Is the modern developer akin to a cowboy peppering places with code and containers. They rely on solid ammunition, and that comes from a trusted repository like JFrog Artifactory: it will never provide substandard ammunition. You can trust it.
But what is this trustworthy arsenal we speak of? If we want to learn about the topic, then we need to explore:
JFrog Artifactory is a universal DevOps artifact repository and package management solution that provides end-to-end automation and management of binary artifacts throughout the application delivery process.Eh? In plain language, please! Ok, think of it like a cross between a bank and an ATM: it keeps all your stuff safe in a central place, and it makes your stuff available safely into remote locations. When it comes to “what stuff does it keep safe?”, Artifactory supports a wide range of package formats and integrates seamlessly with popular CI/CD tools, enabling developers and DevOps teams to streamline the process of managing and distributing binary artifacts across the software development lifecycle.
JFrog Artifactory features
The most important features of Artifactory as valued by Cloud Security and DevOps pros, are the ones that help them get Jobs To Be Done:
Universal Repository Manager
“Can it manage all of my stuff?”Artifactory supports a wide range of package formats, including Maven, Docker, NPM, Helm, NuGet, and more.
Efficient Dependency Management
“Software is messy! Can it tell me about vulnerabilitys in upstream packages?”Artifactory allows developers to manage dependencies efficiently, resolve them quickly, and cache remote artifacts locally.
“Is it easy to manage? I want an easier life, not more headaches.”Artifactory provides a highly available, scalable, and secure architecture with multi-site replication, ensuring uninterrupted service and data integrity.
Integration with CI/CD tools
“Can I plug it into our current process — or, even better, improve our process?”Artifactory integrates with popular CI/CD tools like Jenkins, Bamboo, TeamCity, and others, automating the release process.
Access Control and Security
“Please tell me it uses all the standard enterprise security functions?”Artifactory offers role-based access control, LDAP/AD integration, and SAML SSO support, ensuring secure access to artifacts.
“I get it can see inside packages, but what insights can it give about all of my packages?”Artifactory allows the management of metadata associated with artifacts, providing valuable information for release management.
“It’s not going to force me to use Yet Another Storage Backend, is it?”It supports various storage backends, including local file systems, cloud storage providers, and hybrid solutions.
JFrog Artifactory pros and cons
What do Cloud Security and DevOps pros report as the the good and the not so good with Artifactory?
Supports a wide range of package formats, allowing teams to standardize on a single repository manager.
Integrates with popular CI/CD tools, improving efficiency and automation in the software release process.
Offers high availability, disaster recovery, and scalability to support large-scale development projects.
Provides strong access control and security features, ensuring the safe storage and distribution of artifacts.
Integration with JFrog Xray: JFrog Artifactory can be integrated with Xray, allowing for third-party scanning and improving security.
Invisible tool: One of the most valuable features of JFrog Artifactory is that it operates seamlessly in the background, without disrupting other processes.
Fast release and pipeline automation: The solution is designed to provide fast release and pipeline automation, enabling organizations to speed up their software development processes [1, 2].
Can be complex to set up and configure, especially for those new to DevOps practices.
The learning curve may be steep for users unfamiliar with binary repository management.
Artifactory may be more expensive compared to some open-source alternatives.
Performance issues with a large number of artifacts: Users have reported performance problems when dealing with a significant number of artifacts, which may hinder scalability
Software Architects define Artifactory as their central software hub for DevOps.
QA Engineers use the Universal Binary Repository Manager for standards.
What can you do with JFrog Artifactory?
People use Artifactory for:
Managing and storing binary artifacts
Automating package and dependency management
Integrating with CI/CD tools to streamline software releases
Ensuring high availability and disaster recovery of artifacts
Implementing access control and security policies for artifact repositories
Does JFrog Artifactory map to security standards?
Artifactory helps with securing the software supply chain, so it is relevant — even if it doesn’t map directly to specific controls, which are often abstract and high-level — and can be a way to implement and enforce a security policy and standards.
For example, Artifactory can help with OWASP SAMM — read our introduction to OWASP SAMM.
