Which integrations are available for this server?

Integrates with Sonatype Nexus Repository Manager for repository management, component operations, system administration, and optional Sonatype Firewall quarantine management.

How do I use Sonatype MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Sonatype MCP Server Search for all versions of com.fasterxml.jackson.core:jackson-core" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Sonatype MCP Server

by brianveltman

Overview Schema Related Servers Score Discussions

TypeScript

Remote

Sonatype MCP Server

A Model Context Protocol (MCP) server for Sonatype Nexus Repository Manager that enables AI assistants to interact with Nexus repositories through a standardized interface.

NPM Downloads

Features

Repository Management: List, view, and manage repositories
Component Operations: Search, retrieve, and manage components
System Administration: Monitor system status, blob stores, and metrics
Security: HTTP Basic Authentication with read-only mode support

Installation

Prerequisites

Node.js 18 or higher
Access to a Nexus Repository Manager instance
Valid Nexus credentials

Using npm

npm install -g @brianveltman/sonatype-mcp

Usage

Claude Desktop Integration

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@brianveltman/sonatype-mcp",
        "--nexus-url", "http://localhost:8081",
        "--nexus-username", "your-username",
        "--nexus-password", "your-password"
      ]
    }
  }
}

With Firewall Quarantine Support

To enable Firewall quarantine tools, add Firewall credentials:

{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@brianveltman/sonatype-mcp",
        "--nexus-url", "http://localhost:8081",
        "--nexus-username", "your-username",
        "--nexus-password", "your-password",
        "--firewall-url", "http://localhost:8070",
        "--firewall-username", "firewall-user",
        "--firewall-password", "firewall-password"
      ]
    }
  }
}

Visual Studio Code Integration

Add to your mcp.json:

{
	"servers": {
		"sonatype-mcp": {
			"command": "npx",
			"args": [
				"-y",
				"@brianveltman/sonatype-mcp",
				"--nexus-url",
				"http://localhost:8081",
				"--nexus-username",
				"your-username",
				"--nexus-password",
				"your-password"
			],
			"type": "stdio"
		}
	},
	"inputs": []
}

With Firewall Support

{
	"servers": {
		"sonatype-mcp": {
			"command": "npx",
			"args": [
				"-y",
				"@brianveltman/sonatype-mcp",
				"--nexus-url",
				"http://localhost:8081",
				"--nexus-username",
				"your-username",
				"--nexus-password",
				"your-password",
				"--firewall-url",
				"http://localhost:8070",
				"--firewall-username",
				"firewall-user",
				"--firewall-password",
				"firewall-password"
			],
			"type": "stdio"
		}
	},
	"inputs": []
}

Available Tools

Repository Management

nexus_list_repositories - List all repositories with filtering
nexus_get_repository - Get repository details
nexus_create_repository - Create proxy, hosted, or group repositories (write mode)
nexus_update_repository - Update repository configuration (write mode)
nexus_delete_repository - Delete repositories (write mode)

Component Management

nexus_search_components - Search components across repositories
nexus_get_component - Get component details
nexus_delete_component - Delete components (write mode)
nexus_get_component_versions - List all versions of a component
nexus_upload_component - Upload components with assets to repositories (write mode)

Asset Management

nexus_upload_asset - Upload individual assets to raw repositories (write mode)

System Administration

nexus_get_system_status - Get system health status
nexus_list_blob_stores - List blob store configurations
nexus_list_tasks - List scheduled tasks
nexus_get_usage_metrics - Get usage metrics including total components and daily request counts (requires nexus:metrics:read privilege)
nexus_generate_support_zip - Generate and optionally save a support zip file containing diagnostic information for troubleshooting

Firewall Quarantine (Optional)

firewall_get_quarantined_components - Retrieve components quarantined by Sonatype Firewall policies (requires Firewall credentials)
firewall_release_from_quarantine - Release components from Firewall quarantine by waiving policy violations (write mode, requires Firewall credentials)

Usage Examples

Common Prompts for AI Assistants

Once you have the MCP server configured, you can use natural language prompts with your AI assistant:

Repository Management

"List all Maven repositories"
"Show me details about the npm-public repository"
"Create a new hosted Maven repository called 'internal-releases'"
"What repositories do we have for Docker images?"

Component Search and Analysis

"Search for all versions of the Spring Boot starter components"
"Find all components in the maven-central repository that contain 'jackson'"
"Show me all versions of com.fasterxml.jackson.core:jackson-core"
"What's the latest version of lodash in our npm repository?"

