructure stack, from a library stack, from an application stack - exactly what is being deployed in production at any given time." - Bryson Koehler, EVP & CTO, Equifax.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
AWS Sonatype Nexus Repository (Self-Hosted) | AWS Hosted Sonatype Nexus Repository (Self-Hosted) | $125,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Please contact your assigned Sonatype customer support representative for support.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
This product includes Nexus Repository® OSS an open-source repository that provides software development teams and IT operations a single place to store software artifacts.
Build fast with the world's leading artifact repository manager.
Build fast with the world's leading artifact repository manager.
Designed to continuously monitor for problems at every stage of the software development lifecycle.
Block malicious open source at the door, before entering your devops pipeline
For the more than 90% of companies that rely on open source software (OSS), Sonatype secures the software supply chain. We do this in a way that accelerates digital innovation without sacrificing security or quality across the software supply chain. It is the only automated malware and vulnerability detection solution that will keep your repositories secure, reduce security rework for your developers, and accelerate your time to market. Get started today with Sonatype Lifecycle and Sonatype Repository Firewall.
Customer reviews
Daniele Palumbo
Granular access and geo-disaster recovery have simplified managing internal repositories
Reviewed on Mar 13, 2026
Review provided by PeerSpot
What is our primary use case?
We use Sonatype Nexus Repository for our internal repository, for image caching, registry caching, and our custom registry. Sonatype Nexus Repository 's repository function is definitely the most valuable feature I have found.
I did not test it extensively versus other options, but I can tell you that Sonatype Nexus Repository works in a stable manner. It allows us to have geographical disaster recovery, which was one feature that we needed.
We are using Sonatype Nexus Repository's granular access controls, and we needed to use them because we have several teams. Therefore, it is essential for us, and it is one of the features that we are using by design.
It is a requirement for managing Maven, npm , or Docker , so without it, we cannot do it. You need to have a product—this one or another—you need to have one.
What is most valuable?
Sonatype Nexus Repository's repository function is definitely the most valuable feature I have found.
I did not test it extensively versus other options, but I can tell you that Sonatype Nexus Repository works in a stable manner. It allows us to have geographical disaster recovery, which was one feature that we needed.
We are using Sonatype Nexus Repository's granular access controls, and we needed to use them because we have several teams. Therefore, it is essential for us, and it is one of the features that we are using by design.
What needs improvement?
I think what can be eventually improved is to introduce as a standard the additional security features that Sonatype Nexus Repository offers, which are basically plugins for the repository itself.
For how long have I used the solution?
I have been using Sonatype Nexus Repository for 10 years.
What do I think about the stability of the solution?
I rate how stable and reliable Sonatype Nexus Repository is at a 10. We have had zero issues since we installed it, so it is wonderful.
We have had zero issues with Sonatype Nexus Repository, so I do not see any reason for it not to receive a 10 based on my entire experience with it.
What do I think about the scalability of the solution?
I rate how scalable Sonatype Nexus Repository is at a 10 out of 10.
How are customer service and support?
I often communicate with Sonatype's technical support and customer service. They are very good. I was mainly in touch with the pre-sales team, but they were always able to adjust to the needs that we had. They are absolutely excellent.
Which solution did I use previously and why did I switch?
We used Sonatype Nexus Repository in the open-source version, which had some limitations.
How was the initial setup?
I participated in the initial setup process of Sonatype Nexus Repository. It was very smooth because the pre-sales team of Sonatype did a very nice job, so it was easy to implement.
What about the implementation team?
I used help from the vendor.
What was our ROI?
I would say that considering the environment and everything, for one person, I managed to save approximately one hour a month with Sonatype Nexus Repository. However, you need to scale this for the number of people that you have in the company. The bigger your organization is, the more benefit you get.
What's my experience with pricing, setup cost, and licensing?
It is an adequate price for the features that you get.
Which other solutions did I evaluate?
We did not use the repository health check feature.
What other advice do I have?
I have been working with Sonatype Nexus Repository since 2020, and I have continued working with it since 2022. Moving to the pro version of Sonatype Nexus Repository reduced our time to accomplish what we needed to some extent. My main focus is on the Geo-DR part because it is complex and not commonly offered. Most products handle it using external infrastructure, but Sonatype does not. It is self-contained and really helpful in order to move us to where we need to be.
Ibrahim Routine
Centralized artifacts have unified our builds and now streamline onboarding and role-based access
Reviewed on Mar 07, 2026
Review from a verified AWS customer
What is our primary use case?
Our main use case for Sonatype Nexus Repository is managing artifacts and having them in a central repository that is accessible for all our software engineers on the team. In our day-to-day activities, we use Sonatype Nexus Repository for managing artifacts, and it gives us a centralized repository instead of pulling from public Maven NPM registries every time. Our organization has internal libraries hosted on Sonatype, so software engineers pull these libraries from Sonatype Nexus Repository, which solves the problem of engineers pulling libraries from Maven almost all the time.
