Open Source Registries Are Changing: Here's How Bitrise Keeps Your Builds Running

Maven Central, a key open-source package registry, has begun implementing rate limits for high-volume consumers like CI/CD platforms due to an industry-wide shift towards sustainable infrastructure, as highlighted in a joint statement by theOpenSSF and supported by Maven Central's sponsor, Sonatype. This change led to HTTP 429 errors ("Too Many Requests") experienced by some Bitrise users during Android builds from late April to early May 2026. Bitrise addressed the issue by deploying an in-datacenter repository manager to cache build dependencies, significantly reducing upstream requests and data transfer, which resulted in faster build times. This repository manager automatically activates at the VM level on Bitrise, eliminating rate limit errors and improving performance without requiring user action. The shift in package registries' approach to rate-limited access affects all CI systems, and Bitrise has committed to providing a stable experience by collaborating with Sonatype and investing in infrastructure improvements.