System Monitoring

"Check the system health status"
"Show me the current usage metrics for our Nexus instance"
"List all blob stores and their sizes"
"What scheduled tasks are currently running?"
"Generate a support zip file for troubleshooting"
"Create a support zip with system info and logs, save it to the raw repository"

Security and Compliance

"Search for components with known vulnerabilities"
"Find all snapshot versions in our release repositories"
"Show me components uploaded in the last 24 hours"
"Show me all components quarantined by Firewall policies"
"Check if any components containing 'log4j' are quarantined"
"Release quarantine ID 'abc123' with a comment explaining the business justification"

Advanced Use Cases

Dependency Analysis

"Search for all components that depend on log4j and show me their versions. 
Then check if any of them are using vulnerable versions."

Repository Cleanup

"Find all snapshot artifacts older than 30 days in the maven-snapshots repository 
and prepare a list for cleanup."

Release Management

"Check if version 2.1.0 of our internal library 'com.company:core-utils' 
exists in the releases repository, and if not, help me upload it."

Storage Management

"Show me which blob stores are consuming the most space and identify 
the largest components in each repository."

Troubleshooting and Support

"Generate a comprehensive support zip file including system information, 
thread dumps, metrics, and log files, but exclude security information 
for sharing with external support."

Firewall Quarantine Management

"Check all repositories for quarantined components, identify which policy 
violations are causing the most quarantines, and provide a summary report 
with recommendations for policy adjustments."

Interactive Workflows

The MCP server enables complex, multi-step workflows:

Component Discovery: Start by searching for components
Detailed Analysis: Get specific component details
Repository Operations: Create, update, or manage repositories
Upload Management: Upload new versions or assets
Monitoring: Check system health and usage metrics

Example Conversation Flow

You: "What Maven repositories do we have?"
AI: [Lists repositories using nexus_list_repositories]

You: "Show me the largest components in maven-releases"
AI: [Searches components and shows results with sizes]

You: "Upload version 1.2.0 of com.example:my-app to maven-releases"
AI: [Uses nexus_upload_component to upload the specified version]

You: "Check if the upload was successful"
AI: [Searches for the component to verify upload]

Troubleshooting Examples

Permission Issues

If you encounter permission errors:

"Check the system status to see if I have the required permissions"
"List the repositories I have access to"
"Show me what admin tasks are available"

Component Not Found

When searching doesn't return expected results:

"Search for 'spring' in all repositories, not just maven-central"
"Check if the component name has special characters or different casing"
"List all components in the repository to see what's actually there"

Upload Issues

For upload problems:

"Verify the repository format supports the type of component I'm trying to upload"
"Check if the repository is in read-only mode"
"Show me the repository configuration for upload settings"

Best Practices

Efficient Searching

Use specific search terms to reduce result sets
Filter by repository when you know the target location
Combine multiple search criteria for precise results

Repository Management

Always check repository details before making changes
Use descriptive names for new repositories
Verify blob store configuration before creating repositories

Monitoring and Maintenance

Regularly check system health status
Monitor usage metrics to understand growth patterns
Review scheduled tasks for maintenance operations

Integration Examples

CI/CD Pipeline Integration

"After our build completes, check if the new artifact version already exists 
in the releases repository. If not, upload it and verify the upload succeeded."

Dependency Auditing

"Generate a report of all third-party dependencies in our maven-central proxy, 
grouped by organization, and highlight any with recent security advisories."

Storage Optimization

"Identify duplicate artifacts across repositories and suggest consolidation 
opportunities to optimize storage usage."

Development

Building from Source

git clone https://github.com/brianveltman/sonatype-mcp.git
cd sonatype-mcp
yarn install
yarn build

Running in Development

yarn dev

Running Tests

yarn test

Security

Uses HTTP Basic Authentication
Supports read-only mode for enhanced security
Input validation on all parameters
Comprehensive error handling

Contributing

Fork the repository
Create a feature branch
Make your changes
Add tests if applicable
Submit a pull request

Example how to use the source with Claude

{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "node",
      "args": [
        "/path-to/mcp-sonatype/build/index.js",
        "--nexus-url",
        "http://localhost:8081",
        "--nexus-username",
        "your-username",
        "--nexus-password",
        "your-password"
      ]
    }
  }
}

License

MIT License - see LICENSE file for details

Support

For issues and questions:

GitHub Issues: https://github.com/brianveltman/sonatype-mcp/issues

References

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Resources

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/brianveltman/sonatype-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server