What is most valuable?
One of the features I love about Sonatype Nexus Repository is storing the company's internal artifacts along with version management and release/snapshot separation, where we have separation between release files and snapshot files. There is access control for internal and external artifacts, and combining multiple repositories into one logical endpoint is something I appreciate about Sonatype, along with how Sonatype Nexus Repository handles large artifact stores and disk space optimization.
Role-based access in Sonatype Nexus Repository allows us to control who can read, write, or deploy artifacts. Developers can read artifacts and deploy snapshots, while CI/CD systems have specific credentials for automated deploys, and administrators have full access for maintenance. Contractors and interns have limited read-only access if needed, which helps prevent unauthorized changes, as only authorized people can push production releases. Sonatype Nexus Repository logs who deployed what and when, which is crucial for compliance.
In our team, the development team can push snapshots and pull any artifact for development. The release manager can promote snapshots to releases, and the CI/CD pipeline setup has a special service account with limited permissions to only pull artifacts. New interns have read-only access until they are fully onboarded, and external partners can only access specific repositories that we share.
Before using Sonatype Nexus Repository, developers waited for Maven Central downloads on every build, leading to inconsistent build times depending on internet speed. Builds failed if Maven Central was down or slow, and working offline was almost impossible. When we started using Sonatype Nexus Repository, build times improved by 30 to 40 percent through artifact caching with consistent, predictable build performance. Offline builds became very easy for us because we have cached artifacts locally, which increased team productivity immediately, saving approximately 50 to 150 minutes of developer time daily. This recovery of hundreds of hours allows developers to focus on actual development work instead of waiting for downloads.
Before Sonatype Nexus Repository, different developers had different versions of the same library, leading to the "it works on my machine" syndrome that caused frustrated troubleshooting. With Sonatype Nexus Repository, we now have a single source of truth for all artifacts, ensuring all developers use identical versions and enabling reproducible builds across all machines. This speeds up debugging and reduces versioning inconsistencies, allowing the team to trust that if it works for one person, it works for everyone.
Onboarding also improved significantly, as new developers previously spent hours configuring Maven settings and understanding multiple repository URLs, leading to mistakes in setup and blocked starts. After implementing Sonatype Nexus Repository, new team members are productive in minutes due to a single repository URL to configure in the settings.xml files and documented, foolproof setup. This frees senior developers for actual mentoring and reduces ramp-up time for contractors and interns.
Sonatype Nexus Repository also provided cost optimization since it eliminated the need for local repository caches on each developer's machine, centralizing storage and reducing overall storage by 70 percent, resulting in lower bandwidth usage through shared caching.
What needs improvement?
In terms of improvement for Sonatype Nexus Repository, the user interface and user experience need attention, as navigation can be confusing for someone who is just starting out. I suggest implementing a search command palette similar to VS Code's, perhaps with functionality similar to Ctrl+K, or modernizing the UI with contemporary design patterns. Introducing dark mode options would also be beneficial.
Regarding performance, bulk operations can be slow, and deleting a thousand or more old artifacts takes a very long time, making the system sluggish during cleanup. There is no way to perform background deletion and cleanup policies cannot be optimally scheduled. I suggest the team implement asynchronous bulk delete operations that can happen behind the scenes, improving background job processing. This ensures cleanup operations do not block normal artifact access, as well as providing granular scheduling for maintenance tasks and progress tracking for long operations.
For how long have I used the solution?
I have been using Sonatype Nexus Repository for almost two to three years.
How was the initial setup?
On my team, we actually have Sonatype Nexus Repository installed on all engineers' computers locally, and one of the issues we have with that is the initial setup complexity, leading to disk space management issues whenever we onboard a new engineer into the team. Because of these problems, we have to look for a way to solve this problem, which is actually moving from local to remote server deployment, enhancing team collaboration and shared repository, eliminating redundancy with no duplicates on multiple machines, simplifying dependency management across the team, and having a single source of truth for all of our artifacts, resulting in consistent builds across members, reduced bandwidth, easier onboarding of new team members, and better security.
I recall a day when a developer was onboarded, and I had to help with setup. The new engineer needed to configure Maven, open the M2 settings, the M2 folder, the settings.xml files, add repository URLs, authentication credentials, and all of that. In the afternoon when he tried his first build, it failed due to artifact not found, leading him to run back to me in frustration. Eventually, we discovered he was using the wrong repository order in the settings.xml, making me spend another 30 minutes debugging. At the end of the day, after finally getting this new developer's build working, he expressed that the setup was confusing with multiple URLs to remember, making him feel an unease about whether he was doing something wrong, causing frustration.
