Alternate Sources - SonaType Nexus - Artifact Repository/Repository Management for CI/CD

Our goal is to identify a solution that can provide a repository manager that organizes, stores and distributes development artifacts in a DevSecOps environment. The repository should provide a single point of reference for approved application containers and software artifacts for users. The repository will store, integrate with keycloak identity credential and access management (ICAM) and make available to operational organizations for evaluation and operational acceptance that have been through Continuous Integration (CI) and automated Continuous Deployment (CD) pipelines. Thereby, creating a DevSecOps compliant express lane for certification to field (CtF) and deployment of applications.

The following are some of the key characteristics that we are using to meet our organizational objectives. While this list is not exhaustive, it does provide a snapshot of some of the most important requirements for our environment:

1. Ability to store artifacts in AWS S3
2. Create Docker repository mirrors
3. Available as a helm chart / containerized deployment for Kubernetes
4. Supports SAML or OIDC authentication and authorization (Group assertions from the Idp are honored)
5. Role-based access control management (RBAC) for local images
6. Supports the creation and use of apt, docker, raw, maven2, rpm, pypi, npm, conda, go, gitlfs, helm, nuget, r, and yum repositories.
7. Supports the use of api tokens / personal access tokens to retrieve software programmatically
8. Supports the use of subdomain routing, and the use of multiple subdomains for assigning to repositories
9. Support for multiple authentication systems
10. Proxy access to external repositories
11. Ability to record use in auditable logs so that activity can be traced to a single user
12. Optimized for automation