JFrog Artifactory is a “binary artifact repository with a name that is so well known that it is synonymous with artifact repositories in general.” But why is Artifactory the solution chosen by most Fortune 100 companies and millions of developers for their artifact and binary management?
Let’s start by looking at a few elements that make Artifactory so valuable in enterprise software development:
- Universality – Artifactory natively supports 30+ package and file types. It also integrates with practically any build tool, giving full control and enhanced automation of build pipelines.
- Hybrid and multi-cloud – Implement Artifactory in self-hosted and managed environments where all instances are connected, offering the same user experience regardless of how each instance is deployed.
- High availability and uptime – Artifactory can be deployed for optimal availability and resiliency, ensuring uninterrupted access to software components.
- Granular RBAC – Admins can set fine-grained rules for who and how individuals can access repositories in Artifactory, including management at the project level.
- Single System of Record – All binary inputs and outputs of the development process are managed with Artifactory, allowing organizations to trace the composition, construction and movement of every single binary artifact used and produced during development.
Now that we’ve reviewed some of Artifactory’s enterprise-grade capabilities, let’s explore four of the most common use cases where Artifactory serves as a mission-critical piece of infrastructure to accelerate, secure and create visibility into development for our customers.
- The Trusted Source for Curated Artifacts
- Enhancing the Integrity, Reliability, and Speed of CI/CD
- Ensuring Constant Shared Access for Distributed Teams
- Distributing Components to Production Runtimes
1. The Trusted Source for Curated Artifacts
Software development continues to increase its reliance on third-party and open source software (OSS) packages to accelerate development of consumable software. Nearly all applications contain some element of OSS, comprising upwards of 90% of some apps. While OSS has enabled the pace of software innovation and delivery to be faster than ever, it also introduces a significant amount of risk into software supply chains:
- Does the package your developer wants to use contain any vulnerabilities?
- Is it being regularly maintained and an approved license type?
- How do we know it doesn’t contain malicious code?
To combat these risks, enterprises often prevent developers from pulling packages and libraries directly from the internet, which is widely accepted as a security best practice. Instead, Artifactory serves as an intermediary between developers and public registries.
This allows organizations to apply security policies, tools, and efforts to review and approve components before they are released for consumption by developers. In addition, organizations have the option of allowing the use of certain packages or libraries up to a defined stage of development, after which they must be cleared for approval. One example of this approach is allowing packages to be used on a developer’s local machine, but failing a pull request until the vulnerability status of relevant OSS packages is known and approved.
Leveraging Artifactory, organizations can curate an approved set of artifacts available for use by their global development teams. In doing so they mitigate risk by proactively identifying and preventing security issues early in the development process. It also improves productivity by keeping a locally cached set of artifacts always available to the developers who need to access them.
2. Enhancing the Integrity, Reliability, and Speed of CI/CD
Establishing CI/CD pipelines is one of the many practices that has dramatically improved the speed of software delivery. In the simplest terms, CI/CD is a coordinated and automated set of actions taken to ensure that software is suitable for release. CI/CD starts when someone commits code. That triggers a number of automated steps that usually vary dramatically across organizations. In the majority of cases, however, CI/CD steps and actions require some activity against the build output, and this is where Artifactory plays a critical role.
Thanks to its immense flexibility and robustness, Artifactory acts as the central hub of CI/CD processes and the single source of truth for binaries, artifacts, and builds. It serves up required dependencies and builds and records the output of relevant actions as metadata. For example, when a testing tool needs to validate a build, it can access the build directly from Artifactory and respond with the test results.
Speeding up build times and improving the automation of CI/CD processes is a significant benefit that Artifactory delivers to enterprises. In fact, a recent Forrester Consulting Total Economic Impact™ report recently found that Artifactory reduced build time and mean time to error resolution to such an extent that it resulted in an annual time savings of 156 hrs per developer.
As companies and their development teams grow, the number of locations where software is generated and consumed increases exponentially. The rise of microservice architectures has increased the speed of delivering new capabilities, but has also resulted in more complexity to ensure that all services are properly working together. Because of these trends, organizations need to guarantee reliable access to the software packages and artifacts their teams require when collaborating across multiple locations, time zones and services.
With ever increasing internal and external consumption points, the increased load can put a strain on key DevOps tools and infrastructure. Large organizations with multiple development sites need a way to distribute software that can handle the increased load, facilitate fast access on a global scale and respond quickly if any part of the system goes down.
Artifactory enables enterprises to leverage multiple approaches to solve these challenges. Organizations will typically deploy instances of Artifactory close to their development hubs – on prem, in the cloud, or both – and then replicate the required binaries between connected repositories. To achieve this functionality Artifactory supports:
- Pull replication
- Push replication
- Full bi-directional sync with repository federation
- Customizable sync triggers
- On-demand caching via read-only Distribution Edges
Multiple approaches allow organizations to control which components move from one repository to another, while replication retry mechanisms provide high fault tolerance in the case of limited network bandwidth environments.
Artifactory’s checksum-based storage approach supports high-performance replication which is essential for enterprise speed and scale requirements. To this end, many of our Fortune 100 customers enhance artifact distribution via using Distribution Edges.
Taken together, the replication, federation, and distribution capabilities of Artifactory allow organizations to facilitate distributed development that scales globally and minimizes latency to even the most remote, resource-constrained parts of any organization.
4. Distributing Components to Production Runtimes
Organizations may leverage a variety of runtime environments according to their development requirements. The beauty of dynamic runtimes is their capitalization on the benefits promised by cloud computing – adding additional capacity when needed and winding down excess capacity to save costs during latent periods. However, to function properly, dynamic runtimes need to pull the required resources from somewhere. This is where Artifactory comes into play.
Artifactory serves as the enterprise registry for runtime environments. The ability to deploy Artifactory and its distribution edges for high-availability, resiliency, and as close as physically possible to the runtime, paired with the fact that it already has all of an enterprise’s images, helm charts and terraform files. makes it a natural choice for hosting production assets. In addition, since Artifactory is being used to manage all development artifacts, it also provides uninterrupted traceability and auditing for every piece of software built and released into production.
Exploring Artifactory for Your Enterprise Use Case
As the integrated hub of the development ecosystem, enterprise organizations leverage Artifactory as the definitive single source of truth and system of record for software packages, continuously controlling how they flow from development to consumption at maximum speed and scale.
These Artifactory Uses Cases represent some of the challenges that many enterprise DevOps teams face every day. If you are interested in taking DevOps to the next level, then take advantage of our Enterprise Trial to see how you can put Artifactory to work in your development operations.