Need advice about which tool to choose?Ask the StackShare community!
GitHub vs Sonatype Nexus: What are the differences?
GitHub and Sonatype Nexus are two commonly used tools in the field of software development and version control. While GitHub is primarily focused on hosting and sharing code repositories, Sonatype Nexus serves as a repository manager for storing and distributing various types of dependencies. Here are the key differences between these two platforms.
Hosting Code Repositories: One of the key differences between GitHub and Sonatype Nexus is their primary purpose. GitHub is primarily designed as a code hosting platform, allowing developers to store, share, and collaborate on software projects using Git version control. On the other hand, Sonatype Nexus is a repository manager that focuses on managing and distributing reusable software components and dependencies.
Support for Different Package Types: While GitHub focuses on hosting code repositories, it primarily supports source code and related files. In contrast, Sonatype Nexus has the capability to host and manage different types of packages or artifacts, including binaries, Docker images, and build artifacts in addition to code repositories. This makes Nexus a more versatile tool for managing a wide range of dependencies in a software development lifecycle.
Access Control and Permissions: GitHub provides robust access control features to enable granular permissions and collaboration within a repository. It supports role-based access control, allowing administrators to define fine-grained access rights for different users or teams. Sonatype Nexus, on the other hand, provides more sophisticated access control mechanisms, allowing administrators to set up a hierarchy of repositories with different access privileges and roles for users. This makes Nexus more suitable for enterprise-level software development teams with complex access control requirements.
Dependency Management: Sonatype Nexus has built-in dependency management capabilities, allowing developers to manage and track dependencies between components. It provides a comprehensive view of dependencies, including transitive dependencies, and offers tools for identifying and resolving conflicts or vulnerabilities in the dependencies. GitHub does not have built-in dependency management features, although it can integrate with external dependency management tools like Maven or Gradle.
Public vs. Private Repositories: GitHub offers both public and private repositories. Public repositories allow anyone to view and clone the code, while private repositories require permission to access. Sonatype Nexus, however, is designed for private repositories. It allows organizations to store and distribute their dependencies securely within their own infrastructure, ensuring greater control and confidentiality.
Integration with Continuous Integration/Delivery: Both GitHub and Sonatype Nexus can integrate with popular continuous integration and delivery (CI/CD) tools to enable automation in the software development process. However, the level of integration and support may vary between the two platforms. GitHub has native integration with tools like GitHub Actions, making it easy to set up and automate workflows. Sonatype Nexus also supports CI/CD integration but may require additional configuration and setup to integrate with specific tools.
In summary, GitHub is primarily a code hosting platform, focused on hosting code repositories and facilitating collaboration, while Sonatype Nexus serves as a repository manager for managing and distributing various types of dependencies. Nexus is more versatile in terms of supporting different package types, providing more sophisticated access control mechanisms, and offering built-in dependency management capabilities. On the other hand, GitHub provides a user-friendly interface, supports public and private repositories, and has seamless integration with CI/CD tools.
Do you review your Pull/Merge Request before assigning Reviewers?
If you work in a team opening a Pull Request (or Merge Request) looks appropriate. However, have you ever thought about opening a Pull/Merge Request when working by yourself? Here's a checklist of things you can review in your own:
- Pick the correct target branch
- Make Drafts explicit
- Name things properly
- Ask help for tools
- Remove the noise
- Fetch necessary data
- Understand Mergeability
- Pass the message
- Add screenshots
- Be found in the future
- Comment inline in your changes
Read the blog post for more detailed explanation for each item :D
What else do you review before asking for code review?
Using an inclusive language is crucial for fostering a diverse culture. Git has changed the naming conventions to be more language-inclusive, and so you should change. Our development tools, like GitHub and GitLab, already supports the change.
SourceLevel deals very nicely with repositories that changed the master branch to a more appropriate word. Besides, you can use the grep linter the look for exclusive terms contained in the source code.
As the inclusive language gap may happen in other aspects of our lives, have you already thought about them?
