This article is provided for informational purposes and is not intended as a legal document.
Your legal agreement with Sonatype has precedence.
If you have additional questions please send an email to firstname.lastname@example.org.
Q. What is the Sonatype Nexus server product license model?
A. Nexus server products are licensed by aggregate user count per product and organization, not concurrent users or the number of server instances.
Q. What defines a licensed product "user"?
A. "User" means each individual (including all employees, Contractors, and subcontractors of Company, Company’s Affiliates and Contractors) who: (A) produces, consumes, or evaluates one or more software artifacts that is/are stored in or scanned, analyzed or otherwise evaluated by the Product, and/or (B) evaluates or in any way uses any Reports generated by the Products.
Example: Given a licensed organization has project team A and B. When there are 20 developers on team A, 20 developers on team B and 10 more Developers that work on both teams, a minimum product license for 50 users is required.
Analogous terms you may see for "User" are "Licensed Users", "Licensed Developers", "Contributing Developer".
Consult your specific legal agreement with Sonatype if in doubt or send an email to email@example.com .
Q. Where is the public end user license agreement for Sonatype products?
A. Sonatype End User License Agreement is at https://www.sonatype.com/usage/master-eula.
Q. I want to set up a test Nexus instance. Do the number of licensed users apply to this test instance.
Q. Does a user token for the same physical user as a username identifier equate to a single licensed user?
A. Yes. We treat these as multiple ids for the same licensed user.
Q. Does anonymous access to Nexus count as one user, or as many users that may be accessing Nexus anonymously?
A. If you are exposing your Nexus instances publicly (outside your organization), then the anonymous access originating from the public counts as one user. If the anonymous access is within your organization, then each individual user as defined by the license agreement applies, despite the access not requiring a login.
Q. How can I verify if I am in compliance with the number of licensed users?
A. There is no one size fits all way to count users due to the often complex network setups at many organizations.
If a server product is connected to an external user directory ( LDAP, SAML, etc. ) then tools designed specifically for that external tool could be used to count users who have access to Sonatype server products.
Another approach is to examine Sonatype server product request.log files. The IP address and user ID associated with each inbound request will be in columns 1 and 3 respectively. Anonymous users are represented by a dash "-" in the user id column. A user-agent header value may also be present.
In Nexus Repository Manager versions before 3.17.0, you can access the "System -> Licensing -> Recent Connections" UI. You will then have access to a report of all the unique IP addresses accessing nexus within the last 7 days. This information is intended as an approximation tool only and should not be the only method you use to determine license compliance.
As of Nexus Repository Manager 3.17.0, the Recent Connections feature was removed (link only accessible by registered support contacts ) primarily for performance reasons and lack of accuracy across unique installations.
In Nexus Repository Manager 2, a similar ability exists to roughly approximate access by unique users in the last 7 days under Administration -> Licensing -> Active Users Report . This information is intended as an approximation tool only and should not be the only method you use to determine license compliance.