Artifactory also helps achieve compliance with standards such as the Cloud Security Alliance and their Cloud Control Matrix.
The Cloud Controls Matrix (CCM) is a security framework developed by the Cloud Security Alliance (CSA). It provides a standardized set of security controls to help organizations assess the overall security risk when adopting cloud computing services. The CCM covers various domains, including data security, infrastructure, identity and access management, and many more.
When deploying JFrog Artifactory in a cloud environment, you can implement the required security controls and configurations to adhere to CCM guidelines. For example, you can use encryption for data storage and transmission, implement access controls and authentication mechanisms, and monitor logs for security events. By integrating these controls into your Artifactory deployment, you can align your usage of the solution with the CCM’s best practices and recommendations.
JFrog Artifactory, as a binary repository manager, and like many other tools, does not have a 1:1 map to any Cloud Controls Matrix (CCM) control. But when JFrog Artifactory is deployed on cloud infrastructure or as a SaaS solution, it can be integrated with the respective cloud provider’s security and compliance offerings to align with the CCM.
What do JFrog Artifactory practitioners say?
You can find practitioner reviews on G2, Reddit and customer testimonials on JFrog’s own website.
On G2, JFrog Artifactory has been subsumed into the new, holistic Software Supply Chain Platform that also includes XRay and other components. But some of the reviews call out Artifactory:
The Artifactory posts are mostly under /r/devops. You can find the Artifactory posts here.
JFrog Artifactory: What the analysts say
Analysts generally have a positive view of JFrog Artifactory. They appreciate the platform as a secure artifact registry management tool for storing and securing container images. One analyst from the Information Technology & Services industry gave JFrog Artifactory a score of 10 out of 10, highlighting its effectiveness as a software repository management solution for enterprises, available both on-premise and from the cloud.
Additionally, analysts appreciate the integration of JFrog Artifactory with JFrog Xray, a binary scanning tool that helps identify vulnerabilities based on the binaries. JFrog Xray can be easily integrated with regular CI/CD pipelines, allowing organizations to identify potential risks before releasing their products in production . Overall, analysts seem to have a favorable opinion of JFrog Artifactory, appreciating its features, security, and integration capabilities.
Here are some snippets and links to the latest analyst insights for Artifactory:
In the GigaOm Radar for Enterprise CI/CD, JFrog Artifactory talked about Artifactory was joining XRay to create the JFrog platform, which is recognised trend that enterprise customers want more holistic tools rather than lots of piecemeal solutions they need to stitch together.
Strengths highlighted included the integrated JFrog platform which can offer DevSecOps out of the box.
Weaknesses included the costs for SaaS offering and that JFrog Pipelines is designed primarily for Kubernetes targets.
JFrog has been mentioned in several Gartner reports, including the Gartner Magic Quadrant for Application Release Orchestration. Gartner has acknowledged JFrog’s strong capabilities in binary repository management, DevOps toolchain integration, and its comprehensive platform approach.IDC has recognized JFrog as an innovator in the DevOps market, particularly for its efforts in providing an end-to-end platform for binary management, continuous integration, and continuous delivery.
“JFrog Xray is binary scanning tool which basically scan and identify the vulnerability depend on the binaries.This tool is internally run behind the JFrog Artifactory. The tool can be easily integrated with regular CI/CD pipelines. This help in identify the potential risk of vulnerabilites before releasing the product in production.”
“JFrog Artifactory is the single solution for housing and managing all the artifacts, binaries, packages, files, containers, and components for use throughout your software supply chain. JFrog Artifactory serves as your central hub for DevOps, integrating with your tools and processes to improve automation, increase integrity, and incorporate …”
“JFrog SaaS solutions are available as Artifactory Cloud Pro, Cloud Pro X and Enterprise. For dedicated installations of Artifactory Enterprise on your choice of cloud provider, JFrog provides the following: Hosted JFrog Artifactory server with 24/7 SLA Support: JFrog’s SaaS solution provides all the features of Artifactory Pro, selected”