After improving the onboarding process by moving to Sonatype Nexus Repository, the setup became much smoother and this new developer stated that setup was super simple, requiring just one URL and one command to get everything working, making him productive within the first hour, which was way better than expected.
What other advice do I have?
For others looking into using Sonatype Nexus Repository, I would advise considering how it can streamline their development processes.
Thien Phan
Stores artifacts reliably with secure access and detailed file auditing
Reviewed on Aug 26, 2025
Review from a verified AWS customer
What is our primary use case?
I am using the Sonatype Nexus Repository and it's working well with the corporation. I have not purchased the Sonatype Nexus Repository license. Currently, I'm using the free open-source version because its functionality fits the corporation's needs. We do not need to buy for now, but we will purchase it in the future.
I'm using the Sonatype Nexus Repository to store the artifact files, specifically the build files from my company. The project builds into many binary files and images, so I store all of that on Sonatype Nexus Repository. We have retention days for all artifacts. Whenever the server needs to get the binary file, it requests it from the Sonatype Nexus Repository and takes the correct file for deployment. Instead of ECR, AWS has something called ECR and some other services to store binary files, but the Sonatype Nexus Repository open-source is sufficient without any cost.
The Sonatype Nexus Repository is running on AWS Cloud, on EKS as a service. The current functions fit our corporation, and we're presently using it free without the need for a license. However, we plan to buy a license in the future.
What is most valuable?
I integrate the Sonatype Nexus Repository with AWS. The Sonatype Nexus Repository offers detailed file information such as SHA and checksum, which is useful for auditing and ensuring file consistency against unauthorized changes.
Hosting, proxying, and grouping repositories in Sonatype Nexus Repository have no impact on development process time and are perceived as very fast. It simplifies version management by storing a consistent library version, avoiding conflicts.
User policies and granular access control, though not integrated with LDAP or Azure Entra, work well for specific action configurations.
What needs improvement?
We want to change the AWS credentials into an assume role instead of a fixed credential for authentication, but Sonatype Nexus Repository does not support this feature yet. This is a point of exploration for us.
We installed the Sonatype Nexus Repository using an open-source Helm chart but need to test it for credential-less AWS integration. We may seek support in the future.
One of the challenging aspects of the Sonatype Nexus Repository is understanding its procedures, as job scheduling is not fully explained in documentation and logs are cumbersome and unhelpful for issues such as troubleshooting push file errors.
For how long have I used the solution?
We have been using the Sonatype Nexus Repository for nine months.
What was my experience with deployment of the solution?
The setup was done using the Helm chart from Sonatype Nexus Repository. The setup itself is easy but configuring background jobs is difficult since they run at specific times and impact performance but cannot be tested easily.
What do I think about the stability of the solution?
We have been using the Sonatype Nexus Repository for nine months and it has not experienced any downtime or errors, which makes it a reliable solution for our needs.
What do I think about the scalability of the solution?
Because we are using the open-source Sonatype Nexus Repository, it is limited to a fixed zone or region. It cannot be changed to support multi-region or multi-zone deployment. Currently, it does not provide high availability.
Which solution did I use previously and why did I switch?
Before using the Sonatype Nexus Repository, we used Harbor to store image files. For artifacts and binary files, we stored them on GitLab . After implementing the Sonatype Nexus Repository, our process became simpler and easier to understand, making it a better solution.
How was the initial setup?
I performed the initial setup and deployment for the Sonatype Nexus Repository using the Helm chart. The setup process required reading extensive documentation about policies, users, storage configuration, credentials, login procedures, and metrics. These aspects were straightforward, but the background job setup was more challenging as we had to wait several days to observe the actions from the background jobs.
Which other solutions did I evaluate?
We evaluated several solutions including JFrog, ECR from AWS, and Black Duck . However, these options were too complicated and offered more functionality than we needed. The Sonatype Nexus Repository aligned with our vision, so we chose it after testing all alternatives.
What other advice do I have?
I am a customer and end user of Sonatype Nexus Repository. We will examine the code more thoroughly and need to test it first. Since we installed the Sonatype Nexus Repository using an open-source Helm chart, we need to test its integration with AWS without credentials before potentially contacting support.
Our team pushes libraries to the Sonatype Nexus Repository to store them with fixed versions. Before using Sonatype Nexus Repository, we pulled from external sources, which sometimes caused issues with library versions changing and breaking code.
One of the notable features of Sonatype Nexus Repository is the detailed file information provided for stored files, including SHA and checksums.
I rate the Sonatype Nexus Repository 9.5 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
CuneytGurses
A stable solution that provides a central platform for storing build artifacts, saving us significant maintenance and hardware costs.
Reviewed on Nov 09, 2023
Review provided by PeerSpot
What is our primary use case?
