Maven Central is the large public repository of Java and JVM artifacts that most Java builds depend on. Sonatype, which operates it, describes it as “the default repository for Apache Maven, SBT and other build systems.” When a developer adds a library to a Maven or Gradle build without specifying where to get it, the tool looks in Maven Central by default.
The repository grew up alongside Apache Maven. Maven’s own documentation frames the Central Repository as the place that both provides “dependencies for their own builds” to consumers and accepts “releases to be added to the central repository” from publishers, including releases from non-Maven projects. This dual role made it the de facto home for open-source JVM libraries.
Each artifact in Maven Central is identified by coordinates: a group ID, an artifact ID, and a version. A build tool turns a coordinate into a path on the repository, downloads the corresponding JAR (and its accompanying metadata that lists its own dependencies), and repeats the process for everything that artifact transitively requires. This naming scheme is what lets a short dependency declaration resolve to an exact, repeatable set of files.
Over its lifetime the repository has tightened its security posture. Maven’s documentation records that it discontinued support for older TLS versions on June 15th, 2018, and stopped serving content over plain HTTP on January 15th, 2020, requiring HTTPS thereafter. These changes reflect Maven Central’s role as critical infrastructure: because so many builds pull from it, the integrity and authenticity of what it serves matter to the wider software supply chain.