Recent surveys reveal that over half of code in many organizations is now generated by AI, often deployed without review, raising significant supply‑chain security risks; developers express concern that AI amplifies malicious software threats, while current trust models and tooling lag behind the rapid adoption.
This article details the evolution of Vivo's CICD artifact management across four stages, explains its core functions such as multi‑type support, unified storage, promotion, security scanning, aging, and permission control, and outlines future directions toward smarter, more integrated, and secure DevOps operations.
vivo’s CICD artifact management has evolved from manual builds to a comprehensive Platform Management 2.0 that provides unified storage, multi‑type support, version control, promotion, security scanning, lifecycle policies, and fine‑grained access, dramatically reducing errors and operational costs.
This article outlines how our team overhauled the CI/CD pipeline, migrated from Jenkins to GitLab CI, introduced Kubernetes‑based execution, automated branch management via Jira integration, restructured artifact storage with JFrog, and built an in‑house SCA solution, all to boost development efficiency, reduce manual errors, and secure software delivery.
Effective artifact management and comprehensive version control are essential for CI/CD pipelines, ensuring that all source code, build scripts, configuration files, test data, database schemas, and infrastructure definitions are tracked, auditable, and reproducible across any environment.
The article explains how to keep CI/CD pipelines reliable by using a single, identical artifact—such as a package, binary, or Docker image—across all environments, recommends externalizing configuration at runtime, and warns against the common trap of mismatched artifacts that cause deployment failures.
This article introduces the Nexus Repository Manager, explains its role in modern software development pipelines, outlines its core features such as multi‑language package support, proxy caching, private repositories, blob storage, API access via Swagger, and describes its Java‑based architecture and extensible plugin system.
This guide explains Nexus repository types—Hosted, Proxy, and Group—and provides step‑by‑step instructions with screenshots for adding a JBoss public proxy repository to Nexus so Maven can retrieve JBoss artifacts efficiently.