Our primary tool is Sonatype Nexus Repository Manager. We use it for NPM, Maven, and Docker repositories. Additionally, we utilize Nexus Firewall for repository governance. Looking ahead, I'm considering implementing Nexus Repository Manager 3 as an alternative. This would help us manage packages from Nexus IQ Server and support various package formats such as NPM, Maven, and Docker.
We rely on Sonatype Nexus Repository Manager as our main tool, employing it for NPM, Maven, and Docker repositories. In addition, Nexus Firewall plays a crucial role in our repository governance. As we plan for the future, I'm exploring the option of incorporating Nexus Repository Manager 3. This move would enhance our ability to manage packages from Nexus IQ Server and cater to different package formats like NPM, Maven, and Docker.
What is most valuable?
Primarily, the extensive support for a wide range of packages is a crucial factor. The effectiveness of new-age package managers is often determined by the breadth of packages they can handle. In this regard, Nexus Repository Manager 3 stands out for its comprehensive coverage, accommodating a vast array of packages widely utilized across the globe. This inclusivity enables easy access to a diverse range of packages, making it a pivotal aspect of its functionality.
What needs improvement?
Particularly concerning OSF-type licenses, while they support a multitude of features, there's room for improvement in the single point transform, especially for grouping. It appears that currently, the grouping functionality is not robust, particularly for Docker images within a group. The support for this aspect seems to be contingent on the license type. For instance, with the Voss license type, there is a noticeable absence of support for this feature. This is an area that could benefit from enhancement in the upcoming updates.
For how long have I used the solution?
I have been using Sonatype Nexus Repository for five months.
What do I think about the stability of the solution?
I am, personally, quite satisfied with the stability and would rate it 8 out of 10.
What do I think about the scalability of the solution?
I would rate the scalability of this solution a four out of ten. The reason being, it's not very scalable, and significant efforts are required to enhance scalability. There are noticeable limitations that need to be addressed for smoother scalability.Currently, there are approximately forty-eight users working with Nexus Repository in our company. As for future plans, I don't foresee a significant increase in the usage of Nexus Repository.
How are customer service and support?
While it's true that there is no explicit support for various license types, the summer type seems to be highly favored and encouraged among users. It holds a prominent position, perhaps earning a rating of seven for its effectiveness and user adoption.
How was the initial setup?
It is easy and I would rate it 8 out of 10.The entire deployment process, including installation, manual testing, and all implementation phases, typically takes around one week but only one person is usually sufficient to handle the entire deployment efficiently.
What other advice do I have?
I can confidently recommend this solution. The main reason is its stability. In comparison to other competitors, especially when I consider alternatives like Project X, Nexus stands out as a stable and reliable choice. This reliability is a key factor that makes me feel comfortable recommending it to other users. Based on its performance, I would rate it 8 out of 10.
Bernard Parinas
Easy-to-scale product with a valuable scanning feature
Reviewed on Nov 06, 2023
Review provided by PeerSpot
What is our primary use case?
We use Sonatype Nexus Repository as a proxy for external packages for internet users. It also helps us manage internal packages and works as a repository for container images.
How has it helped my organization?
The product helped our organization improve runtime efficiency. We do not have to connect third-party vendors while building external packages or storing container-approved images. It allows end-to-end life cycle accessibility.
What is most valuable?
Sonatype Nexus Repository has a valuable internal scanner feature. It automatically scans external artifacts, such as Fortify SAST, before storing them in the repository.
What needs improvement?
There could be more add-on features for the product. They should provide automation for adding container images and artifacts in compliance with security requirements.
For how long have I used the solution?
We have been using Sonatype Nexus Repository for one year.
What do I think about the stability of the solution?
I rate the product's stability a seven out of ten. Sometimes, there are challenges in mitigating intermittent incidents. There might be factors such as network issues impacting communication.
What do I think about the scalability of the solution?
We have 20,000 to 40,000 end users for the product. It is easy to scale. I rate its scalability an eight out of ten. We use it 24/7.
How are customer service and support?
The technical support team takes time to respond and depends on the nature of the request. We have to keep contacting them. However, the process to create tickets is simple.
Which solution did I use previously and why did I switch?
I have worked on POCs for different products.
How was the initial setup?
The initial setup is simple if you have access to container images. It is a seamless process for upgrading as well. Everything is well documented on the vendor’s official site. They form regular maintenance to comply with organizational requirements. They have a good maintenance process for updating and addressing issues. We have a team of 100 executives working on the current project to maintain components.
What's my experience with pricing, setup cost, and licensing?
I use the open-source version of the product, which is free of cost.
What other advice do I have?
I rate Sonatype Nexus Repository an eight out of ten. I advise others to update the business continuity plan for components regularly, i.e., semi-annually or quarterly. Use container images for the next migration or maintenance update. They should secure the user interface. Additionally, they should ensure a good storage process and plan a retention policy for all attacks.