I covered some of this in one of my previous blogs where i talked about the systemic challenges here that I've uncovered. The heavy users that I spoke to, 100% of them had a repository manager, some Nexus, others Artifactory. And yet the high levels of consumption still persisted. I discussed some of the reasons for this in the blog link below... but I think this refutes the theory that simply having yet another caching proxy solves the problem. It really doesn't. Additionally as Mike discussed, bandwidth is only part of the challenge. Without the people behind the repositories doing the malware response, the curation of namespaces etc, there wouldn't be anything to proxy anyway.
Sonatype Lifecycle is designed to analyze a built package and figure out what's inside it, specifically when there aren't manifest files to tell you what's -supposed- to be there. It can obviously do a lot more, but the analysis is designed to solve the exact problem you're describing.
Yeah, currently in the process of evaluating Lifecycle, Firewall and Repository. Impression so far is great, and coming from an org where everything is blocked by default having these tools in place is night/day for us...
I covered some of this in one of my previous blogs where i talked about the systemic challenges here that I've uncovered. The heavy users that I spoke to, 100% of them had a repository manager, some Nexus, others Artifactory. And yet the high levels of consumption still persisted. I discussed some of the reasons for this in the blog link below... but I think this refutes the theory that simply having yet another caching proxy solves the problem. It really doesn't. Additionally as Mike discussed, bandwidth is only part of the challenge. Without the people behind the repositories doing the malware response, the curation of namespaces etc, there wouldn't be anything to proxy anyway.
https://www.sonatype.com/blog/free-isnt-free-the-hidden-cost...