One of the magic tricks git performs is the ability to rewrite log history. You can do it in many ways, but git rebase -i
is the one I most use. With this command, It’s possible to switch commits order, remove a commit, squash two or more commits, or edit, for instance.
It’s particularly useful to run it before opening a pull request. It allows developers to “clean up” the mess and organize commits before submitting to review. If you follow the practice 3 and 4, then the list of commits should look very similar to a task list. It should reveal the rationale you had, telling the story of how you end up with that final code.
Out of most of the VCS solutions out there, we found Gitlab was the most feature complete with a free community edition. Their DevSecops offering is also a very robust solution. Gitlab CI/CD was quite easy to setup and the direct integration with your VCS + CI/CD is also a bonus. Out of the box integration with major cloud providers, alerting through instant messages etc. are all extremely convenient. We push our CI/CD updates to MS Teams.
Gitlab as A LOT of features that GitHub and Azure DevOps are missing. Even if both GH and Azure are backed by Microsoft, GitLab being open source has a faster upgrade rate and the hosted by gitlab.com solution seems more appealing than anything else! Quick win: the UI is way better and the Pipeline is way easier to setup on GitLab!
At DeployPlace we use self-hosted GitLab, we have chosen GitLab as most of us are familiar with it. We are happy with all features GitLab provides, I can’t imagine our life without integrated GitLab CI. Another important feature for us is integrated code review tool, we use it every day, we use merge requests, code reviews, branching. To be honest, most of us have GitHub accounts as well, we like to contribute in open source, and we want to be a part of the tech community, but lack of solutions from GitHub in the area of CI doesn’t let us chose it for our projects.
Pros of GitHub
- Open source friendly1.8K
- Easy source control1.5K
- Nice UI1.3K
- Great for team collaboration1.1K
- Easy setup867
- Issue tracker504
- Great community487
- Remote team collaboration483
- Great way to share449
- Pull request and features planning442
- Just works147
- Integrated in many tools132
- Free Public Repos122
- Github Gists116
- Github pages113
- Easy to find repos83
- Open source62
- Easy to find projects60
- It's free60
- Network effect56
- Extensive API49
- Organizations43
- Branching42
- Developer Profiles34
- Git Powered Wikis32
- Great for collaboration30
- It's fun24
- Clean interface and good integrations23
- Community SDK involvement22
- Learn from others source code20
- Because: Git16
- It integrates directly with Azure14
- Standard in Open Source collab10
- Newsfeed10
- Fast8
- Beautiful user experience8
- It integrates directly with Hipchat8
- Easy to discover new code libraries7
- Smooth integration6
- Integrations6
- Graphs6
- Nice API6
- It's awesome6
- Cloud SCM6
- Quick Onboarding5
- Remarkable uptime5
- CI Integration5
- Reliable5
- Hands down best online Git service available5
- Version Control4
- Unlimited Public Repos at no cost4
- Simple but powerful4
- Loved by developers4
- Free HTML hosting4
- Uses GIT4
- Security options4
- Easy to use and collaborate with others4
- Easy deployment via SSH3
- Ci3
- IAM3
- Nice to use3
- Easy and efficient maintainance of the projects2
- Beautiful2
- Self Hosted2
- Issues tracker2
- Easy source control and everything is backed up2
- Never dethroned2
- All in one development service2
- Good tools support2
- Free HTML hostings2
- IAM integration2
- Very Easy to Use2
- Easy to use2
- Leads the copycats2
- Free private repos2
- Profound1
- Dasf1
Pros of Sonatype Nexus
Sign up to add or upvote prosMake informed product decisions
Cons of GitHub
- Owned by micrcosoft54
- Expensive for lone developers that want private repos38
- Relatively slow product/feature release cadence15
- API scoping could be better10
- Only 3 collaborators for private repos9
- Limited featureset for issue management4
- Does not have a graph for showing history like git lens3
- GitHub Packages does not support SNAPSHOT versions2
- No multilingual interface1
- Takes a long time to commit1
- Expensive1